From 7a3d7e5f5562b49fd618d8c4ee6b71d9ba71fb11 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 3 Aug 2023 04:47:39 +0000 Subject: [PATCH 01/15] Fix the Loopback0 IPv6 address of LC's in chassis not reachable from peer device's Signed-off-by: Abhishek Dosi --- dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 | 3 +++ .../data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf | 1 + .../tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf | 1 + 3 files changed, 5 insertions(+) diff --git a/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 index 1e564579e30..793ab055c21 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/bgpd.main.conf.j2 @@ -104,6 +104,9 @@ router bgp {{ DEVICE_METADATA['localhost']['bgp_asn'] }} network {{ get_ipv6_loopback_address(LOOPBACK_INTERFACE, "Loopback0") | ip }}/128 {% else %} network {{ get_ipv6_loopback_address(LOOPBACK_INTERFACE, "Loopback0") | ip }}/64 +{% if DEVICE_METADATA['localhost']['switch_type'] == 'voq' or DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} + network {{ get_ipv6_loopback_address(LOOPBACK_INTERFACE, "Loopback0") | ip }}/128 route-map HIDE_INTERNAL +{% endif %} {% endif %} exit-address-family {% endif %} diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf index 0f7f227e0e2..6b2e1f25794 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/packet_chassis.conf @@ -47,6 +47,7 @@ router bgp 55555 ! address-family ipv6 network fc00::1/64 + network fc00::1/128 route-map HIDE_INTERNAL exit-address-family ! network 10.10.10.1/24 diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf index ef28d67c1c9..efd45eda1ea 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/bgpd.main.conf.j2/voq_chassis.conf @@ -48,6 +48,7 @@ router bgp 55555 ! address-family ipv6 network fc00::1/64 + network fc00::1/128 route-map HIDE_INTERNAL exit-address-family address-family ipv6 network fc00::2/128 route-map HIDE_INTERNAL From 8d9dbb61f477762b56774980ac26d3561b4bca50 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 17 Aug 2023 14:54:26 +0000 Subject: [PATCH 02/15] Added change to have flag Signed-off-by: Abhishek Dosi --- files/build_templates/sonic_version.yml.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/files/build_templates/sonic_version.yml.j2 b/files/build_templates/sonic_version.yml.j2 index 8b829feeed0..510b3d3c604 100644 --- a/files/build_templates/sonic_version.yml.j2 +++ b/files/build_templates/sonic_version.yml.j2 @@ -30,3 +30,8 @@ built_by: {{ built_by }} asan: 'yes' {% endif -%} sonic_os_version: {{ sonic_os_version }} +{% if SECURE_UPGRADE_MODE == "dev" or SECURE_UPGRADE_MODE == "prod" -%} +secure_boot_image: 'yes' +{% else -%} +secure_boot_image: 'no' +{% endif -%} From 4e8b1014c13bf4ec28df3bb9001372002caca225 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 31 Aug 2023 20:53:13 +0000 Subject: [PATCH 03/15] Assign the metric vaule for Ipv6 default route learnt via RA message to higher value so that BGP learnt default route is higher priority. Signed-off-by: Abhishek Dosi --- files/dhcp/90-dhcp6-systcl.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/files/dhcp/90-dhcp6-systcl.conf.j2 b/files/dhcp/90-dhcp6-systcl.conf.j2 index addb9467525..13ad9bead9c 100644 --- a/files/dhcp/90-dhcp6-systcl.conf.j2 +++ b/files/dhcp/90-dhcp6-systcl.conf.j2 @@ -5,3 +5,4 @@ net.ipv6.conf.eth0.accept_ra = 0 net.ipv6.conf.eth0.accept_ra_defrtr = 1 net.ipv6.conf.eth0.accept_ra = 1 {% endif %} +net.ipv6.conf.eth0.ra_defrtr_metric=1996489704 From fcbd38d8ec0c2f8f92a8d61c3e8c694b7fa489e2 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Fri, 8 Sep 2023 15:51:23 +0000 Subject: [PATCH 04/15] Add alternate name for bridge interface on supversior in chassis systrem Signed-off-by: Abhishek Dosi --- files/build_templates/docker_image_ctl.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2 index 546eb24cb62..ca9679ccd9b 100644 --- a/files/build_templates/docker_image_ctl.j2 +++ b/files/build_templates/docker_image_ctl.j2 @@ -191,6 +191,9 @@ function postStartAction() ip link add name ns-eth1"$NET_NS" type veth peer name eth1@"$NET_NS" ip link set dev eth1@"$NET_NS" master br1 ip link set dev eth1@"$NET_NS" up + # For chassis system where Linux bridge is used on supervisor for midplane communication + # assign alternate name as eth1-midplane for generic design + ip link property add dev br1 altname eth1-midplane else ip link add name ns-eth1"$NET_NS" link eth1-midplane type macvlan mode bridge fi From 311c639bc73e05bfaac792ce62df94ddfc6c9c7c Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 13 Sep 2023 16:12:34 +0000 Subject: [PATCH 05/15] Revert "Add alternate name for bridge interface on supversior in chassis systrem" This reverts commit fcbd38d8ec0c2f8f92a8d61c3e8c694b7fa489e2. --- files/build_templates/docker_image_ctl.