From 7a3d7e5f5562b49fd618d8c4ee6b71d9ba71fb11 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 3 Aug 2023 04:47:39 +0000 Subject: [PATCH 01/22] Fix the Loopback0 IPv6 address of LC's in chassis not reachable from peer device's Signed-off-by: Abhishek Dosi --- dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 | 3 +++ .../data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf | 1 + .../tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf | 1 + 3 files changed, 5 insertions(+) diff --git a/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 index 1e564579e30f..793ab055c215 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 @@ -104,6 +104,9 @@ router bgp {{ DEVICE_METADATA['localhost']['bgp_asn'] }} network {{ get_ipv6_loopback_address(LOOPBACK_INTERFACE, "Loopback0") | ip }}/128 {% else %} network {{ get_ipv6_loopback_address(LOOPBACK_INTERFACE, "Loopback0") | ip }}/64 +{% if DEVICE_METADATA['localhost']['switch_type'] == 'voq' or DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} + network {{ get_ipv6_loopback_address(LOOPBACK_INTERFACE, "Loopback0") | ip }}/128 route-map HIDE_INTERNAL +{% endif %} {% endif %} exit-address-family {% endif %} diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf index 0f7f227e0e2c..6b2e1f257948 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf @@ -47,6 +47,7 @@ router bgp 55555 ! address-family ipv6 network fc00::1/64 + network fc00::1/128 route-map HIDE_INTERNAL exit-address-family ! network 10.10.10.1/24 diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf index ef28d67c1c9d..efd45eda1ea9 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf @@ -48,6 +48,7 @@ router bgp 55555 ! address-family ipv6 network fc00::1/64 + network fc00::1/128 route-map HIDE_INTERNAL exit-address-family address-family ipv6 network fc00::2/128 route-map HIDE_INTERNAL From 8d9dbb61f477762b56774980ac26d3561b4bca50 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 17 Aug 2023 14:54:26 +0000 Subject: [PATCH 02/22] Added change to have flag Signed-off-by: Abhishek Dosi --- files/build_templates/sonic_version.yml.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/files/build_templates/sonic_version.yml.j2 b/files/build_templates/sonic_version.yml.j2 index 8b829feeed00..510b3d3c6044 100644 --- a/files/build_templates/sonic_version.yml.j2 +++ b/files/build_templates/sonic_version.yml.j2 @@ -30,3 +30,8 @@ built_by: {{ built_by }} asan: 'yes' {% endif -%} sonic_os_version: {{ sonic_os_version }} +{% if SECURE_UPGRADE_MODE == "dev" or SECURE_UPGRADE_MODE == "prod" -%} +secure_boot_image: 'yes' +{% else -%} +secure_boot_image: 'no' +{% endif -%} From 4e8b1014c13bf4ec28df3bb9001372002caca225 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 31 Aug 2023 20:53:13 +0000 Subject: [PATCH 03/22] Assign the metric vaule for Ipv6 default route learnt via RA message to higher value so that BGP learnt default route is higher priority. Signed-off-by: Abhishek Dosi --- files/dhcp/90-dhcp6-systcl.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/files/dhcp/90-dhcp6-systcl.conf.j2 b/files/dhcp/90-dhcp6-systcl.conf.j2 index addb94675258..13ad9bead9c7 100644 --- a/files/dhcp/90-dhcp6-systcl.conf.j2 +++ b/files/dhcp/90-dhcp6-systcl.conf.j2 @@ -5,3 +5,4 @@ net.ipv6.conf.eth0.accept_ra = 0 net.ipv6.conf.eth0.accept_ra_defrtr = 1 net.ipv6.conf.eth0.accept_ra = 1 {% endif %} +net.ipv6.conf.eth0.ra_defrtr_metric=1996489704 From fcbd38d8ec0c2f8f92a8d61c3e8c694b7fa489e2 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Fri, 8 Sep 2023 15:51:23 +0000 Subject: [PATCH 04/22] Add alternate name for bridge interface on supversior in chassis systrem Signed-off-by: Abhishek Dosi --- files/build_templates/docker_image_ctl.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2 index 546eb24cb629..ca9679ccd9b2 100644 --- a/files/build_templates/docker_image_ctl.j2 +++ b/files/build_templates/docker_image_ctl.j2 @@ -191,6 +191,9 @@ function postStartAction() ip link add name ns-eth1"$NET_NS" type veth peer name eth1@"$NET_NS" ip link set dev eth1@"$NET_NS" master br1 ip link set dev eth1@"$NET_NS" up + # For chassis system where Linux bridge is used on supervisor for midplane communication + # assign alternate name as eth1-midplane for generic design + ip link property add dev br1 altname eth1-midplane else ip link add name ns-eth1"$NET_NS" link eth1-midplane type macvlan mode bridge fi From 311c639bc73e05bfaac792ce62df94ddfc6c9c7c Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 13 Sep 2023 16:12:34 +0000 Subject: [PATCH 05/22] Revert "Add alternate name for bridge interface on supversior in chassis systrem" This reverts commit fcbd38d8ec0c2f8f92a8d61c3e8c694b7fa489e2. --- files/build_templates/docker_image_ctl.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2 index ca9679ccd9b2..546eb24cb629 100644 --- a/files/build_templates/docker_image_ctl.j2 +++ b/files/build_templates/docker_image_ctl.j2 @@ -191,9 +191,6 @@ function postStartAction() ip link add name ns-eth1"$NET_NS" type veth peer name eth1@"$NET_NS" ip link set dev eth1@"$NET_NS" master br1 ip link set dev eth1@"$NET_NS" up - # For chassis system where Linux bridge is used on supervisor for midplane communication - # assign alternate name as eth1-midplane for generic design - ip link property add dev br1 altname eth1-midplane else ip link add name ns-eth1"$NET_NS" link eth1-midplane type macvlan mode bridge fi From 2109e03eb3867ad0d875ec3d663095269cc8c841 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 13 Sep 2023 16:14:29 +0000 Subject: [PATCH 06/22] ASIC Count is updated to the running numbers of ASIC's and not max possible Signed-off-by: Abhishek Dosi --- src/sonic-py-common/sonic_py_common/device_info.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sonic-py-common/sonic_py_common/device_info.py b/src/sonic-py-common/sonic_py_common/device_info.py index 7a4cec81605d..269c47df186b 100644 --- a/src/sonic-py-common/sonic_py_common/device_info.py +++ b/src/sonic-py-common/sonic_py_common/device_info.py @@ -479,7 +479,7 @@ def get_platform_info(config_db=None): if hw_info_dict: return hw_info_dict - from .multi_asic import get_num_asics + from .multi_asic import get_asic_presence_list version_info = get_sonic_version_info() @@ -487,7 +487,7 @@ def get_platform_info(config_db=None): hw_info_dict['hwsku'] = get_hwsku() if version_info: hw_info_dict['asic_type'] = version_info.get('asic_type') - hw_info_dict['asic_count'] = get_num_asics() + hw_info_dict['asic_count'] = len(get_asic_presence_list()) try: # TODO: enforce caller to provide config_db explicitly and remove its default value From 3cf469783df2374c7905f30dd8a146b5d33d0c22 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Tue, 26 Sep 2023 16:03:37 +0000 Subject: [PATCH 07/22] Enable Seding BGP Community over internal neighbors over iBGP Session Signed-off-by: Abhishek Dosi --- .../frr/bgpd/templates/internal/peer-group.conf.j2 | 2 ++ .../frr/bgpd/templates/voq_chassis/peer-group.conf.j2 | 2 ++ .../tests/data/internal/peer-group.conf/result_back.conf | 2 ++ .../data/internal/peer-group.conf/result_chasiss_packet.conf | 2 ++ .../tests/data/internal/peer-group.conf/result_front.conf | 2 ++ .../tests/data/voq_chassis/peer-group.conf/result_all.conf | 2 ++ .../tests/data/voq_chassis/peer-group.conf/result_base.conf | 2 ++ 7 files changed, 14 insertions(+) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 index e29a4c9e2fb6..b12f8e8c84a3 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 @@ -14,6 +14,7 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family {% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} neighbor INTERNAL_PEER_V6 update-source Loopback4096 @@ -26,6 +27,7 @@ neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 index 44a49587d039..802aa15ca60f 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 @@ -12,6 +12,7 @@ neighbor VOQ_CHASSIS_V4_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V4_PEER route-map FROM_VOQ_CHASSIS_V4_PEER in neighbor VOQ_CHASSIS_V4_PEER route-map TO_VOQ_CHASSIS_V4_PEER out + neighbor VOQ_CHASSIS_V4_PEER send-community exit-address-family address-family ipv6 {% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'ToRRouter' %} @@ -22,6 +23,7 @@ neighbor VOQ_CHASSIS_V6_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V6_PEER route-map FROM_VOQ_CHASSIS_V6_PEER in neighbor VOQ_CHASSIS_V6_PEER route-map TO_VOQ_CHASSIS_V6_PEER out + neighbor VOQ_CHASSIS_V6_PEER send-community exit-address-family ! ! end of template: bgpd/templates/voq_chassis/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf index 28a543841fef..c6acef329eff 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf @@ -9,6 +9,7 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family address-family ipv6 neighbor INTERNAL_PEER_V6 route-reflector-client @@ -16,6 +17,7 @@ neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf index 1f4e219e2770..e4fb05eeb766 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf @@ -9,6 +9,7 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family neighbor INTERNAL_PEER_V6 update-source Loopback4096 address-family ipv6 @@ -16,6 +17,7 @@ neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf index 5b061fa52b44..7b6ee2667de9 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf @@ -8,12 +8,14 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family address-family ipv6 neighbor INTERNAL_PEER_V6 soft-reconfiguration inbound neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf index cf5020ee49f8..350ff0eeeb41 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf @@ -10,6 +10,7 @@ neighbor VOQ_CHASSIS_V4_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V4_PEER route-map FROM_VOQ_CHASSIS_V4_PEER in neighbor VOQ_CHASSIS_V4_PEER route-map TO_VOQ_CHASSIS_V4_PEER out + neighbor VOQ_CHASSIS_V4_PEER send-community exit-address-family address-family ipv6 neighbor VOQ_CHASSIS_V6_PEER allowas-in 1 @@ -18,6 +19,7 @@ neighbor VOQ_CHASSIS_V6_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V6_PEER route-map FROM_VOQ_CHASSIS_V6_PEER in neighbor VOQ_CHASSIS_V6_PEER route-map TO_VOQ_CHASSIS_V6_PEER out + neighbor VOQ_CHASSIS_V6_PEER send-community exit-address-family ! ! end of template: bgpd/templates/voq_chassis/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf index 61813254acc2..9818358a771f 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf @@ -9,6 +9,7 @@ neighbor VOQ_CHASSIS_V4_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V4_PEER route-map FROM_VOQ_CHASSIS_V4_PEER in neighbor VOQ_CHASSIS_V4_PEER route-map TO_VOQ_CHASSIS_V4_PEER out + neighbor VOQ_CHASSIS_V4_PEER send-community exit-address-family address-family ipv6 neighbor VOQ_CHASSIS_V6_PEER activate @@ -16,6 +17,7 @@ neighbor VOQ_CHASSIS_V6_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V6_PEER route-map FROM_VOQ_CHASSIS_V6_PEER in neighbor VOQ_CHASSIS_V6_PEER route-map TO_VOQ_CHASSIS_V6_PEER out + neighbor VOQ_CHASSIS_V6_PEER send-community exit-address-family ! ! end of template: bgpd/templates/voq_chassis/peer-group.conf.j2 From 5d4fb5dc79540099fa27184ca2c5cade39eb958f Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Tue, 26 Sep 2023 16:06:23 +0000 Subject: [PATCH 08/22] Revert "ASIC Count is updated to the running numbers of ASIC's and not max" This reverts commit 2109e03eb3867ad0d875ec3d663095269cc8c841. --- src/sonic-py-common/sonic_py_common/device_info.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sonic-py-common/sonic_py_common/device_info.py b/src/sonic-py-common/sonic_py_common/device_info.py index 269c47df186b..7a4cec81605d 100644 --- a/src/sonic-py-common/sonic_py_common/device_info.py +++ b/src/sonic-py-common/sonic_py_common/device_info.py @@ -479,7 +479,7 @@ def get_platform_info(config_db=None): if hw_info_dict: return hw_info_dict - from .multi_asic import get_asic_presence_list + from .multi_asic import get_num_asics version_info = get_sonic_version_info() @@ -487,7 +487,7 @@ def get_platform_info(config_db=None): hw_info_dict['hwsku'] = get_hwsku() if version_info: hw_info_dict['asic_type'] = version_info.get('asic_type') - hw_info_dict['asic_count'] = len(get_asic_presence_list()) + hw_info_dict['asic_count'] = get_num_asics() try: # TODO: enforce caller to provide config_db explicitly and remove its default value From 4dbfe1cc44eb4547eb9db8c7a70e8b397303ea3d Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Sep 2023 01:12:18 +0000 Subject: [PATCH 09/22] In Chassis TSA mode Loopback0 Ip's of each should be advertise through e-BGP peers of each remote LC's Signed-off-by: Abhishek Dosi --- .../bgpd/templates/internal/policies.conf.j2 | 21 +++++++++++++++++++ .../templates/voq_chassis/policies.conf.j2 | 20 ++++++++++++++++++ .../frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 | 7 +++++-- .../frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 | 3 ++- files/image_config/constants/constants.yml | 2 ++ 5 files changed, 50 insertions(+), 3 deletions(-) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index 855a68635653..c0193e8f2071 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -4,8 +4,20 @@ ! {% from "common/functions.conf.j2" import get_ipv4_loopback_address %} ! +! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! ! @@ -13,8 +25,17 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! {% if CONFIG_DB__DEVICE_METADATA['localhost']['sub_role'] == 'BackEnd' %} diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 index c26db7bde241..3f6b05523d10 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 @@ -1,8 +1,19 @@ ! ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +! +route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! +route-map TO_VOQ_CHASSIS_V4_PEER permit 1 + match ip address prefix-list PL_LoopbackV4 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! ! @@ -10,8 +21,17 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! +route-map TO_VOQ_CHASSIS_V6_PEER permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! ! end of template: bgpd/templates/voq_chassis/policies.conf.j2 diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 index 1256d1cd4f96..4a001d989be4 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 @@ -1,5 +1,8 @@ route-map {{ route_map_name }} permit 20 match {{ ip_protocol }} address prefix-list PL_Loopback{{ ip_version }} - set community {{ constants.bgp.traffic_shift_community }} -route-map {{ route_map_name }} deny 30 + set community {{ constants.bgp.traffic_shift_community }} additive +route-map {{ route_map_name }} permit 30 + match tag {{ constants.bgp.internal_community_match_tag }} + set community {{ constants.bgp.traffic_shift_community }} additive +route-map {{ route_map_name }} deny 40 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 index 649f6d8e9db8..7ba4c1bd6f32 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 @@ -1,3 +1,4 @@ no route-map {{ route_map_name }} permit 20 -no route-map {{ route_map_name }} deny 30 +no route-map {{ route_map_name }} permit 30 +no route-map {{ route_map_name }} deny 40 ! diff --git a/files/image_config/constants/constants.yml b/files/image_config/constants/constants.yml index 4c5339700396..bb4aeb62ab92 100644 --- a/files/image_config/constants/constants.yml +++ b/files/image_config/constants/constants.yml @@ -4,6 +4,8 @@ constants: "2" : 65433 bgp: traffic_shift_community: 12345:12345 + internal_community: 11111:11111 + internal_community_match_tag: 1002 sentinel_community: 12345:12346 families: - ipv4 From 4f295dee32601246167795c53c8553e9e1509a21 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Sep 2023 04:37:14 +0000 Subject: [PATCH 10/22] Updated UT Signed-off-by: Abhishek Dosi --- .../internal/policies.conf/param_back.json | 6 ++++++ .../internal/policies.conf/param_front.json | 6 ++++++ .../internal/policies.conf/result_back.conf | 20 ++++++++++++++++++ .../internal/policies.conf/result_front.conf | 20 ++++++++++++++++++ .../voq_chassis/policies.conf/param_base.json | 6 ++++++ .../policies.conf/result_base.conf | 21 ++++++++++++++++++- 6 files changed, 78 insertions(+), 1 deletion(-) diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json index 37e54d785e27..d39721ae0c87 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json @@ -6,5 +6,11 @@ }, "CONFIG_DB__LOOPBACK_INTERFACE": { "Loopback4096|10.10.10.10/32": {} + }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } } } diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json index 68c27766d257..502fb1d2f1ad 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json @@ -4,5 +4,11 @@ "sub_role": "FrontkEnd" } }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } + }, "loopback0_ipv4": "10.10.10.10/32" } diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index 81b5aab193c6..6a5b8798b924 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -1,16 +1,36 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index 880530a2797e..f194b50be5be 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -1,16 +1,36 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! ! end of template: bgpd/templates/internal/policies.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json index 7ef21c181d7e..483cc938c59d 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json @@ -1,5 +1,11 @@ { "CONFIG_DB__DEVICE_METADATA": { "localhost": {} + }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } } } diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf index c26db7bde241..b239449a6aeb 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf @@ -1,17 +1,36 @@ ! ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! -route-map TO_VOQ_CHASSIS_V4_PEER permit 100 +route-map TO_VOQ_CHASSIS_V4_PEER permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 additive ! +route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! route-map FROM_VOQ_CHASSIS_V6_PEER permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! +route-map TO_VOQ_CHASSIS_V6_PEER permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 additive +! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! ! end of template: bgpd/templates/voq_chassis/policies.conf.j2 From 6dcf2194af43077ad55c41295278c8cdece61754 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Sep 2023 05:26:35 +0000 Subject: [PATCH 11/22] Updated UT Signed-off-by: Abhishek Dosi --- .../frr/bgpd/templates/internal/policies.conf.j2 | 6 +++--- .../frr/bgpd/templates/voq_chassis/policies.conf.j2 | 4 ++-- .../frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 | 4 ++-- .../general/peer-group.conf/result_all_isolate.conf | 10 ++++++++-- .../general/peer-group.conf/result_all_unisolate.conf | 6 ++++-- .../data/general/peer-group.conf/result_isolate.conf | 10 ++++++++-- .../data/general/peer-group.conf/result_unisolate.conf | 6 ++++-- .../tests/data/internal/policies.conf/result_back.conf | 6 +++--- .../data/internal/policies.conf/result_front.conf | 4 ++-- .../tests/data/sonic-cfggen/tsa/isolate.conf | 5 ++++- .../tests/data/sonic-cfggen/tsa/isolate.json | 5 +++-- .../tests/data/sonic-cfggen/tsa/unisolate.conf | 3 ++- .../data/voq_chassis/policies.conf/result_base.conf | 4 ++-- src/sonic-bgpcfgd/tests/test_device_global.py | 3 ++- 14 files changed, 49 insertions(+), 27 deletions(-) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index c0193e8f2071..5b00a99fa871 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -16,7 +16,7 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! @@ -34,7 +34,7 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! @@ -42,7 +42,7 @@ route-map TO_BGP_INTERNAL_PEER_V6 permit 100 route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 +route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} {% endif %} ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 index 3f6b05523d10..9ffe00d14a26 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 @@ -12,7 +12,7 @@ route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 1 match ip address prefix-list PL_LoopbackV4 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! @@ -30,7 +30,7 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 index 4a001d989be4..2321643f8d04 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 @@ -1,8 +1,8 @@ route-map {{ route_map_name }} permit 20 match {{ ip_protocol }} address prefix-list PL_Loopback{{ ip_version }} - set community {{ constants.bgp.traffic_shift_community }} additive + set community {{ constants.bgp.traffic_shift_community }} route-map {{ route_map_name }} permit 30 match tag {{ constants.bgp.internal_community_match_tag }} - set community {{ constants.bgp.traffic_shift_community }} additive + set community {{ constants.bgp.traffic_shift_community }} route-map {{ route_map_name }} deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf index a078dadd6f04..bf3abfc0464e 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf @@ -23,11 +23,17 @@ route-map TO_BGP_PEER_V4 permit 20 match ip address prefix-list PL_LoopbackV4 set community 12345:12345 -route-map TO_BGP_PEER_V4 deny 30 +route-map TO_BGP_PEER_V4 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V4 deny 40 ! route-map TO_BGP_PEER_V6 permit 20 match ipv6 address prefix-list PL_LoopbackV6 set community 12345:12345 -route-map TO_BGP_PEER_V6 deny 30 +route-map TO_BGP_PEER_V6 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf index 1cd4442f4f3d..fa56d296e4d3 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf @@ -21,9 +21,11 @@ no route-map TO_BGP_PEER_V4 permit 20 -no route-map TO_BGP_PEER_V4 deny 30 +no route-map TO_BGP_PEER_V4 permit 30 +no route-map TO_BGP_PEER_V4 deny 40 ! no route-map TO_BGP_PEER_V6 permit 20 -no route-map TO_BGP_PEER_V6 deny 30 +no route-map TO_BGP_PEER_V6 permit 30 +no route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf index 902b8cfcdab9..88017bf2f30a 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf @@ -2,10 +2,16 @@ route-map TO_BGP_PEER_V4 permit 20 match ip address prefix-list PL_LoopbackV4 set community 12345:12345 -route-map TO_BGP_PEER_V4 deny 30 +route-map TO_BGP_PEER_V4 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V4 deny 40 ! route-map TO_BGP_PEER_V6 permit 20 match ipv6 address prefix-list PL_LoopbackV6 set community 12345:12345 -route-map TO_BGP_PEER_V6 deny 30 +route-map TO_BGP_PEER_V6 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf index 8fd9fde7f759..8bfcdee993d4 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf @@ -1,7 +1,9 @@ no route-map TO_BGP_PEER_V4 permit 20 -no route-map TO_BGP_PEER_V4 deny 30 +no route-map TO_BGP_PEER_V4 permit 30 +no route-map TO_BGP_PEER_V4 deny 40 ! no route-map TO_BGP_PEER_V6 permit 20 -no route-map TO_BGP_PEER_V6 deny 30 +no route-map TO_BGP_PEER_V6 permit 30 +no route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index 6a5b8798b924..c870bbae7b2b 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -12,7 +12,7 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! @@ -29,14 +29,14 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 set originator-id 10.10.10.10 ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 +route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 set originator-id 10.10.10.10 ! ! end of template: bgpd/templates/internal/policies.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index f194b50be5be..2708522852c4 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -12,7 +12,7 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! @@ -29,7 +29,7 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf index 2ea4111dfc26..e775b6d0acb5 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf @@ -1,5 +1,8 @@ route-map test_rm_name permit 20 match ip address prefix-list PL_LoopbackV4 set community 12345:555 -route-map test_rm_name deny 30 +route-map test_rm_name permit 30 + match tag 1002 + set community 12345:555 +route-map test_rm_name deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json index 807dfe7e1a0c..68ffe27c46a3 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json @@ -1,10 +1,11 @@ { "constants": { "bgp": { - "traffic_shift_community": "12345:555" + "traffic_shift_community": "12345:555", + "internal_community_match_tag": "1002" } }, "route_map_name": "test_rm_name", "ip_version": "V4", "ip_protocol": "ip" -} \ No newline at end of file +} diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf index 2adeac6e0ef7..31553e3a9844 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf @@ -1,3 +1,4 @@ no route-map test_rm permit 20 -no route-map test_rm deny 30 +no route-map test_rm permit 30 +no route-map test_rm deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf index b239449a6aeb..4dc2f9cec96c 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf @@ -12,7 +12,7 @@ route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 1 match ip address prefix-list PL_LoopbackV4 - set community 12345:556 additive + set community 12345:556 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! @@ -29,7 +29,7 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 additive + set community 12345:556 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! diff --git a/src/sonic-bgpcfgd/tests/test_device_global.py b/src/sonic-bgpcfgd/tests/test_device_global.py index 2a912c3d05a6..049bcbeec058 100644 --- a/src/sonic-bgpcfgd/tests/test_device_global.py +++ b/src/sonic-bgpcfgd/tests/test_device_global.py @@ -13,7 +13,8 @@ BASE_PATH = os.path.abspath('../sonic-bgpcfgd/tests/data/general/peer-group.conf/') global_constants = { "bgp": { - "traffic_shift_community" :"12345:12345" + "traffic_shift_community" :"12345:12345", + "internal_community_match_tag" : "1001" } } From 5457a6c2e4f8bfa231b19ac528cdafb4751cd2fc Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Sep 2023 20:09:44 +0000 Subject: [PATCH 12/22] Added support when TSA is done on Line Card make sure it's completely isolated from all e-BGP peer devices from this LC or remote LC Signed-off-by: Abhishek Dosi --- dockers/docker-fpm-frr/TS | 10 +++--- dockers/docker-fpm-frr/TSA | 5 +-- dockers/docker-fpm-frr/TSB | 5 +-- .../frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 | 7 ++++ .../frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 | 6 ++++ .../bgpcfgd/managers_device_global.py | 6 ++-- .../result_chassis_packet_isolate.conf | 33 +++++++++++++++++++ .../result_chassis_packet_unisolate.conf | 31 +++++++++++++++++ src/sonic-bgpcfgd/tests/test_device_global.py | 30 ++++++++++++++--- 9 files changed, 119 insertions(+), 14 deletions(-) create mode 100644 src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf create mode 100644 src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf diff --git a/dockers/docker-fpm-frr/TS b/dockers/docker-fpm-frr/TS index 75472d8c6958..556020c7c9ea 100755 --- a/dockers/docker-fpm-frr/TS +++ b/dockers/docker-fpm-frr/TS @@ -4,7 +4,12 @@ switch_type=`sonic-cfggen -d -v "DEVICE_METADATA['localhost']['switch_type']"` # Check whether the routemap is for internal BGP sessions. function is_internal_route_map() { - [[ "$1" =~ .*"_INTERNAL_".* || "$1" =~ .*"VOQ_".* ]] + if [[ "$1" =~ .*"_INTERNAL_".* || "$1" =~ .*"VOQ_".