From da0b589e7bbcd8177702caa925063d36e7f316ec Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Tue, 27 Sep 2022 16:13:27 +0200 Subject: [PATCH] BGP: Some fixes related to VRF and MPLS interactions - When next hop is reset to local IP, we should remove BGP label stack, as it is related to original next hop - BGP next hop or immediate next hop from one VRF should not be passed to another VRF, as they are different IP namespaces --- proto/bgp/packets.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index fc23897d..8087608a 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -1112,6 +1112,10 @@ bgp_use_next_hop(struct bgp_export_state *s, eattr *a) if ((ipa_is_ip4(*nh) != bgp_channel_is_ipv4(c)) && !c->ext_next_hop) return 0; + /* Do not pass NEXT_HOP between different VRFs */ + if (p->p.vrf_set && s->src && s->src->p.vrf_set && (p->p.vrf != s->src->p.vrf)) + return 0; + /* Keep it when exported to internal peers */ if (p->is_interior && ipa_nonzero(*nh)) return 1; @@ -1141,6 +1145,10 @@ bgp_use_gateway(struct bgp_export_state *s) if ((ipa_is_ip4(ra->nh.gw) != bgp_channel_is_ipv4(c)) && !c->ext_next_hop) return 0; + /* Do not use gateway from different VRF */ + if (p->p.vrf_set && ra->nh.iface && (p->p.vrf != ra->nh.iface->master)) + return 0; + /* Use it when exported to internal peers */ if (p->is_interior) return 1; @@ -1167,6 +1175,8 @@ bgp_update_next_hop_ip(struct bgp_export_state *s, eattr *a, ea_list **to) uint lnum = ra->nh.labels ? ra->nh.labels : 1; bgp_set_attr_data(to, s->pool, BA_MPLS_LABEL_STACK, 0, labels, lnum * 4); } + else + bgp_unset_attr(to, s->pool, BA_MPLS_LABEL_STACK); } else { @@ -1180,6 +1190,8 @@ bgp_update_next_hop_ip(struct bgp_export_state *s, eattr *a, ea_list **to) u32 implicit_null = BGP_MPLS_NULL; bgp_set_attr_data(to, s->pool, BA_MPLS_LABEL_STACK, 0, &implicit_null, 4); } + else + bgp_unset_attr(to, s->pool, BA_MPLS_LABEL_STACK); } }