Merge pull request FRRouting#18519 from GaladrielZhao/bgp_srv6_sid_explicit

bgpd: Add support for BGP to use SRv6 SID in an explicit way

Author: cscarpitta

bgpd/bgp_mplsvpn.c

@@ -848,6 +848,7 @@ void ensure_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
 	struct in6_addr tovpn_sid = {};
 	uint32_t tovpn_sid_index = 0;
 	bool tovpn_sid_auto = false;
+	bool is_tovpn_sid_explicit = false;
 	struct srv6_sid_ctx ctx = {};
 	uint32_t sid_func;
 
@@ -875,25 +876,39 @@ void ensure_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
 
 	tovpn_sid_index = bgp_vrf->tovpn_sid_index;
 	tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO);
+	is_tovpn_sid_explicit = CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT);
 
 	/* skip when VPN isn't configured on vrf-instance */
-	if (tovpn_sid_index == 0 && !tovpn_sid_auto)
+	if (tovpn_sid_index == 0 && !tovpn_sid_auto && !is_tovpn_sid_explicit)
 		return;
 
-	/* check invalid case both configured index and auto */
-	if (tovpn_sid_index != 0 && tovpn_sid_auto) {
-		zlog_err("%s: index-mode and auto-mode both selected. ignored.",
+	/*
+	 * check invalid case more than one mode configured
+	 * among index, auto and explicit
+	 */
+	if ((tovpn_sid_index != 0 && tovpn_sid_auto) ||
+	    (tovpn_sid_index != 0 && is_tovpn_sid_explicit) ||
+	    (tovpn_sid_auto && is_tovpn_sid_explicit)) {
+		zlog_err("%s: more than one mode selected among index-mode, auto-mode and explicit-mode. ignored.",
 			 __func__);
 		return;
 	}
 
-	if (!tovpn_sid_auto) {
+	/* skip when sid value isn't set for explicit-mode */
+	if (is_tovpn_sid_explicit && !bgp_vrf->tovpn_sid_explicit) {
+		zlog_err("%s: explicit-mode seleted without sid value.", __func__);
+		return;
+	}
+
+	if (!tovpn_sid_auto && !is_tovpn_sid_explicit) {
 		if (!srv6_sid_compose(&tovpn_sid, bgp_vpn->srv6_locator,
 				      bgp_vrf->tovpn_sid_index)) {
 			zlog_err("%s: failed to compose new sid for vrf %s",
 				 __func__, bgp_vrf->name_pretty);
 			return;
 		}
+	} else if (is_tovpn_sid_explicit) {
+		tovpn_sid = *(bgp_vrf->tovpn_sid_explicit);
 	}
 
 	ctx.vrf_id = bgp_vrf->vrf_id;
@@ -916,7 +931,8 @@ void ensure_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
 
 	/* per-vrf sid */
 	if (bgp_vrf->tovpn_sid_index != 0 ||
-	    CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))
+	    CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO) ||
+	    CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT))
 		return ensure_vrf_tovpn_sid_per_vrf(bgp_vpn, bgp_vrf);
 }
 
@@ -967,6 +983,7 @@ void delete_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
 	int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
 	uint32_t tovpn_sid_index = 0;
 	bool tovpn_sid_auto = false;
+	bool is_tovpn_sid_explicit = false;
 	struct srv6_sid_ctx ctx = {};
 
 	if (debug)
@@ -976,9 +993,10 @@ void delete_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
 	tovpn_sid_index = bgp_vrf->tovpn_sid_index;
 	tovpn_sid_auto =
 		CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VPN_POLICY_TOVPN_SID_AUTO);
+	is_tovpn_sid_explicit = CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT);
 