* ]] + then + return 1 + else + return 0 + fi } function check_not_installed() @@ -13,7 +18,6 @@ function check_not_installed() config=$(vtysh -c "show run") for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq); do - is_internal_route_map $route_map_name && continue echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) echo "$config" | egrep -q "^route-map $route_map_name deny 30$" @@ -29,7 +33,6 @@ function check_installed() config=$(vtysh -c "show run") for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq); do - is_internal_route_map $route_map_name && continue echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) e=$((e+1)) @@ -46,7 +49,6 @@ function find_num_routemap() config=$(vtysh -c "show run") for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq); do - is_internal_route_map $route_map_name && continue c=$((c+1)) done return $c diff --git a/dockers/docker-fpm-frr/TSA b/dockers/docker-fpm-frr/TSA index f45d3bf0bcb3..c94a35ea05f0 100755 --- a/dockers/docker-fpm-frr/TSA +++ b/dockers/docker-fpm-frr/TSA @@ -16,7 +16,8 @@ then TSA_FILE=$(mktemp) for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | uniq); do - is_internal_route_map $route_map_name && continue + is_internal_route_map $route_map_name + internal_route_map=$? case "$route_map_name" in *V4*) ip_version=V4 @@ -30,7 +31,7 @@ then continue ;; esac - sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\", \"ip_version\": \"$ip_version\", \"ip_protocol\": \"$ip_protocol\"}" -y /etc/sonic/constants.yml -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.isolate.conf.j2 > "$TSA_FILE" + sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\", \"ip_version\": \"$ip_version\", \"ip_protocol\": \"$ip_protocol\", \"internal_route_map\": \"$internal_route_map\"}" -y /etc/sonic/constants.yml -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.isolate.conf.j2 > "$TSA_FILE" vtysh -f "$TSA_FILE" rm -f "$TSA_FILE" done diff --git a/dockers/docker-fpm-frr/TSB b/dockers/docker-fpm-frr/TSB index 50f1ebc3ce8b..add7eda94504 100755 --- a/dockers/docker-fpm-frr/TSB +++ b/dockers/docker-fpm-frr/TSB @@ -16,7 +16,8 @@ then TSB_FILE=$(mktemp) for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | uniq); do - is_internal_route_map $route_map_name && continue + is_internal_route_map $route_map_name + internal_route_map=$? case "$route_map_name" in *V4*) ;; @@ -26,7 +27,7 @@ then continue ;; esac - sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\"}" -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 > "$TSB_FILE" + sonic-cfggen -d -a "{\"route_map_name\":\"$route_map_name\", \"internal_route_map\": \"$internal_route_map\"}" -t /usr/share/sonic/templates/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 > "$TSB_FILE" vtysh -f "$TSB_FILE" rm -f "$TSB_FILE" done diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 index 2321643f8d04..1d39af2a8942 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 @@ -1,3 +1,8 @@ +{%- if internal_route_map == '1' -%} +route-map {{ route_map_name }} permit 20 + set community no-export additive +{# #} +{%- else -%} route-map {{ route_map_name }} permit 20 match {{ ip_protocol }} address prefix-list PL_Loopback{{ ip_version }} set community {{ constants.bgp.traffic_shift_community }} @@ -5,4 +10,6 @@ route-map {{ route_map_name }} permit 30 match tag {{ constants.bgp.internal_community_match_tag }} set community {{ constants.bgp.traffic_shift_community }} route-map {{ route_map_name }} deny 40 +{# #} +{%- endif -%} ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 index 7ba4c1bd6f32..45caddc2196d 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 @@ -1,4 +1,10 @@ +{%- if internal_route_map == '1' -%} +no route-map {{ route_map_name }} permit 20 +{# #} +{%- else -%} no route-map {{ route_map_name }} permit 20 no route-map {{ route_map_name }} permit 30 no route-map {{ route_map_name }} deny 40 +{# #} +{%- endif -%} ! diff --git a/src/sonic-bgpcfgd/bgpcfgd/managers_device_global.py b/src/sonic-bgpcfgd/bgpcfgd/managers_device_global.py index 4f7c28cbd51b..db2bcd9893db 100644 --- a/src/sonic-bgpcfgd/bgpcfgd/managers_device_global.py +++ b/src/sonic-bgpcfgd/bgpcfgd/managers_device_global.py @@ -91,14 +91,16 @@ def __generate_routemaps_from_template(self, route_map_names, template): # For packet-based chassis, the bgp session between the linecards are also considered internal sessions # While isolating a single linecard, these sessions should not be skipped if "_INTERNAL_" in rm or "VOQ_" in rm: - continue + is_internal="1" + else: + is_internal="0" if "V4" in rm: ipv="V4" ; ipp="ip" elif "V6" in rm: ipv="V6" ; ipp="ipv6" else: continue - cmd += template.render(route_map_name=rm,ip_version=ipv,ip_protocol=ipp, constants=self.constants) + cmd += template.render(route_map_name=rm,ip_version=ipv,ip_protocol=ipp,internal_route_map=is_internal, constants=self.constants) cmd += "\n" return cmd diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf new file mode 100644 index 000000000000..31ef55d7b701 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf @@ -0,0 +1,33 @@ +! +! template: bgpd/templates/internal/peer-group.conf.j2 +! + neighbor INTERNAL_PEER_V4 peer-group + neighbor INTERNAL_PEER_V6 peer-group + neighbor INTERNAL_PEER_V4 update-source Loopback4096 + address-family ipv4 + neighbor INTERNAL_PEER_V4 soft-reconfiguration inbound + neighbor INTERNAL_PEER_V4 allowas-in 1 + neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in + neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community + exit-address-family + neighbor INTERNAL_PEER_V6 update-source Loopback4096 + address-family ipv6 + neighbor INTERNAL_PEER_V6 soft-reconfiguration inbound + neighbor INTERNAL_PEER_V6 allowas-in 1 + neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in + neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community + exit-address-family +! +! end of template: bgpd/templates/internal/peer-group.conf.j2 +! + + +route-map TO_BGP_INTERNAL_PEER_V4 permit 20 + set community no-export additive +! +route-map TO_BGP_INTERNAL_PEER_V6 permit 20 + set community no-export additive +! + diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf new file mode 100644 index 000000000000..a75cd4f9e1f8 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf @@ -0,0 +1,31 @@ +! +! template: bgpd/templates/internal/peer-group.conf.j2 +! + neighbor INTERNAL_PEER_V4 peer-group + neighbor INTERNAL_PEER_V6 peer-group + neighbor INTERNAL_PEER_V4 update-source Loopback4096 + address-family ipv4 + neighbor INTERNAL_PEER_V4 soft-reconfiguration inbound + neighbor INTERNAL_PEER_V4 allowas-in 1 + neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in + neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community + exit-address-family + neighbor INTERNAL_PEER_V6 update-source Loopback4096 + address-family ipv6 + neighbor INTERNAL_PEER_V6 soft-reconfiguration inbound + neighbor INTERNAL_PEER_V6 allowas-in 1 + neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in + neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community + exit-address-family +! +! end of template: bgpd/templates/internal/peer-group.conf.j2 +! + + +no route-map TO_BGP_INTERNAL_PEER_V4 permit 20 +! +no route-map TO_BGP_INTERNAL_PEER_V6 permit 20 +! + diff --git a/src/sonic-bgpcfgd/tests/test_device_global.py b/src/sonic-bgpcfgd/tests/test_device_global.py index 049bcbeec058..396a72a23182 100644 --- a/src/sonic-bgpcfgd/tests/test_device_global.py +++ b/src/sonic-bgpcfgd/tests/test_device_global.py @@ -11,6 +11,7 @@ TEMPLATE_PATH = os.path.abspath('../../dockers/docker-fpm-frr/frr') BASE_PATH = os.path.abspath('../sonic-bgpcfgd/tests/data/general/peer-group.conf/') +INTERNAL_BASE_PATH = os.path.abspath('../sonic-bgpcfgd/tests/data/internal/peer-group.conf/') global_constants = { "bgp": { "traffic_shift_community" :"12345:12345", @@ -18,7 +19,7 @@ } } -def constructor(): +def constructor(check_internal=False): cfg_mgr = MagicMock() def get_text(): text = [] @@ -29,7 +30,10 @@ def get_text(): text += [" "] return text def update(): - cfg_mgr.changes = get_string_from_file("/result_all.conf") + if check_internal: + cfg_mgr.changes = get_string_from_file("/result_chasiss_packet.conf", INTERNAL_BASE_PATH) + else: + cfg_mgr.changes = get_string_from_file("/result_all.conf") def push(cfg): cfg_mgr.changes += cfg + "\n" def get_config(): @@ -59,6 +63,15 @@ def test_isolate_device(mocked_log_info): mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done") assert m.cfg_mgr.get_config() == get_string_from_file("/result_all_isolate.conf") +@patch('bgpcfgd.managers_device_global.log_debug') +def test_isolate_device_internal_session(mocked_log_info): + m = constructor(check_internal=True) + res = m.set_handler("STATE", {"tsa_enabled": "true"}) + assert res, "Expect True return value for set_handler" + mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done") + assert m.cfg_mgr.get_config() == get_string_from_file("/result_chassis_packet_isolate.conf", INTERNAL_BASE_PATH) + + @patch('bgpcfgd.managers_device_global.log_debug') def test_unisolate_device(mocked_log_info): m = constructor() @@ -67,6 +80,15 @@ def test_unisolate_device(mocked_log_info): mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done") assert m.cfg_mgr.get_config() == get_string_from_file("/result_all_unisolate.conf") +@patch('bgpcfgd.managers_device_global.log_debug') +def test_unisolate_device_internal_session(mocked_log_info): + m = constructor(check_internal=True) + res = m.set_handler("STATE", {"tsa_enabled": "false"}) + assert res, "Expect True return value for set_handler" + mocked_log_info.assert_called_with("DeviceGlobalCfgMgr::Done") + assert m.cfg_mgr.get_config() == get_string_from_file("/result_chassis_packet_unisolate.conf", INTERNAL_BASE_PATH) + + def test_check_state_and_get_tsa_routemaps(): m = constructor() m.set_handler("STATE", {"tsa_enabled": "true"}) @@ -93,8 +115,8 @@ def test_get_tsb_routemaps(): expected_res = get_string_from_file("/result_unisolate.conf") assert res == expected_res -def get_string_from_file(filename): - fp = open(BASE_PATH + filename, "r") +def get_string_from_file(filename, base_path=BASE_PATH): + fp = open(base_path + filename, "r") cfg = fp.read() fp.close() From c38a06e22847f1bb8e06f674233afff80781fc03 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 17:52:51 +0000 Subject: [PATCH 13/22] Added extra UT for chassis-packet. Signed-off-by: Abhishek Dosi --- .../policies.conf/param_chasiss_packet.json | 16 ++++++++ .../internal/policies.conf/result_back.conf | 32 ++++------------ .../policies.conf/result_chasiss_packet.conf | 37 +++++++++++++++++++ .../internal/policies.conf/result_front.conf | 22 +---------- 4 files changed, 62 insertions(+), 45 deletions(-) create mode 100644 src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json create mode 100644 src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json new file mode 100644 index 000000000000..1e600cc9d72b --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json @@ -0,0 +1,16 @@ +{ + "CONFIG_DB__DEVICE_METADATA": { + "localhost": { + "type": "SpineRouter", + "sub_role": "FrontEnd", + "switch_type": "chassis-packet" + } + }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } + }, + "loopback0_ipv4": "10.10.10.10/32" +} diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index c870bbae7b2b..9fb6756268b2 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -3,41 +3,23 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 1 - match ip address prefix-list PL_LoopbackV4 - set community 12345:556 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + set originator-id 10.10.10.10 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 + set originator-id 10.10.10.10 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 - set originator-id 10.10.10.10 -! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 - set originator-id 10.10.10.10 -! ! end of template: bgpd/templates/internal/policies.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf new file mode 100644 index 000000000000..fea34746516b --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf @@ -0,0 +1,37 @@ +! +! template: bgpd/templates/internal/policies.conf.j2 +! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 +! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 +! +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 +! +route-map TO_BGP_INTERNAL_PEER_V6 permit 100 +! +! end of template: bgpd/templates/internal/policies.conf.j2 +! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index 2708522852c4..49971c37babb 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -3,33 +3,15 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 1 - match ip address prefix-list PL_LoopbackV4 - set community 12345:556 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! From c187ac460fbad397ad51b78b8fbdd0efa0a30b7f Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 17:52:51 +0000 Subject: [PATCH 14/22] Added extra UT for chassis-packet. Signed-off-by: Abhishek Dosi --- .../policies.conf/param_chasiss_packet.json | 16 ++++++++ .../internal/policies.conf/result_back.conf | 32 ++++------------ .../policies.conf/result_chasiss_packet.conf | 37 +++++++++++++++++++ .../internal/policies.conf/result_front.conf | 22 +---------- 4 files changed, 62 insertions(+), 45 deletions(-) create mode 100644 src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json create mode 100644 src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json new file mode 100644 index 000000000000..1e600cc9d72b --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json @@ -0,0 +1,16 @@ +{ + "CONFIG_DB__DEVICE_METADATA": { + "localhost": { + "type": "SpineRouter", + "sub_role": "FrontEnd", + "switch_type": "chassis-packet" + } + }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } + }, + "loopback0_ipv4": "10.10.10.10/32" +} diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index c870bbae7b2b..9fb6756268b2 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -3,41 +3,23 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 1 - match ip address prefix-list PL_LoopbackV4 - set community 12345:556 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + set originator-id 10.10.10.10 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 + set originator-id 10.10.10.10 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 - set originator-id 10.10.10.10 -! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 - set originator-id 10.10.10.10 -! ! end of template: bgpd/templates/internal/policies.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf new file mode 100644 index 000000000000..fea34746516b --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf @@ -0,0 +1,37 @@ +! +! template: bgpd/templates/internal/policies.conf.j2 +! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 +! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 +! +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 +! +route-map TO_BGP_INTERNAL_PEER_V6 permit 100 +! +! end of template: bgpd/templates/internal/policies.conf.j2 +! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index 2708522852c4..49971c37babb 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -3,33 +3,15 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 1 - match ip address prefix-list PL_LoopbackV4 - set community 12345:556 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! From c94da057d35ac0e7943a05b7711c6d7052cfd144 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 17:54:56 +0000 Subject: [PATCH 15/22] FIxed UT typo Signed-off-by: Abhishek Dosi --- .../tests/data/internal/policies.conf/param_front.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json index 502fb1d2f1ad..f18513d815c8 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json @@ -1,7 +1,7 @@ { "CONFIG_DB__DEVICE_METADATA": { "localhost": { - "sub_role": "FrontkEnd" + "sub_role": "FrontEnd" } }, "constants": { From 5db9b9680d1393f6d7f7df32664b18fea1ddedd9 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 17:54:56 +0000 Subject: [PATCH 16/22] FIxed UT typo Signed-off-by: Abhishek Dosi --- .../tests/data/internal/policies.conf/param_front.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json index 502fb1d2f1ad..f18513d815c8 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json @@ -1,7 +1,7 @@ { "CONFIG_DB__DEVICE_METADATA": { "localhost": { - "sub_role": "FrontkEnd" + "sub_role": "FrontEnd" } }, "constants": { From ff5d302e77e1a4dfc711c96d84a31cf7bdf5a195 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 19:57:00 +0000 Subject: [PATCH 17/22] Fixes Signed-off-by: Abhishek Dosi --- .../bgpd/templates/internal/policies.conf.j2 | 43 +++++++++++-------- .../internal/policies.conf/result_back.conf | 6 +-- .../policies.conf/result_chasiss_packet.conf | 12 +++--- .../internal/policies.conf/result_front.conf | 2 - 4 files changed, 34 insertions(+), 29 deletions(-) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index 5b00a99fa871..5f9c8a83e29a 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -4,7 +4,17 @@ ! {% from "common/functions.conf.j2" import get_ipv4_loopback_address %} ! +{% if CONFIG_DB__DEVICE_METADATA['localhost']['sub_role'] == 'BackEnd' %} +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} +{% elif CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 @@ -12,39 +22,38 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag {{ constants.bgp.internal_community_match_tag }} ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 set community {{ constants.bgp.internal_community }} ! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! +route-map TO_BGP_INTERNAL_PEER_V6 permit 2 + match ipv6 address prefix-list PL_LoopbackV6 + set community {{ constants.bgp.internal_community }} ! +{% else %} route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag {{ constants.bgp.internal_community_match_tag }} +{% endif %} +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community {{ constants.bgp.internal_community }} +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! -{% if CONFIG_DB__DEVICE_METADATA['localhost']['sub_role'] == 'BackEnd' %} -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 - set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} -! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 - set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} -{% endif %} ! ! end of template: bgpd/templates/internal/policies.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index 9fb6756268b2..5ee9967d85ea 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -1,15 +1,13 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! -bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + set originator-id 10.10.10.10 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 - set originator-id 10.10.10.10 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 set originator-id 10.10.10.10 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf index fea34746516b..e3a4e2e071c8 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf @@ -3,15 +3,15 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 - set ipv6 next-hop prefer-global - on-match next -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag 101 ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete @@ -21,7 +21,7 @@ route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 set community 12345:556 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 +route-map TO_BGP_INTERNAL_PEER_V6 permit 2 match ipv6 address prefix-list PL_LoopbackV6 set community 12345:556 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index 49971c37babb..0c6405321f17 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -1,8 +1,6 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! -bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next From 1146d326de1d9c5da006c32186ada4973badbcae Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 20:04:54 +0000 Subject: [PATCH 18/22] Updated Local Preference to lower value (80) when we get route over iBGP that is marked as no-export (remote LC is is TSA mode) so that we remove that route from forwarding database Signed-off-by: Abhishek Dosi --- .../frr/bgpd/templates/internal/policies.conf.j2 | 9 +++++++++ .../frr/bgpd/templates/voq_chassis/policies.conf.j2 | 9 +++++++++ .../internal/policies.conf/result_chasiss_packet.conf | 9 +++++++++ .../data/voq_chassis/policies.conf/result_base.conf | 9 +++++++++ 4 files changed, 36 insertions(+) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index 5f9c8a83e29a..bedc6eeea422 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -16,12 +16,17 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} {% elif CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag {{ constants.bgp.internal_community_match_tag }} ! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + match community NO_EXPORT + set local-preference 80 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next @@ -31,6 +36,10 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag {{ constants.bgp.internal_community_match_tag }} ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 + match community NO_EXPORT + set local-preference 80 +! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 set community {{ constants.bgp.internal_community }} diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 index 9ffe00d14a26..7002a0ac1a41 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 @@ -2,12 +2,17 @@ ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag {{ constants.bgp.internal_community_match_tag }} ! +route-map FROM_VOQ_CHASSIS_V4_PEER permit 2 + match community NO_EXPORT + set local-preference 80 +! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 1 @@ -26,6 +31,10 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag {{ constants.bgp.internal_community_match_tag }} ! +route-map FROM_VOQ_CHASSIS_V6_PEER permit 3 + match community NO_EXPORT + set local-preference 80 +! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 1 diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf index e3a4e2e071c8..4b346d635975 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf @@ -2,12 +2,17 @@ ! template: bgpd/templates/internal/policies.conf.j2 ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag 101 ! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + match community NO_EXPORT + set local-preference 80 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next @@ -17,6 +22,10 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag 101 ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 + match community NO_EXPORT + set local-preference 80 +! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 set community 12345:556 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf index 4dc2f9cec96c..f0e3771d1a39 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf @@ -2,12 +2,17 @@ ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag 101 ! +route-map FROM_VOQ_CHASSIS_V4_PEER permit 2 + match community NO_EXPORT + set local-preference 80 +! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 1 @@ -25,6 +30,10 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag 101 ! +route-map FROM_VOQ_CHASSIS_V6_PEER permit 3 + match community NO_EXPORT + set local-preference 80 +! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 1 From 4762df292b63a780dd098731c732be1bf10bffa3 Mon Sep 17 00:00:00 2001 From: abdosi <58047199+abdosi@users.noreply.github.com> Date: Wed, 4 Oct 2023 17:46:18 -0700 Subject: [PATCH 19/22] Update TS --- dockers/docker-fpm-frr/TS | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dockers/docker-fpm-frr/TS b/dockers/docker-fpm-frr/TS index 556020c7c9ea..c494cec40bdf 100755 --- a/dockers/docker-fpm-frr/TS +++ b/dockers/docker-fpm-frr/TS @@ -20,7 +20,9 @@ function check_not_installed() do echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) - echo "$config" | egrep -q "^route-map $route_map_name deny 30$" + echo "$config" | egrep -q "^route-map $route_map_name permit 30$" + c=$((c+$?)) + echo "$config" | egrep -q "^route-map $route_map_name deny 40$" c=$((c+$?)) done return $c @@ -36,7 +38,10 @@ function check_installed() echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) e=$((e+1)) - echo "$config" | egrep -q "^route-map $route_map_name deny 30$" + echo "$config" | egrep -q "^route-map $route_map_name permit 30$" + c=$((c+$?)) + e=$((e+1)) + echo "$config" | egrep -q "^route-map $route_map_name deny 40$" c=$((c+$?)) e=$((e+1)) done From b97e90979fb360b61c8642dc5e0d2271f45fd59d Mon Sep 17 00:00:00 2001 From: abdosi <58047199+abdosi@users.noreply.github.com> Date: Thu, 5 Oct 2023 17:13:28 -0700 Subject: [PATCH 20/22] Update TS --- dockers/docker-fpm-frr/TS | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/dockers/docker-fpm-frr/TS b/dockers/docker-fpm-frr/TS index c494cec40bdf..fda750d9c224 100755 --- a/dockers/docker-fpm-frr/TS +++ b/dockers/docker-fpm-frr/TS @@ -18,6 +18,10 @@ function check_not_installed() config=$(vtysh -c "show run") for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq); do + is_internal_route_map $route_map_name + if [[ $? -eq 1 ]]; then + continue + fi echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) echo "$config" | egrep -q "^route-map $route_map_name permit 30$" @@ -35,6 +39,10 @@ function check_installed() config=$(vtysh -c "show run") for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq); do + is_internal_route_map $route_map_name + if [[ $? -eq 1 ]]; then + continue + fi echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) e=$((e+1)) @@ -54,6 +62,10 @@ function find_num_routemap() config=$(vtysh -c "show run") for route_map_name in $(echo "$config" | sed -ne 's/ neighbor \S* route-map \(\S*\) out/\1/p' | egrep 'V4|V6' | uniq); do + is_internal_route_map $route_map_name + if [[ $? -eq 1 ]]; then + continue + fi c=$((c+1)) done return $c From cfec119354cd17cf5d4d4402ebb8d8c5348cd271 Mon Sep 17 00:00:00 2001 From: abdosi <58047199+abdosi@users.noreply.github.com> Date: Fri, 15 Dec 2023 17:27:41 -0800 Subject: [PATCH 21/22] Update result_chassis_packet_unisolate.conf --- .../peer-group.conf/result_chassis_packet_unisolate.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf index a75cd4f9e1f8..2711f46d567b 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_unisolate.conf @@ -10,6 +10,7 @@ neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out neighbor INTERNAL_PEER_V4 send-community + neighbor INTERNAL_PEER_V4 ttl-security hops 1 exit-address-family neighbor INTERNAL_PEER_V6 update-source Loopback4096 address-family ipv6 @@ -18,6 +19,7 @@ neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out neighbor INTERNAL_PEER_V6 send-community + neighbor INTERNAL_PEER_V6 ttl-security hops 1 exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 From 89e26213030a55f8a446ab4d7a82b1e305dc1816 Mon Sep 17 00:00:00 2001 From: abdosi <58047199+abdosi@users.noreply.github.com> Date: Sat, 16 Dec 2023 10:30:45 -0800 Subject: [PATCH 22/22] Update result_chassis_packet_isolate.conf --- .../internal/peer-group.conf/result_chassis_packet_isolate.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf index 31ef55d7b701..cfb47916e655 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chassis_packet_isolate.conf @@ -10,6 +10,7 @@ neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out neighbor INTERNAL_PEER_V4 send-community + neighbor INTERNAL_PEER_V4 ttl-security hops 1 exit-address-family neighbor INTERNAL_PEER_V6 update-source Loopback4096 address-family ipv6 @@ -18,6 +19,7 @@ neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out neighbor INTERNAL_PEER_V6 send-community + neighbor INTERNAL_PEER_V6 ttl-security hops 1 exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2