Netns Support / VRF/NS/ogical router rework, along with BGP & OSPF support for multiple VRF with NETNS backend #1711
Conversation
pguibert6WIND
force-pushed
the
issue_385_step5
branch
from
6975c44 to
4a85857
Compare
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
pguibert6WIND
force-pushed
the
issue_385_step5
branch
from
4a85857 to
be72478
Compare
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
pguibert6WIND
force-pushed
the
issue_385_step5
branch
2 times, most recently
from
1e22754 to
9acfd16
Compare
pguibert6WIND
force-pushed
the
issue_385_step5
branch
from
9acfd16 to
920b1b0
Compare
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2508/ This is a comment from an EXPERIMENTAL automated CI system. CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base21 Static Analyzer issues remaining.See details at |
pguibert6WIND
force-pushed
the
issue_385_step5
branch
from
920b1b0 to
9ba8285
Compare
|
Hi @rwestphal @qlyoung , @donaldsharp |
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2515/ This is a comment from an EXPERIMENTAL automated CI system. CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base21 Static Analyzer issues remaining.See details at |
lib/ns.c
Outdated
| * I'm not sure if this belongs here or in | ||
| * the vrf code. | ||
| */ | ||
| // if_init (&ns->iflist); |
There was a problem hiding this comment.
Why are we copying around dead code?
There was a problem hiding this comment.
I keep the code, because that was the code originally as it was.
this was a code that has been put as is a long time ago:
32bcb8b lib: Create ns.c
I will remove it.
There was a problem hiding this comment.
Yeah I remember putting that there 2+ years ago :) My assumption is that if it's not needed after all this time it's not needed.
lib/ns.c
Outdated
| { | ||
| struct ns *ns = NULL; | ||
|
|
||
| RB_FOREACH(ns, ns_head, &ns_tree) { |
There was a problem hiding this comment.
RB_FOREACH (...
Lot's of places this needs to be fixed
There was a problem hiding this comment.
I don't get it. I don't see places in added code where FOREACH has a space added before '('
the checkstyle script does not permit a space between RB_FOREACH and '('.
So what is the problem please ?
There was a problem hiding this comment.
https://www.kernel.org/doc/html/v4.10/process/coding-style.html
Section 3.1 -> Spaces after a for (. Yes our code is inconsistent but I want to make it consistent. Since these are wrappers for for loops then I would like a space.
pguibert6WIND
force-pushed
the
issue_385_step5
branch
from
9ba8285 to
04f1ed6
Compare
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2548/ This is a comment from an EXPERIMENTAL automated CI system. CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base20 Static Analyzer issues remaining.See details at |
| return nlh; | ||
| } | ||
|
|
||
| static int send_receive(int sock, struct nlmsghdr *nlh, |
There was a problem hiding this comment.
This whole file needs some rework. we should be using netlink_talk and the filter function to get the results.
There was a problem hiding this comment.
Non-blocking for commit as long as promise to clean up in a subsuquent commit
zebra/rt_netlink.c
Outdated
| struct zebra_vrf *zvrf = vrf_info_lookup(re->vrf_id); | ||
|
|
||
| if (!vrf_is_backend_netns()) |
There was a problem hiding this comment.
Doesn't the zvrf know it's zns already? Shouldn't this just be zns = zvrf->zns? and we don't need an if statement here?
There was a problem hiding this comment.
you are right; there is a zns backpointer in zvrf
| @@ -0,0 +1,242 @@ | |||
| /* | |||
There was a problem hiding this comment.
Where is the close() of the inotify fd on shutdown?
There was a problem hiding this comment.
I was thinking of adding it with the NETNS deletion updates.
But ok, I added the soft closure of inotify.
.
zebra/interface.c
Outdated
|
|
||
| inet_pton(AF_INET, buf, &ipv4_ll); | ||
|
|
||
| ipv6_ll_address_to_mac(address, (u_char *)mac); | ||
|
|
||
| if (!vrf_is_backend_netns()) |
There was a problem hiding this comment.
Shouldn't this just be a call to a accessor function?
zvrf = vrf_info_lookup(ifp->vrf_id);
zns = zvrf->zns;
This way we don't care about the backend. Just get the zns
zebra/rt_netlink.c
Outdated
| struct { | ||
| struct nlmsghdr n; | ||
| struct ndmsg ndm; | ||
| char buf[256]; | ||
| } req; | ||
| u_char dst_mac[6] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; | ||
|
|
||
| if (!vrf_is_backend_netns()) |
There was a problem hiding this comment.
Look up zvrf then grab zns? as above?
There was a problem hiding this comment.
the code change has been done so as to simplify the code.
