From 1d4b567b219678cafebfa0117be6779de30f9017 Mon Sep 17 00:00:00 2001
From: Andreas <vyos-git@justsecure.de>
Date: Wed, 29 Dec 2021 18:02:06 +0100
Subject: vxlan: T4120: add ability to set multiple remotes (PR #1127)

VXLAN does support using multiple remotes but VyOS does not. Add the ability
to set multiple remotes and add their flood lists using "bridge" command.

(cherry picked from commit 0ecddff7cffa8900d351d5c15e32420f9d780c0b)
---
 .../include/interface/tunnel-remotes.xml.i         | 19 ++++++++++++
 interface-definitions/include/tunnel-remote.xml.i  |  2 +-
 interface-definitions/interfaces-vxlan.xml.in      |  2 +-
 python/vyos/ifconfig/vxlan.py                      |  7 +++++
 smoketest/scripts/cli/test_interfaces_vxlan.py     |  2 ++
 src/conf_mode/interfaces-vxlan.py                  | 34 ++++++++++++++++++++++
 6 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 interface-definitions/include/interface/tunnel-remotes.xml.i

diff --git a/interface-definitions/include/interface/tunnel-remotes.xml.i b/interface-definitions/include/interface/tunnel-remotes.xml.i
new file mode 100644
index 000000000..ae8481898
--- /dev/null
+++ b/interface-definitions/include/interface/tunnel-remotes.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from interface/tunnel-remotes.xml.i -->
+<leafNode name="remote">
+  <properties>
+    <help>Tunnel remote address</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Tunnel remote IPv4 address</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>Tunnel remote IPv6 address</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-address"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/tunnel-remote.xml.i b/interface-definitions/include/tunnel-remote.xml.i
index 324d100d4..2a8891b85 100644
--- a/interface-definitions/include/tunnel-remote.xml.i
+++ b/interface-definitions/include/tunnel-remote.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from tunnel-remote.xml.i -->
+<!-- include start from interface/tunnel-remote.xml.i -->
 <leafNode name="remote">
   <properties>
     <help>Tunnel remote address</help>
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 6dcc3f5a0..a676a274e 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -59,7 +59,7 @@
           </leafNode>
           #include <include/source-address-ipv4-ipv6.xml.i>
           #include <include/source-interface.xml.i>
-          #include <include/tunnel-remote.xml.i>
+          #include <include/interface/tunnel-remotes.xml.i>
           <leafNode name="vni">
             <properties>
               <help>Virtual Network Identifier</help>
diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py
index d73fb47b8..93d5b20c8 100644
--- a/python/vyos/ifconfig/vxlan.py
+++ b/python/vyos/ifconfig/vxlan.py
@@ -79,3 +79,10 @@ class VXLANIf(Interface):
         self._cmd(cmd.format(**self.config))
         # interface is always A/D down. It needs to be enabled explicitly
         self.set_admin_state('down')
+
+        other_remotes = self.config.get('other_remotes')
+        if other_remotes:
+            for rem in other_remotes:
+                self.config['rem'] = rem
+                cmd2 = 'bridge fdb append to 00:00:00:00:00:00 dst {rem} port {port} dev {ifname}'
+                self._cmd(cmd2.format(**self.config))
diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py
index 184b411d7..673041bd1 100755
--- a/smoketest/scripts/cli/test_interfaces_vxlan.py
+++ b/smoketest/scripts/cli/test_interfaces_vxlan.py
@@ -32,6 +32,8 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
             'vxlan10': ['vni 10', 'remote 127.0.0.2'],
             'vxlan20': ['vni 20', 'group 239.1.1.1', 'source-interface eth0'],
             'vxlan30': ['vni 30', 'remote 2001:db8:2000::1', 'source-address 2001:db8:1000::1'],
+            'vxlan40': ['vni 40', 'remote 127.0.0.2', 'remote 127.0.0.3'],
+            'vxlan50': ['vni 50', 'remote 2001:db8:2000::1', 'remote 2001:db8:2000::2', 'parameters ipv6 flowlabel 0x1000'],
         }
         cls._interfaces = list(cls._options)
         # call base-classes classmethod
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index c035557f0..ee8f26d21 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -44,6 +44,13 @@ def get_config(config=None):
     base = ['interfaces', 'vxlan']
     vxlan = get_interface_dict(conf, base)
 
+    # leave first remote in dict and put the other ones (if they exists) to "other_remotes"
+    remotes = vxlan.get('remote')
+    if remotes:
+        vxlan['remote'] = remotes[0]
+        if len(remotes) > 1:
+            del remotes[0]
+            vxlan['other_remotes'] = remotes
     return vxlan
 
 def verify(vxlan):
@@ -81,6 +88,33 @@ def verify(vxlan):
             raise ConfigError(f'Underlaying device MTU is to small ({lower_mtu} '\
                               f'bytes) for VXLAN overhead ({vxlan_overhead} bytes!)')
 
+    # Check for mixed IPv4 and IPv6 addresses
+    protocol = None
+    if 'source_address' in vxlan:
+        if is_ipv6(vxlan['source_address']):
+            protocol = 'ipv6'
+        else:
+            protocol = 'ipv4'
+    if 'remote' in vxlan:
+        if is_ipv6(vxlan['remote']):
+            if protocol == 'ipv4':
+                raise ConfigError('IPv4 and IPV6 cannot be mixed')
+            protocol = 'ipv6'
+        else:
+            if protocol == 'ipv6':
+                raise ConfigError('IPv4 and IPV6 cannot be mixed')
+            protocol = 'ipv4'
+    if 'other_remotes' in vxlan:
+        for rem in vxlan['other_remotes']:
+            if is_ipv6(rem):
+                if protocol == 'ipv4':
+                    raise ConfigError('IPv4 and IPV6 cannot be mixed')
+                protocol = 'ipv6'
+            else:
+                if protocol == 'ipv6':
+                    raise ConfigError('IPv4 and IPV6 cannot be mixed')
+                protocol = 'ipv4'
+
     verify_mtu_ipv6(vxlan)
     verify_address(vxlan)
     return None
-- 
cgit v1.2.3