Merge pull request #12332 from FRRouting/mergify/bp/stable/8.4/pr-12309

bgpd: fix invalid ipv4-vpn nexthop for IPv6 peer (backport #12309)

bgpd/bgp_attr.c

@@ -3736,13 +3736,6 @@ size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
 		} break;
 		case SAFI_MPLS_VPN: {
 			if (attr->mp_nexthop_len
-			    == BGP_ATTR_NHLEN_IPV6_GLOBAL) {
-				stream_putc(s, 24);
-				stream_putl(s, 0); /* RD = 0, per RFC */
-				stream_putl(s, 0);
-				stream_put(s, &attr->mp_nexthop_global,
-					   IPV6_MAX_BYTELEN);
-			} else if (attr->mp_nexthop_len
 				   == BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) {
 				stream_putc(s, 48);
 				stream_putl(s, 0); /* RD = 0, per RFC */
@@ -3753,6 +3746,12 @@ size_t bgp_packet_mpattr_start(struct stream *s, struct peer *peer, afi_t afi,
 				stream_putl(s, 0);
 				stream_put(s, &attr->mp_nexthop_local,
 					   IPV6_MAX_BYTELEN);
+			} else {
+				stream_putc(s, 24);
+				stream_putl(s, 0); /* RD = 0, per RFC */
+				stream_putl(s, 0);
+				stream_put(s, &attr->mp_nexthop_global,
+					   IPV6_MAX_BYTELEN);
 			}
 		} break;
 		case SAFI_ENCAP:

tests/topotests/bgp_srv6l3vpn_over_ipv6/c11/staticd.conf

@@ -0,0 +1,4 @@
+!
+ip route 0.0.0.0/0 192.168.1.254
+ipv6 route ::/0 2001:1::ffff
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/c11/zebra.conf

@@ -0,0 +1,6 @@
+hostname c11
+!
+interface eth0
+ ip address 192.168.1.1/24
+ ipv6 address 2001:1::1/64
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/c12/staticd.conf

@@ -0,0 +1,4 @@
+!
+ip route 0.0.0.0/0 192.168.1.254
+ipv6 route ::/0 2001:1::ffff
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/c12/zebra.conf

@@ -0,0 +1,6 @@
+hostname c12
+!
+interface eth0
+ ip address 192.168.1.1/24
+ ipv6 address 2001:1::1/64
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/c21/staticd.conf

@@ -0,0 +1,4 @@
+!
+ip route 0.0.0.0/0 192.168.2.254
+ipv6 route ::/0 2001:2::ffff
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/c21/zebra.conf

@@ -0,0 +1,6 @@
+hostname c21
+!
+interface eth0
+ ip address 192.168.2.1/24
+ ipv6 address 2001:2::1/64
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/c22/staticd.conf

@@ -0,0 +1,5 @@
+
+!
+ip route 0.0.0.0/0 192.168.2.254
+ipv6 route ::/0 2001:2::ffff
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/c22/zebra.conf

@@ -0,0 +1,9 @@
+hostname c22
+!
+interface eth0
+ ip address 192.168.2.1/24
+ ipv6 address 2001:2::1/64
+!
+ip route 0.0.0.0/0 192.168.2.254
+ipv6 route ::/0 2001:2::ffff
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/r1/bgpd.conf

@@ -0,0 +1,52 @@
+frr defaults traditional
+!
+hostname r1
+password zebra
+!
+log stdout notifications
+log monitor notifications
+log commands
+!
+router bgp 65001
+ bgp router-id 192.0.2.1
+ no bgp ebgp-requires-policy
+ no bgp default ipv4-unicast
+ neighbor 2001:db8::2 remote-as 65002
+ neighbor 2001:db8::2 timers 3 10
+ neighbor 2001:db8::2 timers connect 1
+ neighbor 2001:db8::2 capability extended-nexthop
+ !
+ segment-routing srv6
+  locator default
+ !
+ address-family ipv4 vpn
+  neighbor 2001:db8::2 activate
+ exit-address-family
+ !
+!
+router bgp 65001 vrf vrf10
+ bgp router-id 192.0.2.1
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  sid vpn export 1
+  rd vpn export 65001:10
+  rt vpn both 0:10
+  import vpn
+  export vpn
+ exit-address-family
+ !
+!
+router bgp 65001 vrf vrf20
+ bgp router-id 192.0.2.1
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  sid vpn export 2
+  rd vpn export 65001:20
+  rt vpn both 0:20
+  import vpn
+  export vpn
+ exit-address-family
+ !
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/r1/staticd.conf

