bgpd: vpn-vrf route leaking

    - add "debug bgp vpn label" CLI
    - improved debug messages for "debug bgp bestpath"
    - send vrf label to zebra after zebra informs bgpd of vrf_id
    - withdraw vrf_label from zebra if zebra informs bgpd that vrf_id is disabled
Signed-off-by: G. Paul Ziemba <paulz@labn.net>

bgpd/bgp_debug.c

@@ -55,6 +55,7 @@ unsigned long conf_bgp_debug_zebra;
 unsigned long conf_bgp_debug_allow_martians;
 unsigned long conf_bgp_debug_nht;
 unsigned long conf_bgp_debug_update_groups;
+unsigned long conf_bgp_debug_vpn;
 
 unsigned long term_bgp_debug_as4;
 unsigned long term_bgp_debug_neighbor_events;
@@ -68,6 +69,7 @@ unsigned long term_bgp_debug_zebra;
 unsigned long term_bgp_debug_allow_martians;
 unsigned long term_bgp_debug_nht;
 unsigned long term_bgp_debug_update_groups;
+unsigned long term_bgp_debug_vpn;
 
 struct list *bgp_debug_neighbor_events_peers = NULL;
 struct list *bgp_debug_keepalive_peers = NULL;
@@ -1557,6 +1559,96 @@ DEFUN (no_debug_bgp_update_groups,
 	return CMD_SUCCESS;
 }
 
+DEFUN (debug_bgp_vpn,
+       debug_bgp_vpn_cmd,
+       "debug bgp vpn <leak-from-vrf|leak-to-vrf|rmap-event|label>",
+       DEBUG_STR
+       BGP_STR
+       "VPN routes\n"
+       "leaked from vrf to vpn\n"
+       "leaked to vrf from vpn\n"
+       "route-map updates\n"
+       "labels\n")
+{
+	int idx = 3;
+
+	if (argv_find(argv, argc, "leak-from-vrf", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_ON(vpn, VPN_LEAK_FROM_VRF);
+		else
+			TERM_DEBUG_ON(vpn, VPN_LEAK_FROM_VRF);
+	} else if (argv_find(argv, argc, "leak-to-vrf", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_ON(vpn, VPN_LEAK_TO_VRF);
+		else
+			TERM_DEBUG_ON(vpn, VPN_LEAK_TO_VRF);
+	} else if (argv_find(argv, argc, "rmap-event", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_ON(vpn, VPN_LEAK_RMAP_EVENT);
+		else
+			TERM_DEBUG_ON(vpn, VPN_LEAK_RMAP_EVENT);
+	} else if (argv_find(argv, argc, "label", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_ON(vpn, VPN_LEAK_LABEL);
+		else
+			TERM_DEBUG_ON(vpn, VPN_LEAK_LABEL);
+	} else {
+		vty_out(vty, "%% unknown debug bgp vpn keyword\n");
+		return CMD_WARNING_CONFIG_FAILED;
+	}
+
+	if (vty->node != CONFIG_NODE)
+		vty_out(vty, "enabled debug bgp vpn %s\n", argv[idx]->text);
+
+	return CMD_SUCCESS;
+}
+
+DEFUN (no_debug_bgp_vpn,
+       no_debug_bgp_vpn_cmd,
+       "no debug bgp vpn <leak-from-vrf|leak-to-vrf|rmap-event|label>",
+       NO_STR
+       DEBUG_STR
+       BGP_STR
+       "VPN routes\n"
+       "leaked from vrf to vpn\n"
+       "leaked to vrf from vpn\n"
+       "route-map updates\n"
+       "labels\n")
+{
+	int idx = 4;
+
+	if (argv_find(argv, argc, "leak-from-vrf", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_OFF(vpn, VPN_LEAK_FROM_VRF);
+		else
+			TERM_DEBUG_OFF(vpn, VPN_LEAK_FROM_VRF);
+
+	} else if (argv_find(argv, argc, "leak-to-vrf", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_OFF(vpn, VPN_LEAK_TO_VRF);
+		else
+			TERM_DEBUG_OFF(vpn, VPN_LEAK_TO_VRF);
+	} else if (argv_find(argv, argc, "rmap-event", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_OFF(vpn, VPN_LEAK_RMAP_EVENT);
+		else
+			TERM_DEBUG_OFF(vpn, VPN_LEAK_RMAP_EVENT);
+	} else if (argv_find(argv, argc, "label", &idx)) {
+		if (vty->node == CONFIG_NODE)
+			DEBUG_OFF(vpn, VPN_LEAK_LABEL);
+		else
+			TERM_DEBUG_OFF(vpn, VPN_LEAK_LABEL);
+	} else {
+		vty_out(vty, "%% unknown debug bgp vpn keyword\n");
+		return CMD_WARNING_CONFIG_FAILED;
+	}
+
+	if (vty->node != CONFIG_NODE)
+		vty_out(vty, "disabled debug bgp vpn %s\n", argv[idx]->text);
+
+	return CMD_SUCCESS;
+}
+
 DEFUN (no_debug_bgp,
        no_debug_bgp_cmd,
        "no debug bgp",
@@ -1589,6 +1681,10 @@ DEFUN (no_debug_bgp,
 	TERM_DEBUG_OFF(zebra, ZEBRA);
 	TERM_DEBUG_OFF(allow_martians, ALLOW_MARTIANS);
 	TERM_DEBUG_OFF(nht, NHT);
+	TERM_DEBUG_OFF(vpn, VPN_LEAK_FROM_VRF);
+	TERM_DEBUG_OFF(vpn, VPN_LEAK_TO_VRF);
+	TERM_DEBUG_OFF(vpn, VPN_LEAK_RMAP_EVENT);
+	TERM_DEBUG_OFF(vpn, VPN_LEAK_LABEL);
 	vty_out(vty, "All possible debugging has been turned off\n");
 