Thanks for pointing out that.
when the netns backend is selected for VRF, the default VRF is being assigned a NSID. This avoids the need to handle the case where if the incoming NSID was 0 for a non default VRF, then a specific handling had to be done to keep 0 value for default VRF. In most cases, as the first NETNS to get a NSID will be the default VRF, most probably the default VRF will be assigned to 0, while the other ones will have their value incremented. On some cases, where the NSID is already assigned for NETNS, including default VRF, then the default VRF value will be the one derived from the NSID of default VRF, thus keeping consistency between VRF IDs and NETNS IDs. Default NS is attempted to be created. Actually, some VMs may have the netns feature, but the NS initialisation fails because that folder is not present. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
this is a static analysis performed by c-lang scan-build tool that demonstrated this issue. This commit is handling the fix. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
For supporting vrf based on namespaces, it is possible that an interface with the same index is present. This is the case for loopback interfaces. For that, for each query, if the interface is not found , matching the vrf identifier, then a new interface is created, when the backens for VRF is NETNS. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
the vrf identifier in the ospf_vrf_enable routine is never read, then does not need to be initialised. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The assert appears in zebra_mpls.c when checking default zebra_vrf. It appears that when the mpls entries are flushed, it gets the default vrf which is already flushed by vrf_terminate() function. In order to avoid that assert to trigger a crash, the mpls flush is called before vrf termination. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The vrf_sockunion_socket() wraps sockunion_socket() with vrf_id as additional parameter. The creation of socket forces the user to transparently move to new NETNS for doing the operation. The vrf_getaddr_info() wraps getaddr_info() with vrf_id as additional parameter. That API relies on the underlying system. Then there may be need to switch to an other netns in that case too. Also, the vrf_socket() implementation is simplified. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The change contained in this commit does the following: - discovery of vrf id from zebra daemon, and adaptation of bgp contexts with BGP. The list of network addresses contain a reference to the bgp context supporting the vrf. The bgp context contains a vrf pointer that gives information about the netns path in case the vrf is a netns path. Only some contexts are impacted, namely socket creation, and retrieval of local IP settings. ( this requires vrf identifier). Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon creation of BGP instances, server socket may or may not be created. In the case of VRF instances, if the VRF backend relies on NETNS, then a new server socket will be created for each BGP VRF instance. If the VRF backend relies on VRF LITE, then only one server socket will be enough. Moreover, At startup, with BGP VRF configuration, a server socket may not be created if VRF is not the default one or VRF is not recognized yet. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Upon starting a BGP VRF instance, the server socket is not created, because the VRF ID is not known, and then underlying VRF backend is not ready yet. Because of that, the peer connection attempt will not be started before. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
When interfaces are located on different NETNS ( different VRF), then a switch from netns context is necessary when calling setns(). The VRF apis to switch and switch back are called, so that the ioctl will work accordingly. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
A new API is available for interface ioctl operations on Linux: vrf_if_ioctl. This is the unified API that permits doing ioctl operations on a per interface basis. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The option to enable VRF backend is documented. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This split is introducing logicalrouter.[ch] as the file that contains the vty commands to configure logical router feature. The split has as consequence that the backend of logical router is linux_netns.c formerly called ns.c. The same relationship exists between VRF and its backend which may be linux_netns.c file. The split is adapting ns and vrf fiels so as to : - clarify header - ensure that the daemon persepctive, the feature VRF or logical router is called instead of calling directly ns. - this implies that VRF will call NS apis, as logical router does. Also, like it is done for default NS and default VRF, the associated VRF is enabled first, before NETNS is enabled, so that zvrf->zns pointer is valid when NETNS discovery applies. Also, other_netns.c file is a stub handler that will be used for non linux systems. As NETNS feature is only used by Linux, some BSD systems may want to use the same backend API to benefit from NETNS. This is what that file has been done. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The zebra daemon introduces the logical router initialisation. Because right now, the usage of logical router and vrf NETNS is exclusive, then the logical router and VRF are initialised accordingly. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The logical router node goes from NS_NODE to LOGICALROUTER_NODE. Vty commands are renamed accordingly. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
NETNS is initialised from the VRF, instead of being directly called, because this is not up to BGP daemon to initialise the various VRF backend. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
That API can be used to wrap the ioctl call with various vrf instances. This permits transparently doing the ioctl() call without taking into consideration the vrf backend kind. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Because socket creation is tightly linked with socket binding for vrf lite, the proposal is made to extend socket creation APIs and to create a new API called vrf_bind that applies to vrf lite. The passed interface name is the interface that will be bound to the socket passed. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Instead of relying on local usage of vrf bind operation, the vrf API for that usage is done. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com> fixup bgp
The change consists in taking into account of the VRF identifier upon which the ospf socket is created. Moreover, if the VRF is a netns backend, then it is not necessary to perform the bind operations to vrf device. Also, when a VRF instance is enabled, it informs ospf VRF, and automatically OSPF VRF benefits from it. Reversely, when VRF instance is disabled, then OSPF VRF will be disabled too. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Informational traces are being added. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
A space is appended between RB_FOREACH and ' ', to comply with style practiced in frr. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
ENOSYS should not be used for other goals. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
So as to get the correct NETNS where some discovery must be done and populated, the zns pointer is directly retrieved from zvrf, instead of checking that the VRF is a backend NETNS or not. In the case where the interfaces are discovered before the VRF is enabled ( VRF-lite populate), then the default NS is retrieved. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This limitation ignores the creation of a new NS context, when an already present NS is available with the same NSID. This limitation removes confusion, so that only the first NS will be used for configuration. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2687/ This is a comment from an EXPERIMENTAL automated CI system. CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base19 Static Analyzer issues remaining.See details at |
No description provided.