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2 index ca9679ccd9b..546eb24cb62 100644 --- a/files/build_templates/docker_image_ctl.j2 +++ b/files/build_templates/docker_image_ctl.j2 @@ -191,9 +191,6 @@ function postStartAction() ip link add name ns-eth1"$NET_NS" type veth peer name eth1@"$NET_NS" ip link set dev eth1@"$NET_NS" master br1 ip link set dev eth1@"$NET_NS" up - # For chassis system where Linux bridge is used on supervisor for midplane communication - # assign alternate name as eth1-midplane for generic design - ip link property add dev br1 altname eth1-midplane else ip link add name ns-eth1"$NET_NS" link eth1-midplane type macvlan mode bridge fi From 2109e03eb3867ad0d875ec3d663095269cc8c841 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 13 Sep 2023 16:14:29 +0000 Subject: [PATCH 06/15] ASIC Count is updated to the running numbers of ASIC's and not max possible Signed-off-by: Abhishek Dosi --- src/sonic-py-common/sonic_py_common/device_info.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sonic-py-common/sonic_py_common/device_info.py b/src/sonic-py-common/sonic_py_common/device_info.py index 7a4cec81605..269c47df186 100644 --- a/src/sonic-py-common/sonic_py_common/device_info.py +++ b/src/sonic-py-common/sonic_py_common/device_info.py @@ -479,7 +479,7 @@ def get_platform_info(config_db=None): if hw_info_dict: return hw_info_dict - from .multi_asic import get_num_asics + from .multi_asic import get_asic_presence_list version_info = get_sonic_version_info() @@ -487,7 +487,7 @@ def get_platform_info(config_db=None): hw_info_dict['hwsku'] = get_hwsku() if version_info: hw_info_dict['asic_type'] = version_info.get('asic_type') - hw_info_dict['asic_count'] = get_num_asics() + hw_info_dict['asic_count'] = len(get_asic_presence_list()) try: # TODO: enforce caller to provide config_db explicitly and remove its default value From 3cf469783df2374c7905f30dd8a146b5d33d0c22 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Tue, 26 Sep 2023 16:03:37 +0000 Subject: [PATCH 07/15] Enable Seding BGP Community over internal neighbors over iBGP Session Signed-off-by: Abhishek Dosi --- .../frr/bgpd/templates/internal/peer-group.conf.j2 | 2 ++ .../frr/bgpd/templates/voq_chassis/peer-group.conf.j2 | 2 ++ .../tests/data/internal/peer-group.conf/result_back.conf | 2 ++ .../data/internal/peer-group.conf/result_chasiss_packet.conf | 2 ++ .../tests/data/internal/peer-group.conf/result_front.conf | 2 ++ .../tests/data/voq_chassis/peer-group.conf/result_all.conf | 2 ++ .../tests/data/voq_chassis/peer-group.conf/result_base.conf | 2 ++ 7 files changed, 14 insertions(+) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 index e29a4c9e2fb..b12f8e8c84a 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/peer-group.conf.j2 @@ -14,6 +14,7 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family {% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} neighbor INTERNAL_PEER_V6 update-source Loopback4096 @@ -26,6 +27,7 @@ neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 index 44a49587d03..802aa15ca60 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/peer-group.conf.j2 @@ -12,6 +12,7 @@ neighbor VOQ_CHASSIS_V4_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V4_PEER route-map FROM_VOQ_CHASSIS_V4_PEER in neighbor VOQ_CHASSIS_V4_PEER route-map TO_VOQ_CHASSIS_V4_PEER out + neighbor VOQ_CHASSIS_V4_PEER send-community exit-address-family address-family ipv6 {% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'ToRRouter' %} @@ -22,6 +23,7 @@ neighbor VOQ_CHASSIS_V6_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V6_PEER route-map FROM_VOQ_CHASSIS_V6_PEER in neighbor VOQ_CHASSIS_V6_PEER route-map TO_VOQ_CHASSIS_V6_PEER out + neighbor VOQ_CHASSIS_V6_PEER send-community exit-address-family ! ! end of template: bgpd/templates/voq_chassis/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf index 28a543841fe..c6acef329ef 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_back.conf @@ -9,6 +9,7 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family address-family ipv6 neighbor INTERNAL_PEER_V6 route-reflector-client @@ -16,6 +17,7 @@ neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf index 1f4e219e277..e4fb05eeb76 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_chasiss_packet.conf @@ -9,6 +9,7 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family neighbor INTERNAL_PEER_V6 update-source Loopback4096 address-family ipv6 @@ -16,6 +17,7 @@ neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf index 5b061fa52b4..7b6ee2667de 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/peer-group.conf/result_front.conf @@ -8,12 +8,14 @@ neighbor INTERNAL_PEER_V4 allowas-in 1 neighbor INTERNAL_PEER_V4 route-map FROM_BGP_INTERNAL_PEER_V4 in neighbor INTERNAL_PEER_V4 route-map TO_BGP_INTERNAL_PEER_V4 out + neighbor INTERNAL_PEER_V4 send-community exit-address-family address-family ipv6 neighbor INTERNAL_PEER_V6 soft-reconfiguration inbound neighbor INTERNAL_PEER_V6 allowas-in 1 neighbor INTERNAL_PEER_V6 route-map FROM_BGP_INTERNAL_PEER_V6 in neighbor INTERNAL_PEER_V6 route-map TO_BGP_INTERNAL_PEER_V6 out + neighbor INTERNAL_PEER_V6 send-community exit-address-family ! ! end of template: bgpd/templates/internal/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf index cf5020ee49f..350ff0eeeb4 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_all.conf @@ -10,6 +10,7 @@ neighbor VOQ_CHASSIS_V4_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V4_PEER route-map FROM_VOQ_CHASSIS_V4_PEER in neighbor VOQ_CHASSIS_V4_PEER route-map TO_VOQ_CHASSIS_V4_PEER out + neighbor VOQ_CHASSIS_V4_PEER send-community exit-address-family address-family ipv6 neighbor VOQ_CHASSIS_V6_PEER allowas-in 1 @@ -18,6 +19,7 @@ neighbor VOQ_CHASSIS_V6_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V6_PEER route-map FROM_VOQ_CHASSIS_V6_PEER in neighbor VOQ_CHASSIS_V6_PEER route-map TO_VOQ_CHASSIS_V6_PEER out + neighbor VOQ_CHASSIS_V6_PEER send-community exit-address-family ! ! end of template: bgpd/templates/voq_chassis/peer-group.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf index 61813254acc..9818358a771 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/peer-group.conf/result_base.conf @@ -9,6 +9,7 @@ neighbor VOQ_CHASSIS_V4_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V4_PEER route-map FROM_VOQ_CHASSIS_V4_PEER in neighbor VOQ_CHASSIS_V4_PEER route-map TO_VOQ_CHASSIS_V4_PEER out + neighbor VOQ_CHASSIS_V4_PEER send-community exit-address-family address-family ipv6 neighbor VOQ_CHASSIS_V6_PEER activate @@ -16,6 +17,7 @@ neighbor VOQ_CHASSIS_V6_PEER soft-reconfiguration inbound neighbor VOQ_CHASSIS_V6_PEER route-map FROM_VOQ_CHASSIS_V6_PEER in neighbor VOQ_CHASSIS_V6_PEER route-map TO_VOQ_CHASSIS_V6_PEER out + neighbor VOQ_CHASSIS_V6_PEER send-community exit-address-family ! ! end of template: bgpd/templates/voq_chassis/peer-group.conf.j2 From 5d4fb5dc79540099fa27184ca2c5cade39eb958f Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Tue, 26 Sep 2023 16:06:23 +0000 Subject: [PATCH 08/15] Revert "ASIC Count is updated to the running numbers of ASIC's and not max" This reverts commit 2109e03eb3867ad0d875ec3d663095269cc8c841. --- src/sonic-py-common/sonic_py_common/device_info.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sonic-py-common/sonic_py_common/device_info.py b/src/sonic-py-common/sonic_py_common/device_info.py index 269c47df186..7a4cec81605 100644 --- a/src/sonic-py-common/sonic_py_common/device_info.py +++ b/src/sonic-py-common/sonic_py_common/device_info.py @@ -479,7 +479,7 @@ def get_platform_info(config_db=None): if hw_info_dict: return hw_info_dict - from .multi_asic import get_asic_presence_list + from .multi_asic import get_num_asics version_info = get_sonic_version_info() @@ -487,7 +487,7 @@ def get_platform_info(config_db=None): hw_info_dict['hwsku'] = get_hwsku() if version_info: hw_info_dict['asic_type'] = version_info.get('asic_type') - hw_info_dict['asic_count'] = len(get_asic_presence_list()) + hw_info_dict['asic_count'] = get_num_asics() try: # TODO: enforce caller to provide config_db explicitly and remove its default value From 4dbfe1cc44eb4547eb9db8c7a70e8b397303ea3d Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Sep 2023 01:12:18 +0000 Subject: [PATCH 09/15] In Chassis TSA mode Loopback0 Ip's of each should be advertise through e-BGP peers of each remote LC's Signed-off-by: Abhishek Dosi --- .../bgpd/templates/internal/policies.conf.j2 | 21 +++++++++++++++++++ .../templates/voq_chassis/policies.conf.j2 | 20 ++++++++++++++++++ .../frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 | 7 +++++-- .../frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 | 3 ++- files/image_config/constants/constants.yml | 2 ++ 5 files changed, 50 insertions(+), 3 deletions(-) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index 855a6863565..c0193e8f207 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -4,8 +4,20 @@ ! {% from "common/functions.conf.j2" import get_ipv4_loopback_address %} ! +! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! ! @@ -13,8 +25,17 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! {% if CONFIG_DB__DEVICE_METADATA['localhost']['sub_role'] == 'BackEnd' %} diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 index c26db7bde24..3f6b05523d1 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 @@ -1,8 +1,19 @@ ! ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +! +route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! +route-map TO_VOQ_CHASSIS_V4_PEER permit 1 + match ip address prefix-list PL_LoopbackV4 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! ! @@ -10,8 +21,17 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} +! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! +route-map TO_VOQ_CHASSIS_V6_PEER permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community {{ constants.bgp.internal_community }} additive +! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! ! end of template: bgpd/templates/voq_chassis/policies.conf.j2 diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 index 1256d1cd4f9..4a001d989be 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 @@ -1,5 +1,8 @@ route-map {{ route_map_name }} permit 20 match {{ ip_protocol }} address prefix-list PL_Loopback{{ ip_version }} - set community {{ constants.bgp.traffic_shift_community }} -route-map {{ route_map_name }} deny 30 + set community {{ constants.bgp.traffic_shift_community }} additive +route-map {{ route_map_name }} permit 30 + match tag {{ constants.bgp.internal_community_match_tag }} + set community {{ constants.bgp.traffic_shift_community }} additive +route-map {{ route_map_name }} deny 40 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 index 649f6d8e9db..7ba4c1bd6f3 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.unisolate.conf.j2 @@ -1,3 +1,4 @@ no route-map {{ route_map_name }} permit 20 -no route-map {{ route_map_name }} deny 30 +no route-map {{ route_map_name }} permit 30 +no route-map {{ route_map_name }} deny 40 ! diff --git a/files/image_config/constants/constants.yml b/files/image_config/constants/constants.yml index 4c533970039..bb4aeb62ab9 100644 --- a/files/image_config/constants/constants.yml +++ b/files/image_config/constants/constants.yml @@ -4,6 +4,8 @@ constants: "2" : 65433 bgp: traffic_shift_community: 12345:12345 + internal_community: 11111:11111 + internal_community_match_tag: 1002 sentinel_community: 12345:12346 families: - ipv4 From 4f295dee32601246167795c53c8553e9e1509a21 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Sep 2023 04:37:14 +0000 Subject: [PATCH 10/15] Updated UT Signed-off-by: Abhishek Dosi --- .../internal/policies.conf/param_back.json | 6 ++++++ .../internal/policies.conf/param_front.json | 6 ++++++ .../internal/policies.conf/result_back.conf | 20 ++++++++++++++++++ .../internal/policies.conf/result_front.conf | 20 ++++++++++++++++++ .../voq_chassis/policies.conf/param_base.json | 6 ++++++ .../policies.conf/result_base.conf | 21 ++++++++++++++++++- 6 files changed, 78 insertions(+), 1 deletion(-) diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json index 37e54d785e2..d39721ae0c8 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_back.json @@ -6,5 +6,11 @@ }, "CONFIG_DB__LOOPBACK_INTERFACE": { "Loopback4096|10.10.10.10/32": {} + }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } } } diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json index 68c27766d25..502fb1d2f1a 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json @@ -4,5 +4,11 @@ "sub_role": "FrontkEnd" } }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } + }, "loopback0_ipv4": "10.10.10.10/32" } diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index 81b5aab193c..6a5b8798b92 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -1,16 +1,36 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index 880530a2797..f194b50be5b 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -1,16 +1,36 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 additive +! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! ! end of template: bgpd/templates/internal/policies.