 	return CMD_SUCCESS;
@@ -1648,6 +1744,18 @@ DEFUN_NOSH (show_debugging_bgp,
 
 	if (BGP_DEBUG(allow_martians, ALLOW_MARTIANS))
 		vty_out(vty, "  BGP allow martian next hop debugging is on\n");
+
+	if (BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF))
+		vty_out(vty,
+			"  BGP route leak from vrf to vpn debugging is on\n");
+	if (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF))
+		vty_out(vty,
+			"  BGP route leak to vrf from vpn debugging is on\n");
+	if (BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT))
+		vty_out(vty, "  BGP vpn route-map event debugging is on\n");
+	if (BGP_DEBUG(vpn, VPN_LEAK_LABEL))
+		vty_out(vty, "  BGP vpn label event debugging is on\n");
+
 	vty_out(vty, "\n");
 	return CMD_SUCCESS;
 }
@@ -1692,6 +1800,15 @@ int bgp_debug_count(void)
 	if (BGP_DEBUG(allow_martians, ALLOW_MARTIANS))
 		ret++;
 
+	if (BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF))
+		ret++;
+	if (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF))
+		ret++;
+	if (BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT))
+		ret++;
+	if (BGP_DEBUG(vpn, VPN_LEAK_LABEL))
+		ret++;
+
 	return ret;
 }
 
@@ -1768,6 +1885,23 @@ static int bgp_config_write_debug(struct vty *vty)
 		write++;
 	}
 
+	if (CONF_BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF)) {
+		vty_out(vty, "debug bgp vpn leak-from-vrf\n");
+		write++;
+	}
+	if (CONF_BGP_DEBUG(vpn, VPN_LEAK_TO_VRF)) {
+		vty_out(vty, "debug bgp vpn leak-to-vrf\n");
+		write++;
+	}
+	if (CONF_BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT)) {
+		vty_out(vty, "debug bgp vpn rmap-event\n");
+		write++;
+	}
+	if (CONF_BGP_DEBUG(vpn, VPN_LEAK_LABEL)) {
+		vty_out(vty, "debug bgp vpn label\n");
+		write++;
+	}
+
 	return write;
 }
 
