search

osrg / gobgp

BGP implemented in the Go Programming Language
https://osrg.github.io/gobgp/
Apache License 2.0
3.6k stars 685 forks source link

VPNv4 routes are added to the default forwarding table when no VRF exists #1609

Open amanshaikh75 opened 6 years ago

amanshaikh75 commented 6 years ago

It looks like GoBGP installs VPNv4 routes learned from a route-reflector into Linux kernel’s default forwarding table via FRR/Zebra.

[ashaikh@vsp-vpe-west ~]$ gobgp global rib -a vpnv4 Network Labels Next Hop AS_PATH Age Attrs > 100:2:172.16.0.1/32 [145] 192.168.10.3 65003 00:04:48 [{Origin: i} {Med: 0} {LocalPref: 100} {Originator: 192.168.0.3} {ClusterList: [192.168.0.2]} {Extcomms: [100:2]}] > 100:2:192.168.101.0/24 [145] 192.168.10.3 65003 00:04:48 [{Origin: i} {Med: 0} {LocalPref: 100} {Originator: 192.168.0.3} {ClusterList: [192.168.0.2]} {Extcomms: [100:2]}]

No VRF is configured with RT 100:2 on gobgp.

[ashaikh@vsp-vpe-west ~]$ gobgp vrf Name RD Import RT Export RT ID blue 100:1 100:1 100:1 6

Note blue VRF’s RT are different from the RT of the routes above. Thus, gobgp daemon does not have a VRF to import these routes into, so it seems to be installing these routes as IPv4 routes through Zebra. Here’s what vtysh shows for routes in Zebra’s RIB:

vsp-vpe-west# show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,

  • selected route, * - FIB route

B> 172.16.0.1/32 [200/0] via 192.168.10.3 (recursive), 00:07:14 via 10.202.0.8, ens8, label 17, 00:07:14 …… O> 192.168.10.3/32 [110/2] via 10.202.0.8, ens8, label 17, 1d02h12m B>* 192.168.101.0/24 [200/0] via 192.168.10.3 (recursive), 00:07:14 via 10.202.0.8, ens8, label 17, 00:07:14

Zebra then installs these routes into the Linux kernel’s default forwarding table.

[ashaikh@vsp-vpe-west ~]$ ip route show …… 172.16.0.1 encap mpls 17 via 10.202.0.8 dev ens8 proto 186 metric 20 …… 192.168.101.0/24 encap mpls 17 via 10.202.0.8 dev ens8 proto 186 metric 20

In my opinion this is a bug. Received VPNv4 routes should not be passed to FRR/Zebra irrespective of whether there is a VRF for importing routes into or not.

amanshaikh75 commented 6 years ago

I looked at the code in server/zclient.go. I believe the for loop at https://github.com/osrg/gobgp/blob/master/server/zclient.go#L503 is the root-cause of the bug.

If a received VPNv4 route is not imported into any VRFs, the code is adding a route to the default VRF even when the NLRI is VPNv4 (or VPNv6). While this makes sense for IPv4 and IPv6 NLRIs, I don't think it makes sense for VPNv(4|6) NLRIs.

amanshaikh75 commented 6 years ago

I believe I have fixed the bug in https://github.com/amanshaikh75/gobgp/tree/disallow_vpn_routes_in_default_fwd_table. This required addition of four lines of code at https://github.com/amanshaikh75/gobgp/blob/disallow_vpn_routes_in_default_fwd_table/server/zclient.go#L508.

If this fix makes sense, I can create a pull request.