@@ -0,0 +1,3 @@
+!
+ipv6 route 2001:db8:2:2::/64 2001:db8::2
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/r1/zebra.conf

@@ -0,0 +1,29 @@
+log file zebra.log
+!
+hostname r1
+!
+interface lo
+ ipv6 address 2001:db8:1:1::1/128
+!
+interface eth0
+ ipv6 address 2001:db8::1/64
+!
+interface eth1 vrf vrf10
+ ip address 192.168.1.254/24
+!
+interface eth2 vrf vrf20
+ ip address 192.168.1.254/24
+!
+segment-routing
+ srv6
+  locators
+   locator default
+    prefix 2001:db8:1:1::/64
+  !
+ !
+!
+ip forwarding
+ipv6 forwarding
+!
+line vty
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/r2/bgpd.conf

@@ -0,0 +1,52 @@
+frr defaults traditional
+!
+hostname r2
+password zebra
+!
+log stdout notifications
+log monitor notifications
+log commands
+!
+router bgp 65002
+ bgp router-id 192.0.2.2
+ no bgp ebgp-requires-policy
+ no bgp default ipv4-unicast
+ neighbor 2001:db8::1 remote-as 65001
+ neighbor 2001:db8::1 timers 3 10
+ neighbor 2001:db8::1 timers connect 1
+ neighbor 2001:db8::1 capability extended-nexthop
+ !
+ segment-routing srv6
+  locator default
+ !
+ address-family ipv4 vpn
+  neighbor 2001:db8::1 activate
+ exit-address-family
+ !
+!
+router bgp 65002 vrf vrf10
+ bgp router-id 192.0.2.2
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  sid vpn export 1
+  rd vpn export 65002:10
+  rt vpn both 0:10
+  import vpn
+  export vpn
+ exit-address-family
+ !
+!
+router bgp 65002 vrf vrf20
+ bgp router-id 192.0.2.2
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  sid vpn export 2 
+  rd vpn export 65002:20
+  rt vpn both 0:20
+  import vpn
+  export vpn
+ exit-address-family
+ !
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/r2/staticd.conf

@@ -0,0 +1,3 @@
+!
+ipv6 route 2001:db8:1:1::/64 2001:db8::1
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/r2/zebra.conf

@@ -0,0 +1,29 @@
+log file zebra.log
+!
+hostname r2
+!
+interface lo
+ ipv6 address 2001:db8:2:2::1/128
+!
+interface eth0
+ ipv6 address 2001:db8::2/64
+!
+interface eth1 vrf vrf10
+ ip address 192.168.2.254/24
+!
+interface eth2 vrf vrf20
+ ip address 192.168.2.254/24
+!
+segment-routing
+ srv6
+  locators
+   locator default
+    prefix 2001:db8:2:2::/64
+  !
+ !
+!
+ip forwarding
+ipv6 forwarding
+!
+line vty
+!

