summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-16 09:36:18 +0100
committerGitHub <noreply@github.com>2024-02-16 09:36:18 +0100
commit8c860fa7c423cc2bd72f9e71a5f8c52f43e02dfa (patch)
tree4d0c0d0e7517c7cef73134771336672e3c3bcee7
parent2ff7d80f44aa1bc8429b18417cd63eb6f7105eef (diff)
parent0fafc4bcdb9efc03796ddab0832471b11ba1bbe0 (diff)
downloadvyos-1x-8c860fa7c423cc2bd72f9e71a5f8c52f43e02dfa.tar.gz
vyos-1x-8c860fa7c423cc2bd72f9e71a5f8c52f43e02dfa.zip
Merge pull request #3016 from c-po/nht
T6001: add option to disable next-hop-tracking resolve-via-default
-rw-r--r--data/templates/frr/zebra.route-map.frr.j25
-rw-r--r--data/templates/frr/zebra.vrf.route-map.frr.j26
-rw-r--r--interface-definitions/include/system-ip-nht.xml.i15
-rw-r--r--interface-definitions/system_ip.xml.in1
-rw-r--r--interface-definitions/system_ipv6.xml.in1
-rw-r--r--interface-definitions/vrf.xml.in2
-rw-r--r--smoketest/configs/egp-igp-route-maps (renamed from smoketest/configs/egb-igp-route-maps)0
-rwxr-xr-xsmoketest/scripts/cli/test_system_ip.py15
-rwxr-xr-xsmoketest/scripts/cli/test_system_ipv6.py15
-rwxr-xr-xsmoketest/scripts/cli/test_vrf.py35
-rwxr-xr-xsrc/conf_mode/system_ip.py1
-rwxr-xr-xsrc/conf_mode/system_ipv6.py1
12 files changed, 94 insertions, 3 deletions
diff --git a/data/templates/frr/zebra.route-map.frr.j2 b/data/templates/frr/zebra.route-map.frr.j2
index 8e18abbde..669d58354 100644
--- a/data/templates/frr/zebra.route-map.frr.j2
+++ b/data/templates/frr/zebra.route-map.frr.j2
@@ -1,4 +1,8 @@
!
+{% if nht.no_resolve_via_default is vyos_defined %}
+no {{ afi }} nht resolve-via-default
+{% endif %}
+!
{% if protocol is vyos_defined %}
{% for protocol_name, protocol_config in protocol.items() %}
{% if protocol_name is vyos_defined('ospfv3') %}
@@ -7,3 +11,4 @@
{{ afi }} protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
{% endfor %}
{% endif %}
+!
diff --git a/data/templates/frr/zebra.vrf.route-map.frr.j2 b/data/templates/frr/zebra.vrf.route-map.frr.j2
index 4e1206374..f1cc6fe66 100644
--- a/data/templates/frr/zebra.vrf.route-map.frr.j2
+++ b/data/templates/frr/zebra.vrf.route-map.frr.j2
@@ -6,6 +6,12 @@
{% continue %}
{% endif %}
vrf {{ vrf }}
+{% if vrf_config.ip.nht.no_resolve_via_default is vyos_defined %}
+ no ip nht resolve-via-default
+{% endif %}
+{% if vrf_config.ipv6.nht.no_resolve_via_default is vyos_defined %}
+ no ipv6 nht resolve-via-default
+{% endif %}
{% if vrf_config.ip.protocol is vyos_defined %}
{% for protocol_name, protocol_config in vrf_config.ip.protocol.items() %}
ip protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
diff --git a/interface-definitions/include/system-ip-nht.xml.i b/interface-definitions/include/system-ip-nht.xml.i
new file mode 100644
index 000000000..4074043cd
--- /dev/null
+++ b/interface-definitions/include/system-ip-nht.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from syslog-facility.xml.i -->
+<node name="nht">
+ <properties>
+ <help>Filter Next Hop tracking route resolution</help>
+ </properties>
+ <children>
+ <leafNode name="no-resolve-via-default">
+ <properties>
+ <help>Do not resolve via default route</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/system_ip.xml.in b/interface-definitions/system_ip.xml.in
index 6e3b7d5d0..015eb270f 100644
--- a/interface-definitions/system_ip.xml.in
+++ b/interface-definitions/system_ip.xml.in
@@ -48,6 +48,7 @@
</leafNode>
</children>
</node>
+ #include <include/system-ip-nht.xml.i>
<node name="tcp">
<properties>
<help>IPv4 TCP parameters</help>
diff --git a/interface-definitions/system_ipv6.xml.in b/interface-definitions/system_ipv6.xml.in
index 8957cb6a7..dda00af38 100644
--- a/interface-definitions/system_ipv6.xml.in
+++ b/interface-definitions/system_ipv6.xml.in
@@ -36,6 +36,7 @@
#include <include/arp-ndp-table-size.xml.i>
</children>
</node>
+ #include <include/system-ip-nht.xml.i>
#include <include/system-ipv6-protocol.xml.i>
<leafNode name="strict-dad">
<properties>
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index e5ec539d3..25f26d0cc 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -34,6 +34,7 @@
</properties>
<children>
#include <include/interface/disable-forwarding.xml.i>
+ #include <include/system-ip-nht.xml.i>
#include <include/system-ip-protocol.xml.i>
</children>
</node>
@@ -43,6 +44,7 @@
</properties>
<children>
#include <include/interface/disable-forwarding.xml.i>
+ #include <include/system-ip-nht.xml.i>
#include <include/system-ipv6-protocol.xml.i>
</children>
</node>
diff --git a/smoketest/configs/egb-igp-route-maps b/smoketest/configs/egp-igp-route-maps
