Merge pull request #3017 from vyos/mergify/bp/sagitta/pr-3016

T6001: add option to disable next-hop-tracking resolve-via-default (backport #3016)

data/templates/frr/zebra.route-map.frr.j2

@@ -1,4 +1,8 @@
 !
+{% if nht.no_resolve_via_default is vyos_defined %}
+no {{ afi }} nht resolve-via-default
+{% endif %}
+!
 {% if protocol is vyos_defined %}
 {%     for protocol_name, protocol_config in protocol.items() %}
 {%         if protocol_name is vyos_defined('ospfv3') %}
@@ -7,3 +11,4 @@
 {{ afi }} protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
 {%     endfor %}
 {% endif %}
+!

data/templates/frr/zebra.vrf.route-map.frr.j2

@@ -6,6 +6,12 @@
 {%             continue %}
 {%         endif %}
 vrf {{ vrf }}
+{%         if vrf_config.ip.nht.no_resolve_via_default is vyos_defined %}
+ no ip nht resolve-via-default
+{%         endif %}
+{%         if vrf_config.ipv6.nht.no_resolve_via_default is vyos_defined %}
+ no ipv6 nht resolve-via-default
+{%         endif %}
 {%         if vrf_config.ip.protocol is vyos_defined %}
 {%             for protocol_name, protocol_config in vrf_config.ip.protocol.items() %}
  ip protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}

interface-definitions/include/system-ip-nht.xml.i

@@ -0,0 +1,15 @@
+<!-- include start from syslog-facility.xml.i -->
+<node name="nht">
+  <properties>
+    <help>Filter Next Hop tracking route resolution</help>
+  </properties>
+  <children>
+    <leafNode name="no-resolve-via-default">
+      <properties>
+        <help>Do not resolve via default route</help>
+        <valueless/>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->

interface-definitions/system_ip.xml.in

@@ -48,6 +48,7 @@
               </leafNode>
             </children>
           </node>
+          #include <include/system-ip-nht.xml.i>
           <node name="tcp">
             <properties>
               <help>IPv4 TCP parameters</help>

interface-definitions/system_ipv6.xml.in

@@ -36,6 +36,7 @@
               #include <include/arp-ndp-table-size.xml.i>
             </children>
           </node>
+          #include <include/system-ip-nht.xml.i>
           #include <include/system-ipv6-protocol.xml.i>
           <leafNode name="strict-dad">
             <properties>

interface-definitions/vrf.xml.in

@@ -34,6 +34,7 @@
             </properties>
             <children>
               #include <include/interface/disable-forwarding.xml.i>
+              #include <include/system-ip-nht.xml.i>
               #include <include/system-ip-protocol.xml.i>
             </children>
           </node>
@@ -43,6 +44,7 @@
             </properties>
             <children>
               #include <include/interface/disable-forwarding.xml.i>
+              #include <include/system-ip-nht.xml.i>
               #include <include/system-ipv6-protocol.xml.i>
             </children>
           </node>

smoketest/scripts/cli/test_system_ip.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -120,5 +120,18 @@ def test_system_ip_protocol_non_existing_route_map(self):
         # Commit again
         self.cli_commit()
 
+    def test_system_ip_nht(self):
+        self.cli_set(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config applied to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertIn(f'no ip nht resolve-via-default', frrconfig)
+
+        self.cli_delete(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config removed to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertNotIn(f'no ip nht resolve-via-default', frrconfig)
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)

smoketest/scripts/cli/test_system_ipv6.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021-2023 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -131,5 +131,18 @@ def test_system_ipv6_protocol_non_existing_route_map(self):
         # Commit again
         self.cli_commit()
 
+    def test_system_ipv6_nht(self):
+        self.cli_set(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config applied to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertIn(f'no ipv6 nht resolve-via-default', frrconfig)
+
+        self.cli_delete(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config removed to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertNotIn(f'no ipv6 nht resolve-via-default', frrconfig)
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)

smoketest/scripts/cli/test_vrf.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -495,6 +495,39 @@ def test_vrf_vni_add_change_remove(self):
             frrconfig = self.getFRRconfig(f'vrf {vrf}')
             self.assertNotIn('vni', frrconfig)
 
+    def test_vrf_ip_ipv6_nht(self):
+        table = '6910'
+
+        for vrf in vrfs:
+            base = base_path + ['name', vrf]
+            self.cli_set(base + ['table', table])
+            self.cli_set(base + ['ip', 'nht', 'no-resolve-via-default'])
+            self.cli_set(base + ['ipv6', 'nht', 'no-resolve-via-default'])
+
+            table = str(int(table) + 1)
+
+        self.cli_commit()
+
+        # Verify route-map properly applied to FRR
+        for vrf in vrfs:
+            frrconfig = self.getFRRconfig(f'vrf {vrf}', daemon='zebra')
+            self.assertIn(f'vrf {vrf}', frrconfig)
+            self.assertIn(f' no ip nht resolve-via-default', frrconfig)
+            self.assertIn(f' no ipv6 nht resolve-via-default', frrconfig)
+
+        # Delete route-maps
+        for vrf in vrfs:
+            base = base_path + ['name', vrf]
+            self.cli_delete(base + ['ip'])
+            self.cli_delete(base + ['ipv6'])
+
+        self.cli_commit()
+
+        # Verify route-map properly is removed from FRR
+        for vrf in vrfs:
+            frrconfig = self.getFRRconfig(f'vrf {vrf}', daemon='zebra')
+            self.assertNotIn(f' no ip nht resolve-via-default', frrconfig)
+            self.assertNotIn(f' no ipv6 nht resolve-via-default', frrconfig)
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)

src/conf_mode/system_ip.py

@@ -127,6 +127,7 @@ def apply(opt):
 
         # The route-map used for the FIB (zebra) is part of the zebra daemon
         frr_cfg.load_configuration(zebra_daemon)
+        frr_cfg.modify_section(r'no ip nht resolve-via-default')
         frr_cfg.modify_section(r'ip protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
         if 'frr_zebra_config' in opt:
             frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])

src/conf_mode/system_ipv6.py

@@ -104,6 +104,7 @@ def apply(opt):
 
         # The route-map used for the FIB (zebra) is part of the zebra daemon
         frr_cfg.load_configuration(zebra_daemon)
+        frr_cfg.modify_section(r'no ipv6 nht resolve-via-default')
         frr_cfg.modify_section(r'ipv6 protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
         if 'frr_zebra_config' in opt:
             frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])