 	/* skip when VPN is configured on vrf-instance */
-	if (tovpn_sid_index != 0 || tovpn_sid_auto)
+	if (tovpn_sid_index != 0 || tovpn_sid_auto || is_tovpn_sid_explicit)
 		return;
 
 	if (bgp_vrf->vrf_id == VRF_UNKNOWN) {
@@ -999,6 +1017,9 @@ void delete_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
 		sid_unregister(bgp_vpn, bgp_vrf->tovpn_sid);
 		XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->tovpn_sid);
 	}
+	if (bgp_vrf->tovpn_sid_explicit) {
+		XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->tovpn_sid_explicit);
+	}
 	bgp_vrf->tovpn_sid_transpose_label = 0;
 }
 

bgpd/bgp_mplsvpn.h

@@ -278,13 +278,14 @@ static inline void vpn_leak_postchange(enum vpn_policy_direction direction,
 		}
 
 		if (bgp_vrf->vpn_policy[afi].tovpn_sid_index == 0 &&
-		    !CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
-				BGP_VPN_POLICY_TOVPN_SID_AUTO) &&
+		    !CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags, BGP_VPN_POLICY_TOVPN_SID_AUTO) &&
 		    bgp_vrf->tovpn_sid_index == 0 &&
-		    !CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))
+		    !CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO) &&
+		    !CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT))
 			delete_vrf_tovpn_sid(bgp_vpn, bgp_vrf, afi);
 
-		if (!bgp_vrf->vpn_policy[afi].tovpn_sid && !bgp_vrf->tovpn_sid)
+		if (CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT) ||
+		    (!bgp_vrf->vpn_policy[afi].tovpn_sid && !bgp_vrf->tovpn_sid))
 			ensure_vrf_tovpn_sid(bgp_vpn, bgp_vrf, afi);
 
 		if ((!bgp_vrf->vpn_policy[afi].tovpn_sid &&
@@ -366,6 +367,7 @@ static inline bool is_pi_srv6_valid(struct bgp_path_info *pi, struct bgp *bgp_ne
 
 	if (bgp_nexthop->tovpn_sid_index == 0 &&
 	    !CHECK_FLAG(bgp_nexthop->vrf_flags, BGP_VRF_TOVPN_SID_AUTO) &&
+	    !CHECK_FLAG(bgp_nexthop->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT) &&
 	    bgp_nexthop->vpn_policy[afi].tovpn_sid_index == 0 &&
 	    !CHECK_FLAG(bgp_nexthop->vpn_policy[afi].flags, BGP_VPN_POLICY_TOVPN_SID_AUTO))
 		return false;

bgpd/bgp_vty.c

@@ -10157,31 +10157,37 @@ DEFPY (af_sid_vpn_export,
 
 DEFPY (bgp_sid_vpn_export,
        bgp_sid_vpn_export_cmd,
-       "[no] sid vpn per-vrf export <(1-1048575)$sid_idx|auto$sid_auto>",
+       "[no] sid vpn per-vrf export <(1-1048575)$sid_idx|auto$sid_auto|explicit$sid_explicit X:X::X:X$sid_value>",
        NO_STR
        "sid value for VRF\n"
        "Between current vrf and vpn\n"
        "sid per-VRF (both IPv4 and IPv6 address families)\n"
        "For routes leaked from current vrf to vpn\n"
        "Sid allocation index\n"
-       "Automatically assign a label\n")
+       "Automatically assign a label\n"
+       "Explicitly assign a sid value\n"
+       "Sid value\n")
 {
 	VTY_DECLVAR_CONTEXT(bgp, bgp);
 	int debug;
+	struct in6_addr *tovpn_sid_explicit = NULL;
 
 	debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
 		 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
 
 	if (no) {
 		/* when per-VRF SID is not set, do nothing */
 		if (bgp->tovpn_sid_index == 0 &&
-		    !CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))
+		    !CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO) &&
+		    !CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT))
 			return CMD_SUCCESS;
 
 		sid_idx = 0;
 		sid_auto = false;
+		sid_explicit = false;
 		bgp->tovpn_sid_index = 0;
 		UNSET_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO);
+		UNSET_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT);
 	}
 
 	if (bgp->vpn_policy[AFI_IP].tovpn_sid_index != 0 ||
@@ -10198,18 +10204,28 @@ DEFPY (bgp_sid_vpn_export,
 
 	/* skip when it's already configured */
 	if ((sid_idx != 0 && bgp->tovpn_sid_index != 0) ||
-	    (sid_auto && CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO)))
+	    (sid_auto && CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO)) ||
+	    (sid_explicit && CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT)))
 		return CMD_SUCCESS;
 