@@ -1861,6 +1995,11 @@ void bgp_debug_init(void)
 	install_element(CONFIG_NODE, &no_debug_bgp_bestpath_cmd);
 	install_element(ENABLE_NODE, &no_debug_bgp_bestpath_prefix_cmd);
 	install_element(CONFIG_NODE, &no_debug_bgp_bestpath_prefix_cmd);
+
+	install_element(ENABLE_NODE, &debug_bgp_vpn_cmd);
+	install_element(CONFIG_NODE, &debug_bgp_vpn_cmd);
+	install_element(ENABLE_NODE, &no_debug_bgp_vpn_cmd);
+	install_element(CONFIG_NODE, &no_debug_bgp_vpn_cmd);
 }
 
 /* Return true if this prefix is on the per_prefix_list of prefixes to debug

bgpd/bgp_debug.h

@@ -72,6 +72,7 @@ extern unsigned long conf_bgp_debug_zebra;
 extern unsigned long conf_bgp_debug_allow_martians;
 extern unsigned long conf_bgp_debug_nht;
 extern unsigned long conf_bgp_debug_update_groups;
+extern unsigned long conf_bgp_debug_vpn;
 
 extern unsigned long term_bgp_debug_as4;
 extern unsigned long term_bgp_debug_neighbor_events;
@@ -83,6 +84,7 @@ extern unsigned long term_bgp_debug_zebra;
 extern unsigned long term_bgp_debug_allow_martians;
 extern unsigned long term_bgp_debug_nht;
 extern unsigned long term_bgp_debug_update_groups;
+extern unsigned long term_bgp_debug_vpn;
 
 extern struct list *bgp_debug_neighbor_events_peers;
 extern struct list *bgp_debug_keepalive_peers;
@@ -111,6 +113,10 @@ struct bgp_debug_filter {
 #define BGP_DEBUG_ALLOW_MARTIANS      0x01
 #define BGP_DEBUG_NHT                 0x01
 #define BGP_DEBUG_UPDATE_GROUPS       0x01
+#define BGP_DEBUG_VPN_LEAK_FROM_VRF   0x01
+#define BGP_DEBUG_VPN_LEAK_TO_VRF     0x02
+#define BGP_DEBUG_VPN_LEAK_RMAP_EVENT 0x04
+#define BGP_DEBUG_VPN_LEAK_LABEL      0x08
 
 #define BGP_DEBUG_PACKET_SEND         0x01
 #define BGP_DEBUG_PACKET_SEND_DETAIL  0x02

bgpd/bgp_main.c

@@ -265,6 +265,8 @@ static int bgp_vrf_enable(struct vrf *vrf)
 		if (old_vrf_id != bgp->vrf_id)
 			bgp_update_redist_vrf_bitmaps(bgp, old_vrf_id);
 		bgp_instance_up(bgp);
+		vpn_leak_zebra_vrf_label_update(bgp, AFI_IP);
+		vpn_leak_zebra_vrf_label_update(bgp, AFI_IP6);
 	}
 
 	return 0;
@@ -283,6 +285,10 @@ static int bgp_vrf_disable(struct vrf *vrf)
 
 	bgp = bgp_lookup_by_name(vrf->name);
 	if (bgp) {
+
+		vpn_leak_zebra_vrf_label_withdraw(bgp, AFI_IP);
+		vpn_leak_zebra_vrf_label_withdraw(bgp, AFI_IP6);
+
 		old_vrf_id = bgp->vrf_id;
 		bgp_handle_socket(bgp, vrf, VRF_UNKNOWN, false);
 		/* We have instance configured, unlink from VRF and make it