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json index 7ef21c181d7..483cc938c59 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json @@ -1,5 +1,11 @@ { "CONFIG_DB__DEVICE_METADATA": { "localhost": {} + }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } } } diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf index c26db7bde24..b239449a6ae 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf @@ -1,17 +1,36 @@ ! ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! -route-map TO_VOQ_CHASSIS_V4_PEER permit 100 +route-map TO_VOQ_CHASSIS_V4_PEER permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 additive ! +route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! route-map FROM_VOQ_CHASSIS_V6_PEER permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! +route-map TO_VOQ_CHASSIS_V6_PEER permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 additive +! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! ! end of template: bgpd/templates/voq_chassis/policies.conf.j2 From 6dcf2194af43077ad55c41295278c8cdece61754 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Wed, 27 Sep 2023 05:26:35 +0000 Subject: [PATCH 11/15] Updated UT Signed-off-by: Abhishek Dosi --- .../frr/bgpd/templates/internal/policies.conf.j2 | 6 +++--- .../frr/bgpd/templates/voq_chassis/policies.conf.j2 | 4 ++-- .../frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 | 4 ++-- .../general/peer-group.conf/result_all_isolate.conf | 10 ++++++++-- .../general/peer-group.conf/result_all_unisolate.conf | 6 ++++-- .../data/general/peer-group.conf/result_isolate.conf | 10 ++++++++-- .../data/general/peer-group.conf/result_unisolate.conf | 6 ++++-- .../tests/data/internal/policies.conf/result_back.conf | 6 +++--- .../data/internal/policies.conf/result_front.conf | 4 ++-- .../tests/data/sonic-cfggen/tsa/isolate.conf | 5 ++++- .../tests/data/sonic-cfggen/tsa/isolate.json | 5 +++-- .../tests/data/sonic-cfggen/tsa/unisolate.conf | 3 ++- .../data/voq_chassis/policies.conf/result_base.conf | 4 ++-- src/sonic-bgpcfgd/tests/test_device_global.py | 3 ++- 14 files changed, 49 insertions(+), 27 deletions(-) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index c0193e8f207..5b00a99fa87 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -16,7 +16,7 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! @@ -34,7 +34,7 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! @@ -42,7 +42,7 @@ route-map TO_BGP_INTERNAL_PEER_V6 permit 100 route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 +route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} {% endif %} ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 index 3f6b05523d1..9ffe00d14a2 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 @@ -12,7 +12,7 @@ route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 1 match ip address prefix-list PL_LoopbackV4 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! @@ -30,7 +30,7 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community {{ constants.bgp.internal_community }} additive + set community {{ constants.bgp.internal_community }} ! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 index 4a001d989be..2321643f8d0 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/tsa/bgpd.tsa.isolate.conf.j2 @@ -1,8 +1,8 @@ route-map {{ route_map_name }} permit 20 match {{ ip_protocol }} address prefix-list PL_Loopback{{ ip_version }} - set community {{ constants.bgp.traffic_shift_community }} additive + set community {{ constants.bgp.traffic_shift_community }} route-map {{ route_map_name }} permit 30 match tag {{ constants.bgp.internal_community_match_tag }} - set community {{ constants.bgp.traffic_shift_community }} additive + set community {{ constants.bgp.traffic_shift_community }} route-map {{ route_map_name }} deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf index a078dadd6f0..bf3abfc0464 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_isolate.conf @@ -23,11 +23,17 @@ route-map TO_BGP_PEER_V4 permit 20 match ip address prefix-list PL_LoopbackV4 set community 12345:12345 -route-map TO_BGP_PEER_V4 deny 30 +route-map TO_BGP_PEER_V4 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V4 deny 40 ! route-map TO_BGP_PEER_V6 permit 20 match ipv6 address prefix-list PL_LoopbackV6 set community 12345:12345 -route-map TO_BGP_PEER_V6 deny 30 +route-map TO_BGP_PEER_V6 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf index 1cd4442f4f3..fa56d296e4d 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_all_unisolate.conf @@ -21,9 +21,11 @@ no route-map TO_BGP_PEER_V4 permit 20 -no route-map TO_BGP_PEER_V4 deny 30 +no route-map TO_BGP_PEER_V4 permit 30 +no route-map TO_BGP_PEER_V4 deny 40 ! no route-map TO_BGP_PEER_V6 permit 20 -no route-map TO_BGP_PEER_V6 