 	/*
-	 * mode change between sid_idx and sid_auto isn't supported.
+	 * mode change among sid_idx, sid_auto and sid_explicit isn't supported.
 	 * user must negate sid vpn export when they want to change the mode
 	 */
 	if ((sid_auto && bgp->tovpn_sid_index != 0) ||
-	    (sid_idx != 0 &&
-	     CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))) {
-		vty_out(vty, "it's already configured as %s.\n",
-			sid_auto ? "auto-mode" : "idx-mode");
+	    (sid_auto && CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT)) ||
+	    (sid_idx != 0 && CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO)) ||
+	    (sid_idx != 0 && CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT)) ||
+	    (sid_explicit && bgp->tovpn_sid_index != 0) ||
+	    (sid_explicit && CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))) {
+		vty_out(vty, "it's already configured as ");
+		if (CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))
+			vty_out(vty, "auto-mode.\n");
+		else if (CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT))
+			vty_out(vty, "explicit-mode.\n");
+		else if (sid_idx != 0)
+			vty_out(vty, "idx-mode.\n");
+
 		return CMD_WARNING_CONFIG_FAILED;
 	}
 
@@ -10230,6 +10246,15 @@ DEFPY (bgp_sid_vpn_export,
 			zlog_debug("%s: idx %ld per-vrf sid alloc.", __func__,
 				   sid_idx);
 		bgp->tovpn_sid_index = sid_idx;
+	} else if (sid_explicit) {
+		/* SID allocation explicit-mode */
+		tovpn_sid_explicit = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
+		memcpy(tovpn_sid_explicit, &sid_value, sizeof(struct in6_addr));
+		bgp->tovpn_sid_explicit = tovpn_sid_explicit;
+
+		if (debug)
+			zlog_debug("%s: explicit per-vrf sid alloc.", __func__);
+		SET_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT);
 	}
 
 	/* post-change */
@@ -20032,6 +20057,9 @@ int bgp_config_write(struct vty *vty)
 		tovpn_sid_index = bgp->tovpn_sid_index;
 		if (CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_AUTO)) {
 			vty_out(vty, " sid vpn per-vrf export auto\n");
+		} else if (CHECK_FLAG(bgp->vrf_flags, BGP_VRF_TOVPN_SID_EXPLICIT)) {
+			vty_out(vty, " sid vpn per-vrf export explicit %pI6\n",
+				bgp->tovpn_sid_explicit);
 		} else if (tovpn_sid_index != 0) {
 			vty_out(vty, " sid vpn per-vrf export %d\n",
 				tovpn_sid_index);

bgpd/bgpd.c

@@ -1534,6 +1534,9 @@ static void bgp_srv6_cleanup(struct bgp *bgp)
 		sid_unregister(bgp, bgp->tovpn_sid);
 		XFREE(MTYPE_BGP_SRV6_SID, bgp->tovpn_sid);
 	}
+	if (bgp->tovpn_sid_explicit != NULL) {
+		XFREE(MTYPE_BGP_SRV6_SID, bgp->tovpn_sid_explicit);
+	}
 
 	if (bgp->srv6_locator_chunks)
 		list_delete(&bgp->srv6_locator_chunks);

bgpd/bgpd.h

@@ -907,6 +907,7 @@ struct bgp {
 #define BGP_VRF_L3VNI_PREFIX_ROUTES_ONLY    (1 << 6)
 /* per-VRF toVPN SID */
 #define BGP_VRF_TOVPN_SID_AUTO              (1 << 7)
+#define BGP_VRF_TOVPN_SID_EXPLICIT	    (1 << 8)
 
 	/* unique ID for auto derivation of RD for this vrf */
 	uint16_t vrf_rd_id;
@@ -961,6 +962,7 @@ struct bgp {
 	struct list *srv6_functions;
 	uint32_t tovpn_sid_index; /* unset => set to 0 */
 	struct in6_addr *tovpn_sid;
+	struct in6_addr *tovpn_sid_explicit;
 	struct srv6_locator *tovpn_sid_locator;
 	uint32_t tovpn_sid_transpose_label;
 	struct in6_addr *tovpn_zebra_vrf_sid_last_sent;

doc/user/bgp.rst

@@ -3427,16 +3427,19 @@ General configuration
 Configuration of the SRv6 SID used to advertise a L3VPN for both IPv4 and IPv6
 is accomplished via the following command in the context of a VRF:
 
