bgpd: add bgp ipv6-auto-ra command #16354
Conversation
|
I apologize. I work with an older version of FRR, so I have messed up a bit with syncing changes between it and this PR. Fixed it now. |
Hello. Do you mean that the message should be printed in bgpd in an attempt to add an unnumbered peer? Or on any request to zebra (in The first case is similar to what I wanted to do initially: point out all calls from bgpd that enable RA ( The second case is easy, but it seems that it might create some misleading warnings in the case of RA not being intended. E.g., we use the extended-nexthop capability for SRv6 and don't need RA but will still get the warnings. Maybe reduce the level to, say, info? |
I'm trying to understand why we should allow sending RAs by any other protocol if we have it explicitly disabled per-interface level? |
|
As far as I understood, before this PR there were 2 states: RA explicitly enabled ( Other daemons don't look at the state from vty and just send I don't think we should fail these operations because of disabled RA because it isn't the primary thing there: extended-nexthop (and VRRP, I guess) can work without RA. Unnumbered peers most probably won't (I'm not quite familiar with it), and it might be better to fail a command or print a warning in such case, but it will require determining which calls to |
|
I agree we need this feature, I've been burned by this myself before. However, I'm not sure
The switch in ⇒ I think this needs to be switched in |
Sokolmish
changed the title
|
I've added a new option to bgpd. Used the |
bgpd/bgp_zebra.c
Outdated
| @@ -2358,6 +2361,11 @@ void bgp_zebra_initiate_radv(struct bgp *bgp, struct peer *peer) | |||
|
|
|||
| void bgp_zebra_terminate_radv(struct bgp *bgp, struct peer *peer) | |||
| { | |||
| /* | |||
bgpd/bgp_vty.c
Outdated
| return CMD_SUCCESS; | ||
| } | ||
|
|
||
| DEFUN (bgp_ipv6_auto_ra, |
There was a problem hiding this comment.
DEFPY please, and please combine into a single DEFPY for both forms ([no] bgp ipv6-auto-ra).
Sokolmish
force-pushed
the
zebra-no-ra
branch
2 times, most recently
from
d5aa081 to
02a6900
Compare
|
I keep getting random topotests failed in modules I haven't touched in the PR (now it's MSDP, before it was OSPF, PIM). Is it the infrastructure problem, or am I missing something? |
bgpd/bgp_nht.c
Outdated
| @@ -1515,6 +1516,10 @@ void bgp_nht_reg_enhe_cap_intfs(struct peer *peer) | |||
| return; | |||
|
|
|||
| bgp = peer->bgp; | |||
|
|
|||
| /* Shouldn't enable RA if they are disabled */ | |||
| assert(!CHECK_FLAG(bgp->flags, BGP_FLAG_IPV6_NO_AUTO_RA)); | |||
There was a problem hiding this comment.
I doubt on this assert, why is this needed? Can't be handle it more gracefully?
There was a problem hiding this comment.
This function is called from only one place that is already covered by checking the flag, so I thought about making an assert there. Now I've changed it to a regular check with early return.
I think this is done now (?) ... @eqvinox can you take a look to see if this okay? |
|
@eqvinox ping :-) |
1 similar comment
|
@eqvinox ping :-) |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Introduce a command to stop bgpd from enabling IPv6 router advertisement messages sending on interfaces. Signed-off-by: Mikhail Sokolovskiy <[email protected]>
Sokolmish
force-pushed
the
zebra-no-ra
branch
from
4e9ceee to
7b1c0c2
Compare
|
@Mergifyio backport dev/10.2 stable/10.1 stable/10.0 stable/9.1 stable/9.0 stable/8.5 stable/8.4 |
✅ Backports have been created
|
bgpd: add bgp ipv6-auto-ra command (backport #16354)
New Features Highlight: - PIM candidate BSR/RP [#16438] - Static IGMP join without an IGMP report [1#6450] - PIM AutoRP discovery/announcements [#16634] - IGMP proxy [#16861] - SRv6 SID Manager [#15604] - Add `bgp ipv6-auto-ra` command [#16354] - Implement `neighbor x remote-as auto` for BGP [#16345] - Implement `bgp dual-as` for BGP [#16816] - Implement BGP-wide configuration for graceful restart [#16099] - Handle kernel routes appropriately (should fix recent NOPREFIXROUTE issue) [#16300] - Add `cisco-authentication` password support for NHRP [#16172] Signed-off-by: Jafar Al-Gharaibeh <[email protected]>
Introduce a command to completely disable sending IPv6 router advertisement messages on an interface. Before, there were cases where it could be enabled by other daemons, namely bgpd and vrrpd. Particularly, it happens when BGP extended-nexthop capability is used: bgpd tells zebra to enable RA in this case, though it wasn't intended.
Fixes #7738.