From 3f4de1390d6459cdd17dd1b6f22b1a3aec002671 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 8 Apr 2023 22:09:04 +0200 Subject: T5150: initial implementation of new Kernel/Zebra route-map support It is possible to install a route-map which filters the routes between routing daemons and the OS kernel (zebra) As of now this can be done by e.g. * set protocols ospf route-map foo * set protocols ospfv3 route-map foo * set protocols bgp route-map foo Which in turn will install the following lines into FRR * ip protocol ospf route-map foo * ipv6 protocol ospf6 route-map foo * ip protocol bgp route-map foo The current state of the VyOS CLI is incomplete as there is no way to: * Install a filter for BGP IPv6 routes * Install a filter for static routes * Install a filter for connected routes Thus the CLI should be redesigned to close match what FRR does for both the default and any other VRF * set system ip protocol ospf route-map foo * set system ipv6 protocol ospfv3 route-map foo * set system ip protocol bgp route-map foo * set system ipv6 protocol bgp route-map foo The configuration can be migrated accordingly. This commit does not come with the migrator, it will be comitted later. --- .../include/system-ip-protocol.xml.i | 56 ++++++++++++++++++++++ .../include/system-ipv6-protocol.xml.i | 52 ++++++++++++++++++++ interface-definitions/system-ip.xml.in | 1 + interface-definitions/system-ipv6.xml.in | 1 + interface-definitions/vrf.xml.in | 2 + 5 files changed, 112 insertions(+) create mode 100644 interface-definitions/include/system-ip-protocol.xml.i create mode 100644 interface-definitions/include/system-ipv6-protocol.xml.i (limited to 'interface-definitions') diff --git a/interface-definitions/include/system-ip-protocol.xml.i b/interface-definitions/include/system-ip-protocol.xml.i new file mode 100644 index 000000000..c630eb3f7 --- /dev/null +++ b/interface-definitions/include/system-ip-protocol.xml.i @@ -0,0 +1,56 @@ + + + + Filter routing info exchanged between routing protocol and zebra + + any babel bgp connected eigrp isis kernel ospf rip static table + + + any + Any of the above protocols + + + babel + Babel routing protocol + + + bgp + Border Gateway Protocol + + + connected + Connected routes (directly attached subnet or host) + + + eigrp + Enhanced Interior Gateway Routing Protocol + + + isis + Intermediate System to Intermediate System + + + kernel + Kernel routes (not installed via the zebra RIB) + + + ospf + Open Shortest Path First (OSPFv2) + + + rip + Routing Information Protocol + + + static + Statically configured routes + + + (any|babel|bgp|connected|eigrp|isis|kernel|ospf|rip|static|table) + + + + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/system-ipv6-protocol.xml.i b/interface-definitions/include/system-ipv6-protocol.xml.i new file mode 100644 index 000000000..485776a71 --- /dev/null +++ b/interface-definitions/include/system-ipv6-protocol.xml.i @@ -0,0 +1,52 @@ + + + + Filter routing info exchanged between routing protocol and zebra + + any babel bgp connected isis kernel ospfv3 ripng static table + + + any + Any of the above protocols + + + babel + Babel routing protocol + + + bgp + Border Gateway Protocol + + + connected + Connected routes (directly attached subnet or host) + + + isis + Intermediate System to Intermediate System + + + kernel + Kernel routes (not installed via the zebra RIB) + + + ospfv3 + Open Shortest Path First (OSPFv3) + + + ripng + Routing Information Protocol next-generation + + + static + Statically configured routes + + + (any|babel|bgp|connected|isis|kernel|ospfv3|ripng|static|table) + + + + #include + + + diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in index e00dbf252..abdede979 100644 --- a/interface-definitions/system-ip.xml.in +++ b/interface-definitions/system-ip.xml.in @@ -48,6 +48,7 @@ + #include diff --git a/interface-definitions/system-ipv6.xml.in b/interface-definitions/system-ipv6.xml.in index 63260d00c..e17e1c01c 100644 --- a/interface-definitions/system-ipv6.xml.in +++ b/interface-definitions/system-ipv6.xml.in @@ -36,6 +36,7 @@ #include + #include Disable IPv6 operation on interface when DAD fails on LL addr diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 96c6d8be2..028b31f7b 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -34,6 +34,7 @@ #include + #include @@ -42,6 +43,7 @@ #include + #include -- cgit v1.2.3