index ca36691d4..ca36691d4 100644
--- a/smoketest/configs/egb-igp-route-maps
+++ b/smoketest/configs/egp-igp-route-maps
diff --git a/smoketest/scripts/cli/test_system_ip.py b/smoketest/scripts/cli/test_system_ip.py
index 567416774..ac8b74236 100755
--- a/smoketest/scripts/cli/test_system_ip.py
+++ b/smoketest/scripts/cli/test_system_ip.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -120,5 +120,18 @@ class TestSystemIP(VyOSUnitTestSHIM.TestCase):
# Commit again
self.cli_commit()
+ def test_system_ip_nht(self):
+ self.cli_set(base_path + ['nht', 'no-resolve-via-default'])
+ self.cli_commit()
+ # Verify CLI config applied to FRR
+ frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+ self.assertIn(f'no ip nht resolve-via-default', frrconfig)
+
+ self.cli_delete(base_path + ['nht', 'no-resolve-via-default'])
+ self.cli_commit()
+ # Verify CLI config removed to FRR
+ frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+ self.assertNotIn(f'no ip nht resolve-via-default', frrconfig)
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_system_ipv6.py b/smoketest/scripts/cli/test_system_ipv6.py
index 225c2d666..bc0f7aa8c 100755
--- a/smoketest/scripts/cli/test_system_ipv6.py
+++ b/smoketest/scripts/cli/test_system_ipv6.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021-2023 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -131,5 +131,18 @@ class TestSystemIPv6(VyOSUnitTestSHIM.TestCase):
# Commit again
self.cli_commit()
+ def test_system_ipv6_nht(self):
+ self.cli_set(base_path + ['nht', 'no-resolve-via-default'])
+ self.cli_commit()
+ # Verify CLI config applied to FRR
+ frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+ self.assertIn(f'no ipv6 nht resolve-via-default', frrconfig)
+
+ self.cli_delete(base_path + ['nht', 'no-resolve-via-default'])
+ self.cli_commit()
+ # Verify CLI config removed to FRR
+ frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+ self.assertNotIn(f'no ipv6 nht resolve-via-default', frrconfig)
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py
index a3090ee41..438387f2d 100755
--- a/smoketest/scripts/cli/test_vrf.py
+++ b/smoketest/scripts/cli/test_vrf.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -495,6 +495,39 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):
frrconfig = self.getFRRconfig(f'vrf {vrf}')
self.assertNotIn('vni', frrconfig)
+ def test_vrf_ip_ipv6_nht(self):
+ table = '6910'
+
+ for vrf in vrfs:
+ base = base_path + ['name', vrf]
+ self.cli_set(base + ['table', table])
+ self.cli_set(base + ['ip', 'nht', 'no-resolve-via-default'])
+ self.cli_set(base + ['ipv6', 'nht', 'no-resolve-via-default'])
+
+ table = str(int(table) + 1)
+
+ self.cli_commit()
+
+ # Verify route-map properly applied to FRR
+ for vrf in vrfs:
+ frrconfig = self.getFRRconfig(f'vrf {vrf}', daemon='zebra')
+ self.assertIn(f'vrf {vrf}', frrconfig)
+ self.assertIn(f' no ip nht resolve-via-default', frrconfig)
+ self.assertIn(f' no ipv6 nht resolve-via-default', frrconfig)
+
+ # Delete route-maps
+ for vrf in vrfs:
+ base = base_path + ['name', vrf]
+ self.cli_delete(base + ['ip'])
+ self.cli_delete(base + ['ipv6'])
+
+ self.cli_commit()
+
+ # Verify route-map properly is removed from FRR
+ for vrf in vrfs:
+ frrconfig = self.getFRRconfig(f'vrf {vrf}', daemon='zebra')
+ self.assertNotIn(f' no ip nht resolve-via-default', frrconfig)
+ self.assertNotIn(f' no ipv6 nht resolve-via-default', frrconfig)
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/conf_mode/system_ip.py b/src/conf_mode/system_ip.py
index 7612e2c0d..833f89554 100755
--- a/src/conf_mode/system_ip.py
+++ b/src/conf_mode/system_ip.py
@@ -127,6 +127,7 @@ def apply(opt):
# The route-map used for the FIB (zebra) is part of the zebra daemon
frr_cfg.load_configuration(zebra_daemon)
+ frr_cfg.modify_section(r'no ip nht resolve-via-default')
frr_cfg.modify_section(r'ip protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
if 'frr_zebra_config' in opt:
frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
diff --git a/src/conf_mode/system_ipv6.py b/src/conf_mode/system_ipv6.py
index 90a1a8087..00d440e35 100755
--- a/src/conf_mode/system_ipv6.py
+++ b/src/conf_mode/system_ipv6.py
@@ -104,6 +104,7 @@ def apply(opt):
# The route-map used for the FIB (zebra) is part of the zebra daemon
frr_cfg.load_configuration(zebra_daemon)
+ frr_cfg.modify_section(r'no ipv6 nht resolve-via-default')
frr_cfg.modify_section(r'ipv6 protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
if 'frr_zebra_config' in opt:
frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])