Merge pull request FRRouting#18763 from opensourcerouting/fix/bgp_bfd_profile_shutdown

BGP should stay in Idle if BFD profile is in admin shutdown state

Author: Jafaral

bgpd/bgp_bfd.c

@@ -27,6 +27,9 @@
 #include "bgpd/bgp_vty.h"
 #include "bgpd/bgp_packet.h"
 #include "bgpd/bgp_network.h"
+#ifndef VTYSH_EXTRACT_PL
+#include "bgpd/bgp_bfd_clippy.c"
+#endif
 
 DEFINE_MTYPE_STATIC(BGPD, BFD_CONFIG, "BFD configuration data");
 
@@ -420,8 +423,7 @@ void bgp_peer_remove_bfd_config(struct peer *p)
 /*
  * bgp_bfd_peer_config_write - Write the peer BFD configuration.
  */
-void bgp_bfd_peer_config_write(struct vty *vty, const struct peer *peer,
-			       const char *addr)
+void bgp_bfd_peer_config_write(struct vty *vty, struct peer *peer, const char *addr)
 {
 	/*
 	 * Always show group BFD configuration, but peer only when explicitly
@@ -446,13 +448,15 @@ void bgp_bfd_peer_config_write(struct vty *vty, const struct peer *peer,
 	if (peer->bfd_config->cbit)
 		vty_out(vty, " neighbor %s bfd check-control-plane-failure\n",
 			addr);
+
+	if (peergroup_flag_check(peer, PEER_FLAG_BFD_STRICT))
+		vty_out(vty, " neighbor %s bfd strict\n", addr);
 }
 
 /*
  * bgp_bfd_show_info - Show the peer BFD information.
  */
-void bgp_bfd_show_info(struct vty *vty, const struct peer *peer,
-		       json_object *json_neigh)
+void bgp_bfd_show_info(struct vty *vty, struct peer *peer, json_object *json_neigh)
 {
 	bfd_sess_show(vty, json_neigh, peer->bfd_config->session);
 }
@@ -481,11 +485,49 @@ DEFUN (neighbor_bfd,
 	return CMD_SUCCESS;
 }
 
+#if HAVE_BFDD == 0
+DEFUN(
+       neighbor_bfd_param,
+       neighbor_bfd_param_cmd,
+       "neighbor <A.B.C.D|X:X::X:X|WORD> bfd (2-255) (50-60000) (50-60000)",
+       NEIGHBOR_STR
+       NEIGHBOR_ADDR_STR2
+       "Enables BFD support\n"
+       "Detect Multiplier\n"
+       "Required min receive interval\n"
+       "Desired min transmit interval\n")
+{
+	int idx_peer = 1;
+	int idx_number_1 = 3;
+	int idx_number_2 = 4;
+	int idx_number_3 = 5;
+	long detection_multiplier, min_rx, min_tx;
+	struct peer *peer;
+
+	peer = peer_and_group_lookup_vty(vty, argv[idx_peer]->arg);
+	if (!peer)
+		return CMD_WARNING_CONFIG_FAILED;
+
+	detection_multiplier = strtol(argv[idx_number_1]->arg, NULL, 10);
+	min_rx = strtol(argv[idx_number_2]->arg, NULL, 10);
+	min_tx = strtol(argv[idx_number_3]->arg, NULL, 10);
+
+	if (CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP))
+		bgp_group_configure_bfd(peer);
+	else
+		bgp_peer_configure_bfd(peer, true);
+
+	peer->bfd_config->detection_multiplier = detection_multiplier;
+	peer->bfd_config->min_rx = min_rx;
+	peer->bfd_config->min_tx = min_tx;
+	bgp_peer_config_apply(peer, peer->group);
+
+	return CMD_SUCCESS;
+}
+#endif
+
 #if HAVE_BFDD > 0
 DEFUN_HIDDEN(
-#else
-DEFUN(
-#endif /* HAVE_BFDD */
        neighbor_bfd_param,
        neighbor_bfd_param_cmd,
        "neighbor <A.B.C.D|X:X::X:X|WORD> bfd (2-255) (50-60000) (50-60000)",
@@ -523,6 +565,28 @@ DEFUN(
 
 	return CMD_SUCCESS;
 }
+#endif
+
+DEFPY (neighbor_bfd_strict,
+       neighbor_bfd_strict_cmd,
+       "[no$no] neighbor <A.B.C.D|X:X::X:X|WORD>$neighbor bfd strict",
+       NO_STR
+       NEIGHBOR_STR
+       NEIGHBOR_ADDR_STR2
+       "BFD support\n"
+       "Strict mode\n")
+{
+	struct peer *peer;
+
+	peer = peer_and_group_lookup_vty(vty, neighbor);
+	if (!peer)
+		return CMD_WARNING_CONFIG_FAILED;
+
+	if (no)
+		return peer_flag_unset(peer, PEER_FLAG_BFD_STRICT);
+
+	return peer_flag_set(peer, PEER_FLAG_BFD_STRICT);
+}
 