-.. clicmd:: sid vpn per-vrf export (1..1048575)|auto
+.. clicmd:: sid vpn per-vrf export <(1..1048575)|auto|explicit X:X::X:X>
 
    Enables a SRv6 SID to be attached to a route exported from the current
    unicast VRF to VPN. A single SID is used for both IPv4 and IPv6 address
    families. If you want to set a SID for only IPv4 address family or IPv6
-   address family, you need to use the command ``sid vpn export (1..1048575)|auto``
+   address family, you need to use the command ``sid vpn export <(1..1048575)|auto|explicit X:X::X:X>``
    in the context of an address-family. If the value specified is ``auto``,
    the SID value is automatically assigned from a pool maintained by the Zebra
-   daemon. If Zebra is not running, or if this command is not configured, automatic
-   SID assignment will not complete, which will block corresponding route export.
+   daemon. If the value specified is ``explicit X:X::X:X``, SID allocation
+   with the explicit value is requested from the Zebra daemon.
+   If Zebra is not running, or if this command is not configured, or if SID
+   allocation is failed, automatic or explicit SID assignment will not complete,
+   which will block corresponding route export.
 
 .. _bgp-evpn:
 

tests/topotests/bgp_srv6_sid_explicit/__init__.py

@@ -0,0 +1,18 @@
+frr version 8.2.2-my-manual-build
+frr defaults traditional
+hostname c11
+!
+ip route 0.0.0.0/0 192.168.1.254
+ipv6 route ::/0 2001:1::ffff
+!
+interface eth10
+ ip address 192.168.1.1/24
+ ipv6 address 2001:1::1/64
+exit
+!
+segment-routing
+ traffic-eng
+ exit
+ srv6
+exit
+!

tests/topotests/bgp_srv6_sid_explicit/c11/frr.conf

@@ -0,0 +1,35 @@
+frr version 8.2.2-my-manual-build
+frr defaults traditional
+hostname c12
+log stdout
+!
+ip route 0.0.0.0/0 192.168.1.254
+ipv6 route ::/0 2001:1::ffff
+!
+interface ce2-eth0
+ ip address 162.0.1.2/24
+exit
+!
+interface eth10
+ ip address 192.168.1.1/24
+ ipv6 address 2001:1::1/64
+exit
+!
+interface lo
+ ip address 2.2.2.2/32
+exit
+!
+router bgp 300
+ neighbor 162.0.1.1 remote-as 200
+ !
+ address-family ipv4 unicast
+  network 2.2.2.2/32
+ exit-address-family
+exit
+!
+segment-routing
+ traffic-eng
+ exit
+ srv6
+exit
+!

tests/topotests/bgp_srv6_sid_explicit/c12/frr.conf

@@ -0,0 +1,19 @@
+frr version 10.3-dev-my-manual-build
+frr defaults traditional
+hostname c21
+no ipv6 forwarding
+!
+ip route 0.0.0.0/0 192.168.2.254
+ip route 192.168.0.0/16 192.168.2.254
+ipv6 route ::/0 2001:2::ffff
+!
+interface eth10
+ ip address 192.168.2.1/24
+ ipv6 address 2001:2::1/64
+exit
+!
+segment-routing
+ traffic-eng
+ exit
+exit
+!

tests/topotests/bgp_srv6_sid_explicit/c21/frr.conf

@@ -0,0 +1,19 @@
+frr version 10.3-dev-my-manual-build
+frr defaults traditional
+hostname c22
+no ipv6 forwarding
+!
+ip route 0.0.0.0/0 192.168.2.254
+ip route 192.168.0.0/16 192.168.2.254
+ipv6 route ::/0 2001:2::ffff
+!
+interface eth10
+ ip address 192.168.2.1/24
+ ipv6 address 2001:2::1/64
+exit
+!
+segment-routing
+ traffic-eng
+ exit
+exit
+!