deny 30 +no route-map TO_BGP_PEER_V6 permit 30 +no route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf index 902b8cfcdab..88017bf2f30 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_isolate.conf @@ -2,10 +2,16 @@ route-map TO_BGP_PEER_V4 permit 20 match ip address prefix-list PL_LoopbackV4 set community 12345:12345 -route-map TO_BGP_PEER_V4 deny 30 +route-map TO_BGP_PEER_V4 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V4 deny 40 ! route-map TO_BGP_PEER_V6 permit 20 match ipv6 address prefix-list PL_LoopbackV6 set community 12345:12345 -route-map TO_BGP_PEER_V6 deny 30 +route-map TO_BGP_PEER_V6 permit 30 + match tag 1001 + set community 12345:12345 +route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf index 8fd9fde7f75..8bfcdee993d 100644 --- a/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf +++ b/src/sonic-bgpcfgd/tests/data/general/peer-group.conf/result_unisolate.conf @@ -1,7 +1,9 @@ no route-map TO_BGP_PEER_V4 permit 20 -no route-map TO_BGP_PEER_V4 deny 30 +no route-map TO_BGP_PEER_V4 permit 30 +no route-map TO_BGP_PEER_V4 deny 40 ! no route-map TO_BGP_PEER_V6 permit 20 -no route-map TO_BGP_PEER_V6 deny 30 +no route-map TO_BGP_PEER_V6 permit 30 +no route-map TO_BGP_PEER_V6 deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index 6a5b8798b92..c870bbae7b2 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -12,7 +12,7 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! @@ -29,14 +29,14 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 set originator-id 10.10.10.10 ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 +route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 set originator-id 10.10.10.10 ! ! end of template: bgpd/templates/internal/policies.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index f194b50be5b..2708522852c 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -12,7 +12,7 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! @@ -29,7 +29,7 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 additive + set community 12345:556 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf index 2ea4111dfc2..e775b6d0acb 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.conf @@ -1,5 +1,8 @@ route-map test_rm_name permit 20 match ip address prefix-list PL_LoopbackV4 set community 12345:555 -route-map test_rm_name deny 30 +route-map test_rm_name permit 30 + match tag 1002 + set community 12345:555 +route-map test_rm_name deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json index 807dfe7e1a0..68ffe27c46a 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/isolate.json @@ -1,10 +1,11 @@ { "constants": { "bgp": { - "traffic_shift_community": "12345:555" + "traffic_shift_community": "12345:555", + "internal_community_match_tag": "1002" } }, "route_map_name": "test_rm_name", "ip_version": "V4", "ip_protocol": "ip" -} \ No newline at end of file +} diff --git a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf index 2adeac6e0ef..31553e3a984 100644 --- a/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf +++ b/src/sonic-bgpcfgd/tests/data/sonic-cfggen/tsa/unisolate.conf @@ -1,3 +1,4 @@ no route-map test_rm permit 20 -no route-map test_rm deny 30 +no route-map test_rm permit 30 +no route-map test_rm deny 40 ! diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf index b239449a6ae..4dc2f9cec96 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf @@ -12,7 +12,7 @@ route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 1 match ip address prefix-list PL_LoopbackV4 - set community 12345:556 additive + set community 12345:556 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! @@ -29,7 +29,7 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 1 match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 additive + set community 12345:556 ! route-map TO_VOQ_CHASSIS_V6_PEER permit 100 ! diff --git a/src/sonic-bgpcfgd/tests/test_device_global.py b/src/sonic-bgpcfgd/tests/test_device_global.py index 2a912c3d05a..049bcbeec05 100644 --- a/src/sonic-bgpcfgd/tests/test_device_global.py +++ b/src/sonic-bgpcfgd/tests/test_device_global.py @@ -13,7 +13,8 @@ BASE_PATH = os.path.abspath('../sonic-bgpcfgd/tests/data/general/peer-group.conf/') global_constants = { "bgp": { - "traffic_shift_community" :"12345:12345" + "traffic_shift_community" :"12345:12345", + "internal_community_match_tag" : "1001" } } From c38a06e22847f1bb8e06f674233afff80781fc03 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 17:52:51 +0000 Subject: [PATCH 12/15] Added extra UT for chassis-packet. Signed-off-by: Abhishek Dosi --- .../policies.conf/param_chasiss_packet.json | 16 ++++++++ .../internal/policies.conf/result_back.conf | 32 ++++------------ .../policies.conf/result_chasiss_packet.conf | 37 +++++++++++++++++++ .../internal/policies.conf/result_front.conf | 22 +---------- 4 files changed, 62 insertions(+), 45 deletions(-) create mode 100644 src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json create mode 100644 src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json new file mode 100644 index 00000000000..1e600cc9d72 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json @@ -0,0 +1,16 @@ +{ + "CONFIG_DB__DEVICE_METADATA": { + "localhost": { + "type": "SpineRouter", + "sub_role": "FrontEnd", + "switch_type": "chassis-packet" + } + }, + "constants": { + "bgp": { + "internal_community": "12345:556", + "internal_community_match_tag": "101" + } + }, + "loopback0_ipv4": "10.10.10.10/32" +} diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index c870bbae7b2..9fb6756268b 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -3,41 +3,23 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 1 - match ip address prefix-list PL_LoopbackV4 - set community 12345:556 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + set originator-id 10.10.10.10 +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 + set originator-id 10.10.10.10 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 - set originator-id 10.10.10.10 -! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 - set originator-id 10.10.10.10 -! ! end of template: bgpd/templates/internal/policies.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf new file mode 100644 index 00000000000..fea34746516 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf @@ -0,0 +1,37 @@ +! +! template: bgpd/templates/internal/policies.conf.j2 +! +bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag 101 +! +route-map TO_BGP_INTERNAL_PEER_V4 permit 1 + match ip address prefix-list PL_LoopbackV4 + set community 12345:556 +! +route-map TO_BGP_INTERNAL_PEER_V6 permit 1 + match ipv6 address prefix-list PL_LoopbackV6 + set community 12345:556 +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 +! +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 +! +route-map TO_BGP_INTERNAL_PEER_V6 permit 100 +! +! end of template: bgpd/templates/internal/policies.conf.j2 +! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index 2708522852c..49971c37bab 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -3,33 +3,15 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 1 - match ip address prefix-list PL_LoopbackV4 - set community 12345:556 -! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag 101 +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community 12345:556 +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! From c94da057d35ac0e7943a05b7711c6d7052cfd144 Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 17:54:56 +0000 Subject: [PATCH 13/15] FIxed UT typo Signed-off-by: Abhishek Dosi --- .../tests/data/internal/policies.conf/param_front.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json index 502fb1d2f1a..f18513d815c 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_front.json @@ -1,7 +1,7 @@ { "CONFIG_DB__DEVICE_METADATA": { "localhost": { - "sub_role": "FrontkEnd" + "sub_role": "FrontEnd" } }, "constants": { From a5c217a0f45439ef5d15b1d4f031edcd0982b64b Mon Sep 17 00:00:00 2001 From: Abhishek Dosi Date: Thu, 28 Sep 2023 19:57:00 +0000 Subject: [PATCH 14/15] Fixes Signed-off-by: Abhishek Dosi --- .../bgpd/templates/internal/policies.conf.j2 | 43 +++++++++++-------- .../internal/policies.conf/result_back.conf | 6 +-- .../policies.conf/result_chasiss_packet.conf | 12 +++--- .../internal/policies.conf/result_front.conf | 2 - 4 files changed, 34 insertions(+), 29 deletions(-) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index 5b00a99fa87..5f9c8a83e29 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -4,7 +4,17 @@ ! {% from "common/functions.conf.j2" import get_ipv4_loopback_address %} ! +{% if CONFIG_DB__DEVICE_METADATA['localhost']['sub_role'] == 'BackEnd' %} +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} +{% elif CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 @@ -12,39 +22,38 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag {{ constants.bgp.internal_community_match_tag }} ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next +! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 + match community DEVICE_INTERNAL_COMMUNITY + set comm-list DEVICE_INTERNAL_COMMUNITY delete + set tag {{ constants.bgp.internal_community_match_tag }} ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 set community {{ constants.bgp.internal_community }} ! -route-map TO_BGP_INTERNAL_PEER_V4 permit 100 -! +route-map TO_BGP_INTERNAL_PEER_V6 permit 2 + match ipv6 address prefix-list PL_LoopbackV6 + set community {{ constants.bgp.internal_community }} ! +{% else %} route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 - match community DEVICE_INTERNAL_COMMUNITY - set comm-list DEVICE_INTERNAL_COMMUNITY delete - set tag {{ constants.bgp.internal_community_match_tag }} +{% endif %} +! +route-map FROM_BGP_INTERNAL_PEER_V4 permit 100 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 100 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 - match ipv6 address prefix-list PL_LoopbackV6 - set community {{ constants.bgp.internal_community }} +route-map TO_BGP_INTERNAL_PEER_V4 permit 100 ! route-map TO_BGP_INTERNAL_PEER_V6 permit 100 ! -{% if CONFIG_DB__DEVICE_METADATA['localhost']['sub_role'] == 'BackEnd' %} -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 - set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} -! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 - set originator-id {{ get_ipv4_loopback_address(CONFIG_DB__LOOPBACK_INTERFACE, "Loopback4096") | ip }} -{% endif %} ! ! end of template: bgpd/templates/internal/policies.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf index 9fb6756268b..5ee9967d85e 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_back.conf @@ -1,15 +1,13 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! -bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 + set originator-id 10.10.10.10 ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next ! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 - set originator-id 10.10.10.10 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 set originator-id 10.10.10.10 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf index fea34746516..e3a4e2e071c 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf @@ -3,15 +3,15 @@ ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 ! -route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 - set ipv6 next-hop prefer-global - on-match next -! -route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 +route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete set tag 101 ! +route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 + set ipv6 next-hop prefer-global + on-match next +! route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 match community DEVICE_INTERNAL_COMMUNITY set comm-list DEVICE_INTERNAL_COMMUNITY delete @@ -21,7 +21,7 @@ route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 set community 12345:556 ! -route-map TO_BGP_INTERNAL_PEER_V6 permit 1 +route-map TO_BGP_INTERNAL_PEER_V6 permit 2 match ipv6 address prefix-list PL_LoopbackV6 set community 12345:556 ! diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf index 49971c37bab..0c6405321f1 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_front.conf @@ -1,8 +1,6 @@ ! ! template: bgpd/templates/internal/policies.conf.j2 ! -bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 -! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global on-match next From 93fc511e0235bb1c65d142400ec70092151c65e9 Mon Sep 17 00:00:00 2001 From: abdosi <58047199+abdosi@users.noreply.github.com> Date: Wed, 4 Oct 2023 17:46:18 -0700 Subject: [PATCH 15/15] Update TS --- dockers/docker-fpm-frr/TS | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dockers/docker-fpm-frr/TS b/dockers/docker-fpm-frr/TS index 75472d8c695..888b2c20b84 100755 --- a/dockers/docker-fpm-frr/TS +++ b/dockers/docker-fpm-frr/TS @@ -16,7 +16,9 @@ function check_not_installed() is_internal_route_map $route_map_name && continue echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) - echo "$config" | egrep -q "^route-map $route_map_name deny 30$" + echo "$config" | egrep -q "^route-map $route_map_name permit 30$" + c=$((c+$?)) + echo "$config" | egrep -q "^route-map $route_map_name deny 40$" c=$((c+$?)) done return $c @@ -33,7 +35,10 @@ function check_installed() echo "$config" | egrep -q "^route-map $route_map_name permit 20$" c=$((c+$?)) e=$((e+1)) - echo "$config" | egrep -q "^route-map $route_map_name deny 30$" + echo "$config" | egrep -q "^route-map $route_map_name permit 30$" + c=$((c+$?)) + e=$((e+1)) + echo "$config" | egrep -q "^route-map $route_map_name deny 40$" c=$((c+$?)) e=$((e+1)) done