 DEFUN (neighbor_bfd_check_controlplane_failure,
        neighbor_bfd_check_controlplane_failure_cmd,
@@ -556,38 +620,58 @@ DEFUN (neighbor_bfd_check_controlplane_failure,
 	return CMD_SUCCESS;
  }
 
+#if HAVE_BFDD > 0
 DEFUN (no_neighbor_bfd,
        no_neighbor_bfd_cmd,
-#if HAVE_BFDD > 0
        "no neighbor <A.B.C.D|X:X::X:X|WORD> bfd",
-#else
+       NO_STR
+       NEIGHBOR_STR
+       NEIGHBOR_ADDR_STR2
+       "Disables BFD support\n")
+ {
+	 int idx_peer = 2;
+	 struct peer *peer;
+
+	 peer = peer_and_group_lookup_vty(vty, argv[idx_peer]->arg);
+	 if (!peer)
+		 return CMD_WARNING_CONFIG_FAILED;
+
+	 if (CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP))
+		 bgp_group_remove_bfd(peer);
+	 else
+		 bgp_peer_remove_bfd(peer);
+
+	 return CMD_SUCCESS;
+ }
+#endif
+
+#if HAVE_BFDD == 0
+DEFUN (no_neighbor_bfd,
+       no_neighbor_bfd_cmd,
        "no neighbor <A.B.C.D|X:X::X:X|WORD> bfd [(2-255) (50-60000) (50-60000)]",
-#endif /* HAVE_BFDD */
        NO_STR
        NEIGHBOR_STR
        NEIGHBOR_ADDR_STR2
        "Disables BFD support\n"
-#if HAVE_BFDD == 0
        "Detect Multiplier\n"
        "Required min receive interval\n"
-       "Desired min transmit interval\n"
-#endif /* !HAVE_BFDD */
-)
-{
-	int idx_peer = 2;
-	struct peer *peer;
+       "Desired min transmit interval\n")
+ {
+	 int idx_peer = 2;
+	 struct peer *peer;
 
-	peer = peer_and_group_lookup_vty(vty, argv[idx_peer]->arg);
-	if (!peer)
-		return CMD_WARNING_CONFIG_FAILED;
+	 peer = peer_and_group_lookup_vty(vty, argv[idx_peer]->arg);
+	 if (!peer)
+		 return CMD_WARNING_CONFIG_FAILED;
 
-	if (CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP))
-		bgp_group_remove_bfd(peer);
-	else
-		bgp_peer_remove_bfd(peer);
+	 if (CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP))
+		 bgp_group_remove_bfd(peer);
+	 else
+		 bgp_peer_remove_bfd(peer);
 
-	return CMD_SUCCESS;
+	 return CMD_SUCCESS;
 }
+#endif
 
 #if HAVE_BFDD > 0
 DEFUN(neighbor_bfd_profile, neighbor_bfd_profile_cmd,
@@ -657,6 +741,7 @@ void bgp_bfd_init(struct event_loop *tm)
 	install_element(BGP_NODE, &neighbor_bfd_cmd);
 	install_element(BGP_NODE, &neighbor_bfd_param_cmd);
 	install_element(BGP_NODE, &neighbor_bfd_check_controlplane_failure_cmd);
+	install_element(BGP_NODE, &neighbor_bfd_strict_cmd);
 	install_element(BGP_NODE, &no_neighbor_bfd_cmd);
 
 #if HAVE_BFDD > 0

bgpd/bgp_bfd.h

@@ -14,8 +14,7 @@
 
 extern void bgp_bfd_init(struct event_loop *tm);
 
-extern void bgp_bfd_peer_config_write(struct vty *vty, const struct peer *peer,
-				      const char *addr);
+extern void bgp_bfd_peer_config_write(struct vty *vty, struct peer *peer, const char *addr);
 
 /**
  * Show BFD information helper.
@@ -25,8 +24,7 @@ extern void bgp_bfd_peer_config_write(struct vty *vty, const struct peer *peer,
  * \param use_json unused.
  * \param json_neigh JSON object when called as JSON command.
  */
-extern void bgp_bfd_show_info(struct vty *vty, const struct peer *peer,
-			      json_object *json_neigh);
+extern void bgp_bfd_show_info(struct vty *vty, struct peer *peer, json_object *json_neigh);
 
