diff options
author | Christian Breunig <christian@breunig.cc> | 2023-04-26 07:04:49 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-04-26 18:59:07 +0200 |
commit | 71e45dd1c4738b3aa72d2d10b73929bf9b14e41e (patch) | |
tree | 893c9b390927d17eaefe1a154e5175d989c6a5c1 /src | |
parent | 930f76cf88a4175d485bc4e2df4c149ea547b380 (diff) | |
download | vyos-1x-71e45dd1c4738b3aa72d2d10b73929bf9b14e41e.tar.gz vyos-1x-71e45dd1c4738b3aa72d2d10b73929bf9b14e41e.zip |
vrf: T5174: ensure no duplicate VNIs can be defined
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/vrf.py | 14 | ||||
-rw-r--r-- | src/conf_mode/vrf_vni.py | 28 |
2 files changed, 33 insertions, 9 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index a7ef4cb5c..0b983293e 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -108,6 +108,12 @@ def get_config(config=None): # vyos.configverify.verify_common_route_maps() for more information. tmp = {'policy' : {'route-map' : conf.get_config_dict(['policy', 'route-map'], get_first_key=True)}} + + # L3VNI setup is done via vrf_vni.py as it must be de-configured (on node + # deletetion prior to the BGP process. Tell the Jinja2 template no VNI + # setup is needed + vrf.update({'no_vni' : ''}) + # Merge policy dict into "regular" config dict vrf = dict_merge(tmp, vrf) return vrf @@ -124,8 +130,8 @@ def verify(vrf): f'static routes installed!') if 'name' in vrf: - reserved_names = ["add", "all", "broadcast", "default", "delete", "dev", "get", "inet", "mtu", "link", "type", - "vrf"] + reserved_names = ["add", "all", "broadcast", "default", "delete", "dev", + "get", "inet", "mtu", "link", "type", "vrf"] table_ids = [] for name, vrf_config in vrf['name'].items(): # Reserved VRF names @@ -142,8 +148,8 @@ def verify(vrf): if tmp and tmp != vrf_config['table']: raise ConfigError(f'VRF "{name}" table id modification not possible!') - # VRf routing table ID must be unique on the system - if vrf_config['table'] in table_ids: + # VRF routing table ID must be unique on the system + if 'table' in vrf_config and vrf_config['table'] in table_ids: raise ConfigError(f'VRF "{name}" table id is not unique!') table_ids.append(vrf_config['table']) diff --git a/src/conf_mode/vrf_vni.py b/src/conf_mode/vrf_vni.py index 87d7798b8..a7424b517 100644 --- a/src/conf_mode/vrf_vni.py +++ b/src/conf_mode/vrf_vni.py @@ -19,6 +19,7 @@ from sys import exit from vyos.config import Config from vyos.template import render_to_string +from vyos.util import dict_search from vyos import ConfigError from vyos import frr from vyos import airbag @@ -36,11 +37,19 @@ def get_config(config=None): else: return None - base = ['vrf', 'name', vrf_name] - tmp = conf.get_config_dict(base, key_mangling=('-', '_'), - no_tag_node_value_mangle=True, get_first_key=True) + # Using duplicate L3VNIs makes no sense - it's also forbidden in FRR, + # thus VyOS CLI must deny this, too. Instead of getting only the dict for + # the requested VRF and den comparing it with depenent VRfs to not have any + # duplicate we will just grad ALL VRFs by default but only render/apply + # the configuration for the requested VRF - that makes the code easier and + # hopefully less error prone + vrf = conf.get_config_dict(['vrf'], key_mangling=('-', '_'), + no_tag_node_value_mangle=True, + get_first_key=True) + + # Store name of VRF we are interested in for FRR config rendering + vrf.update({'only_vrf' : vrf_name}) - vrf = {'name': {vrf_name: tmp}} return vrf def verify(vrf): @@ -50,6 +59,15 @@ def verify(vrf): if len(argv) < 2: raise ConfigError('VRF parameter not specified when valling vrf_vni.py') + if 'name' in vrf: + vni_ids = [] + for name, vrf_config in vrf['name'].items(): + # VRF VNI (Virtual Network Identifier) must be unique on the system + if 'vni' in vrf_config: + if vrf_config['vni'] in vni_ids: + raise ConfigError(f'VRF "{name}" VNI is not unique!') + vni_ids.append(vrf_config['vni']) + return None def generate(vrf): @@ -67,7 +85,7 @@ def apply(vrf): frr_cfg.load_configuration(frr_daemon) # There is only one VRF inside the dict as we read only one in get_config() if vrf and 'name' in vrf: - vrf_name = next(iter(vrf['name'])) + vrf_name = vrf['only_vrf'] frr_cfg.modify_section(f'^vrf {vrf_name}', stop_pattern='^exit-vrf', remove_stop_mark=True) if vrf and 'new_frr_config' in vrf: frr_cfg.add_before(frr.default_add_before, vrf['new_frr_config']) |