Update EVPN prefix routes properly instead of withdraw/install

[chdxD1]

Today bgpd sends down withdraw and install to zebra when a EVPN prefix route is updated. There was no mechanism in zebra to track such changes and references to prefixes on EVPN nexthops.

The commits implement the respective tracking in zebra and stops sending withdraws for updates from bgpd.

[chdxD1]

There is one caveat after looking at this again - EVPN MH uses the same functions but slightly different, doing reference counting already in bgpd.

[chdxD1]

The behaviour for EVPN MH / A-D routes should now be the same again. I've also squashed the zebra commits into one now and fixed the code style issues hinted by CI.

[donaldsharp]

Why is zebra responsible for the refcounting? This seems like a bgp problem not a zebra problem. As a note -> the typical pattern in zebra is to just do what it is told. This breaks that pattern.

[chdxD1]

As far as I understood zebra is already "refcounting" today, it tracks the prefixes for a given EVPN VTEP / nexthop. zebra is being told to add / update or withdraw a route, not an evpn nexthop, therefore it has to take care of managing the references for it.
With this change it tracks the count of individual nexthops per route, making the add / update action actually working without having to know about the specifics for EVPN in e.g. bgpd that EVPN routes have to be withdrawn first.

[chdxD1]

Can we follow up on this? There is also #18240 which might be fixed by this.

I am happy to rework this PR but I am not sure if refcounting can be moved to bgpd.

[chdxD1]

@donaldsharp maybe I misunderstood something in the interaction between bgpd and zebra, but:

• bgpd passes zapi_routes to zebra. Except for EVPN MAC-IP (type 2) with ESI routes bgpd does not track next-hop groups (bgp_evpn_path_es_use_nhg)
• Therefore bgpd always passes the full set of next-hops with the zapi_route to zebra (within ZEBRA_ROUTE_ADD), referenced in the code as legacy-exploded multipath a couple of times
• So in this case there isn't ref counting in bgpd at all

zebra needs to find out if, for a given EVPN IP-Prefix (type 5) / L3-VNI nexthop, it needs to a) keep it b) update it c) remove it (when ZEBRA_ROUTE_DEL is called).

Before this PR bgpd always sent a delete before an add for every update to a bgpd route to zebra. This ensured that there are no leftover L3-VNI next-hop when a route next-hop changes (e.g. old next-hop 1.1.1.1, new next-hop 2.2.2.2 --> old next-hop was removed first, then new next-hop installed). However this also applies to other updates that do not change next-hops (e.g. old next-hop 1.1.1.1, new next-hop 1.1.1.1, L3-VNI next-hop is removed first, then re-added after). This also sends del/add operations to the Kernel, leading to brief traffic interruptions.

This PR is tracking if a L3-VNI next-hop is still used by route_entries (by counting the paths), removing it when the paths reach zero.

It is based on my understanding of bgpd and zebra that zebra does indeed do refcounting, especially for next-hop groups (see above, bgpd only does that in certain, limited cases): zebra_nhg_increment_ref / zebra_nhg_decrement_ref. Because this is ultimately linked to next-hops it makes sense to include refcounting in L3-VNI next-hops as well.

[chdxD1]

ci:rerun

[ton31337]

Can we test it?

[chdxD1]

I have two ideas:

1. Testing that pathcounting is working properly
2. Testing that no withdraw is ever sent to the Kernel for EVPN prefixes (except VTEP changes) when routes get updated

Testing 1. should be straight forward, but should already be covered by existing topotests as well (e.g. the one I implemented here: #18325 and the others checking for RMACs). Testing 2. would require spinning up ip monitor (or directly some netlink socket) inside the respective router namespace.

[chdxD1]

For 1 it probably makes sense to include the pathcount in the expected JSONs, validating that as well

[chdxD1]

ci:rerun unrelated

[chdxD1]

so - I think let's get this reviewed first before I try to satisfy some unrelated topotests :D

[riw777]

looks good ...

[riw777]

seeing if we can get the ci to pass ... the lint error needs to be fixed up

[chdxD1]

forgot to run black, should be fixed now

[chdxD1]

That force-push after rebase was probably too fast for CI?

[mwinter-osr]

CI:rerun Rerunning the CI after fix on "[CI] Verify Source" incorrectly reporting bad status

[riw777]

are we waiting on a topo test for the counts?

[chdxD1]

are we waiting on a topo test for the counts?

pathCounts are checked in _test_router_check_evpn_next_hop (which gets called a couple of times inside the tests, also during the flap tests). From my perspective: no

[ton31337]

What is the point of this testing?

[chdxD1]

it's for the test in lines 604-606 but good catch, it should be without the no in front.

[chdxD1]

Removed the no. I've also made sure that the test fails when 068a00f is reverted.

[chdxD1]

Okay, on slower systems (like the CI) the clear might not be completed until I check for multipath convergence. This lead to the CI failure in https://ci1.netdef.org/browse/FRR-PULLREQ3-TOPO3D12I386-8602. I now check for the bgp session to be a) established again and b) That the established epoch has changed. This should make the test independent of the system speed.

[chdxD1]

CI:rerun unrelated