Route updates for default route in ip_fabric vrf should not be done

In k8s, network policy is enabled between pod-network and ip-fabric network. When logical router is enabled for pod-network for snat, default route would be injected in pod-network. Due to the policy, it is updated to ip-fabric vrf which inturn causes host unreachablity. Some routes in ip-fabric vrf specific to nodes which have to be protected from being updated by bgp peers. Added code to ignore updates for default route, vhost route, vhost subnet route in ip-fabric vrf. Change-Id: I22bba1be6106896b07c7d07d95d810eebb079ea1 Closes-bug: #1735590
Juniper · May 30, 2018 · db0f7f7 · db0f7f7
1 parent 6273353
commit db0f7f7
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/src/vnsw/agent/cmn/agent.h b/src/vnsw/agent/cmn/agent.h
@@ -591,6 +591,11 @@ class Agent {
     }
 
     // VHOST related
+    Ip4Address vhost_prefix() const {return prefix_;}
+    void set_vhost_prefix(const Ip4Address &addr) {
+        prefix_ = addr;
+    }
+
     uint32_t vhost_prefix_len() const {return prefix_len_;}
     void set_vhost_prefix_len(uint32_t plen) {prefix_len_ = plen;}
 
@@ -1353,6 +1358,7 @@ class Agent {
     IntfMirrorCfgTable *intf_mirror_cfg_table_;
 
     Ip4Address router_id_;
+    Ip4Address prefix_;
     uint32_t prefix_len_;
     Ip4Address gateway_id_;
 

diff --git a/src/vnsw/agent/controller/controller_peer.cc b/src/vnsw/agent/controller/controller_peer.cc
@@ -988,6 +988,23 @@ void AgentXmppChannel::AddRemoteRoute(string vrf_name, IpAddress prefix_addr,
         return;
     }
 
+    if (vrf_name == agent_->fabric_policy_vrf_name() && prefix_addr.is_v4()) {
+         //Dont override the below routes in ip_fabric vrf
+         //default route
+         //vhost route
+         //vhost subnet routes
+        if (prefix_addr.to_v4() == Ip4Address(0) && prefix_len == 0) {
+            return;
+        }
+        if (prefix_addr == agent_->router_id() && prefix_len == 32) {
+            return;
+        }
+        if (prefix_addr == agent_->vhost_prefix() &&
+            prefix_len >= agent_->vhost_prefix_len()) {
+            return;
+        }
+    }
+
     if (agent_->router_id() != addr.to_v4()) {
         EcmpLoadBalance ecmp_load_balance;
         GetEcmpHashFieldsToUse(item, ecmp_load_balance);

diff --git a/src/vnsw/agent/init/contrail_init_common.cc b/src/vnsw/agent/init/contrail_init_common.cc
@@ -197,6 +197,7 @@ void ContrailInitCommon::CreateInterfaces() {
     assert(table->FindActiveEntry(&physical_key));
 
     agent()->set_router_id(agent_param()->vhost_addr());
+    agent()->set_vhost_prefix(agent_param()->vhost_prefix());
     agent()->set_vhost_prefix_len(agent_param()->vhost_plen());
     agent()->set_vhost_default_gateway(agent_param()->vhost_gw());
     if (agent_param()->crypt_port() != "") {