gbp: add anonymous l3-out external interfaces

So far, GBP l3-out packets classification & policy relied on programmed EP. All traffic to/from l3-out must go through a known EP. This patch introduces a new feature where l3-out next-hops are only known by their subnets (l3-out prefixes). As there are no longer known EPs to program, an interface must be configured as external anonymous l3-out. Packets classification & policy on this interface will rely on the external subnets programmed in the BD VRF. Note that contrary to all other interfaces in a GBP BD, external anonymous l3-out interfaces have BD L2 learning turned on and rely on ARP/ND. Type: feature Change-Id: Ieedb29dff4e967d08c4301e82d06bff450a63e5f Signed-off-by: Benoît Ganne <bganne@cisco.com>
author: Benoît Ganne <bganne@cisco.com> 2019-06-26 13:36:51 +0200
committer: Neale Ranns <nranns@cisco.com> 2019-07-02 14:19:07 +0000
commit: cfc7a107e6cb8be6e7c53a08e23a146c431c8e90 (patch)
tree: 2179e92193ce7453b6eb67ba94a3c881f998f4fc /src/plugins/gbp/gbp_ext_itf.c
parent: 2ec825937b7ac856f67d086ce6814dd21c5e9bd7 (diff)
1 files changed, 114 insertions, 0 deletions
diff --git a/src/plugins/gbp/gbp_ext_itf.c b/src/plugins/gbp/gbp_ext_itf.c
index be2d614e1fa..89bcb3da49e 100644
--- a/src/plugins/gbp/gbp_ext_itf.c
+++ b/src/plugins/gbp/gbp_ext_itf.c
@@ -130,6 +130,120 @@ gbp_ext_itf_delete (u32 sw_if_index)
   return (VNET_API_ERROR_NO_SUCH_ENTRY);
 }
 
+int
+gbp_ext_itf_anon_add (u32 sw_if_index, u32 bd_id, u32 rd_id)
+{
+  int rv = gbp_ext_itf_add (sw_if_index, bd_id, rd_id);
+  if (rv)
+    return rv;
+  /* add interface to the BD */
+  index_t itf = gbp_itf_add_and_lock (sw_if_index, bd_id);
+  /* setup GBP L2 features on this interface */
+  gbp_itf_set_l2_input_feature (itf, 0,
+				L2INPUT_FEAT_GBP_LPM_ANON_CLASSIFY |
+				L2INPUT_FEAT_LEARN);
+  gbp_itf_set_l2_output_feature (itf, 0, L2OUTPUT_FEAT_GBP_POLICY_LPM);
+  return 0;
+}
+
+int
+gbp_ext_itf_anon_delete (u32 sw_if_index)
+{
+  int rv = gbp_ext_itf_delete (sw_if_index);
+  if (rv)
+    return rv;
+  gbp_itf_unlock (sw_if_index);
+  return 0;
+}
+
+static clib_error_t *
+gbp_ext_itf_add_del_cli (vlib_main_t * vm,
+			 unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+  unformat_input_t _line_input, *line_input = &_line_input;
+  u32 sw_if_index = ~0, bd_id = ~0, rd_id = ~0;
+  int add = 1, anon = 0;
+  int rv;
+
+  /* Get a line of input. */
+  if (!unformat_user (input, unformat_line_input, line_input))
+    return 0;
+
+  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (line_input, "del"))
+	add = 0;
+      else
+	if (unformat
+	    (line_input, "%U", unformat_vnet_sw_interface, vnet_get_main (),
+	     &sw_if_index))
+	;
+      else if (unformat (line_input, "bd %d", &bd_id))
+	;
+      else if (unformat (line_input, "rd %d", &rd_id))
+	;
+      else if (unformat (line_input, "anon-l3-out"))
+	anon = 1;
+      else
+	return clib_error_return (0, "unknown input `%U'",
+				  format_unformat_error, line_input);
+    }
+  unformat_free (line_input);
+
+  if (~0 == sw_if_index)
+    return clib_error_return (0, "interface must be specified");
+
+  if (add)
+    {
+      if (~0 == bd_id)
+	return clib_error_return (0, "BD-ID must be specified");
+      if (~0 == rd_id)
+	return clib_error_return (0, "RD-ID must be specified");
+      if (anon)
+	rv = gbp_ext_itf_anon_add (sw_if_index, bd_id, rd_id);
+      else
+	rv = gbp_ext_itf_add (sw_if_index, bd_id, rd_id);
+    }
+  else
+    {
+      if (anon)
+	rv = gbp_ext_itf_anon_delete (sw_if_index);
+      else
+	rv = gbp_ext_itf_delete (sw_if_index);
+    }
+
+  switch (rv)
+    {
+    case 0:
+      return 0;
+    case VNET_API_ERROR_ENTRY_ALREADY_EXISTS:
+      return clib_error_return (0, "interface already exists");
+    case VNET_API_ERROR_NO_SUCH_ENTRY:	/* fallthrough */
+    case VNET_API_ERROR_INVALID_SW_IF_INDEX:
+      return clib_error_return (0, "unknown interface");
+    default:
+      return clib_error_return (0, "error %d", rv);
+    }
+
+  /* never reached */
+  return 0;
+}
+
+/*?
+ * Add Group Based Interface as anonymous L3out interface
+ *
+ * @cliexpar
+ * @cliexstart{gbp interface [del] anon-l3out <interface> bd <ID>}
+ * @cliexend
+ ?*/
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (gbp_itf_anon_l3out_add_del_node, static) = {
+  .path = "gbp ext-itf",
+  .short_help = "gbp ext-itf [del] <interface> bd <ID> rd <ID> [anon-l3-out]\n",
+  .function = gbp_ext_itf_add_del_cli,
+};
+/* *INDENT-ON* */
+
 void
 gbp_ext_itf_walk (gbp_ext_itf_cb_t cb, void *ctx)
 {
author	Benoît Ganne <bganne@cisco.com>	2019-06-26 13:36:51 +0200
committer	Neale Ranns <nranns@cisco.com>	2019-07-02 14:19:07 +0000
commit	cfc7a107e6cb8be6e7c53a08e23a146c431c8e90 (patch)
tree	2179e92193ce7453b6eb67ba94a3c881f998f4fc /src/plugins/gbp/gbp_ext_itf.c
parent	2ec825937b7ac856f67d086ce6814dd21c5e9bd7 (diff)