tests/topotests/bgp_srv6l3vpn_over_ipv6/test_bgp_srv6l3vpn_over_ipv6.py

@@ -0,0 +1,128 @@
+#!/usr/bin/env python
+
+#
+# Part of NetDEF Topology Tests
+#
+# Copyright (c) 2018, LabN Consulting, L.L.C.
+# Authored by Lou Berger <[email protected]>
+#
+# Permission to use, copy, modify, and/or distribute this software
+# for any purpose with or without fee is hereby granted, provided
+# that the above copyright notice and this permission notice appear
+# in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
+# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
+# OF THIS SOFTWARE.
+#
+
+import os
+import re
+import sys
+import json
+import functools
+import pytest
+
+CWD = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(os.path.join(CWD, "../"))
+
+# pylint: disable=C0413
+# Import topogen and topotest helpers
+from lib import topotest
+from lib.topogen import Topogen, TopoRouter, get_topogen
+from lib.topolog import logger
+from lib.common_config import required_linux_kernel_version
+
+pytestmark = [pytest.mark.bgpd]
+
+
+def build_topo(tgen):
+    tgen.add_router("r1")
+    tgen.add_router("r2")
+
+    tgen.add_router("c11")
+    tgen.add_router("c12")
+    tgen.add_router("c21")
+    tgen.add_router("c22")
+
+    tgen.add_link(tgen.gears["r1"], tgen.gears["r2"], "eth0", "eth0")
+    tgen.add_link(tgen.gears["r1"], tgen.gears["c11"], "eth1", "eth0")
+    tgen.add_link(tgen.gears["r1"], tgen.gears["c12"], "eth2", "eth0")
+    tgen.add_link(tgen.gears["r2"], tgen.gears["c21"], "eth1", "eth0")
+    tgen.add_link(tgen.gears["r2"], tgen.gears["c22"], "eth2", "eth0")
+
+
+def setup_module(mod):
+    result = required_linux_kernel_version("5.15")
+    if result is not True:
+        pytest.skip("Kernel requirements are not met")
+
+    tgen = Topogen(build_topo, mod.__name__)
+    tgen.start_topology()
+
+    for rname, router in tgen.routers().items():
+        router.load_config(TopoRouter.RD_ZEBRA,
+                           os.path.join(CWD, '{}/zebra.conf'.format(rname)))
+        router.load_config(TopoRouter.RD_STATIC,
+                           os.path.join(CWD, '{}/staticd.conf'.format(rname)))
+        router.load_config(TopoRouter.RD_BGP,
+                           os.path.join(CWD, '{}/bgpd.conf'.format(rname)))
+
+    tgen.gears["r1"].run("sysctl net.vrf.strict_mode=1")
+    tgen.gears["r1"].run("ip link add vrf10 type vrf table 10")
+    tgen.gears["r1"].run("ip link set vrf10 up")
+    tgen.gears["r1"].run("ip link add vrf20 type vrf table 20")
+    tgen.gears["r1"].run("ip link set vrf20 up")
+    tgen.gears["r1"].run("ip link set eth1 master vrf10")
+    tgen.gears["r1"].run("ip link set eth2 master vrf20")
+
+    tgen.gears["r2"].run("sysctl net.vrf.strict_mode=1")
+    tgen.gears["r2"].run("ip link add vrf10 type vrf table 10")
+    tgen.gears["r2"].run("ip link set vrf10 up")
+    tgen.gears["r2"].run("ip link add vrf20 type vrf table 20")
+    tgen.gears["r2"].run("ip link set vrf20 up")
+    tgen.gears["r2"].run("ip link set eth1 master vrf10")
+    tgen.gears["r2"].run("ip link set eth2 master vrf20")
+
+    tgen.start_router()
+
+
+def teardown_module(mod):
+    tgen = get_topogen()
+    tgen.stop_topology()
+
+
+def check_ping4(name, dest_addr, expected):
+    def _check(name, dest_addr, match):
+        tgen = get_topogen()
+        output = tgen.gears[name].run("ping {} -c 1 -w 1".format(dest_addr))
+        logger.info(output)
+        if match not in output:
+            return "ping fail"
+
+    match = ", {} packet loss".format("0%" if expected else "100%")
+    logger.info("[+] check {} {} {}".format(name, dest_addr, match))
+    tgen = get_topogen()
+    func = functools.partial(_check, name, dest_addr, match)
+    success, result = topotest.run_and_expect(func, None, count=10, wait=1)
+    assert result is None, "Failed"
+
+
+def test_ping():
+    tgen = get_topogen()
+    logger.info(tgen.gears["c11"].run("ip route show"))
+    # tests for ipv4-vpn
+    check_ping4("c11", "192.168.2.1", True)
+    check_ping4("c12", "192.168.2.1", True)
+    check_ping4("c21", "192.168.1.1", True)
+    check_ping4("c22", "192.168.1.1", True)
+
+
+if __name__ == "__main__":
+    args = ["-s"] + sys.argv[1:]
+    sys.exit(pytest.main(args))