 /**
  * When called on a group it applies configuration to all peers in that group,

bgpd/bgp_network.c

@@ -398,6 +398,8 @@ static const char *bgp_peer_active2str(enum bgp_peer_active active)
 		return "unspecified connection";
 	case BGP_PEER_BFD_DOWN:
 		return "BFD down";
+	case BGP_PEER_BFD_ADMIN_DOWN:
+		return "BFD administrative shutdown";
 	case BGP_PEER_AF_UNCONFIGURED:
 		return "no AF activated";
 	}

bgpd/bgpd.c

@@ -4790,8 +4790,13 @@ enum bgp_peer_active peer_active(struct peer_connection *connection)
 		return BGP_PEER_CONNECTION_UNSPECIFIED;
 
 	if (peer->bfd_config) {
-		if (peer_established(connection) && bfd_session_is_down(peer->bfd_config->session))
-			return BGP_PEER_BFD_DOWN;
+		/* Only if `neighbor X bfd strict` is enabled */
+		if (peergroup_flag_check(peer, PEER_FLAG_BFD_STRICT)) {
+			if (bfd_session_is_admin_down(peer->bfd_config->session))
+				return BGP_PEER_BFD_ADMIN_DOWN;
+			else if (bfd_session_is_down(peer->bfd_config->session))
+				return BGP_PEER_BFD_DOWN;
+		}
 	}
 
 	if (peer->afc[AFI_IP][SAFI_UNICAST] || peer->afc[AFI_IP][SAFI_MULTICAST]
@@ -4948,6 +4953,7 @@ static const struct peer_flag_action peer_flag_action_list[] = {
 	{PEER_FLAG_LONESOUL, 0, peer_change_reset_out},
 	{PEER_FLAG_TCP_MSS, 0, peer_change_none},
 	{PEER_FLAG_CAPABILITY_LINK_LOCAL, 0, peer_change_none},
+	{PEER_FLAG_BFD_STRICT, 0, peer_change_none},
 	{0, 0, 0}};
 
 static const struct peer_flag_action peer_af_flag_action_list[] = {

bgpd/bgpd.h

@@ -1696,6 +1696,8 @@ struct peer {
 #define PEER_FLAG_CAPABILITY_LINK_LOCAL	  (1ULL << 41)
 /* Peer is part of a batch clearing its routes */
 #define PEER_FLAG_CLEARING_BATCH (1ULL << 42)
+/* BFD strict mode */
+#define PEER_FLAG_BFD_STRICT (1ULL << 43)
 
 	/*
 	 *GR-Disabled mode means unset PEER_FLAG_GRACEFUL_RESTART
@@ -2435,6 +2437,7 @@ enum bgp_peer_active {
 	BGP_PEER_ACTIVE,
 	BGP_PEER_CONNECTION_UNSPECIFIED,
 	BGP_PEER_BFD_DOWN,
+	BGP_PEER_BFD_ADMIN_DOWN,
 	BGP_PEER_AF_UNCONFIGURED,
 };
 

bgpd/subdir.am

@@ -217,6 +217,7 @@ clippy_scan += \
 	bgpd/bgp_vty.c \
         bgpd/bgp_nexthop.c \
 	bgpd/bgp_snmp.c \
+	bgpd/bgp_bfd.c \
 	# end
 
 nodist_bgpd_bgpd_SOURCES = \

doc/user/bfd.rst

@@ -252,6 +252,13 @@ The following commands are available inside the BGP configuration node.
    the connection with its neighbor and, when it goes back up, notify
    BGP to try to connect to it.
 
+.. clicmd:: neighbor <A.B.C.D|X:X::X:X|WORD> bfd strict
+
+   Strict mode is similar to the default mode, but it will not allow BGP to
+   establish a connection with the peer until the BFD session is up. This
+   mode is useful when you want to avoid having BGP sessions up when the
+   underlying link is down. And if the BFD session goes down, the BGP session will
+   be closed immediately. The same is if BFD is administratively down.
 
 .. clicmd:: neighbor <A.B.C.D|X:X::X:X|WORD> bfd check-control-plane-failure
 

lib/bfd.c

@@ -1355,3 +1355,8 @@ bool bfd_session_is_down(const struct bfd_session_params *session)
 	return session->bss.state == BSS_DOWN ||
 	       session->bss.state == BSS_ADMIN_DOWN;
 }
+
+bool bfd_session_is_admin_down(const struct bfd_session_params *session)
+{
+	return session->bss.state == BSS_ADMIN_DOWN;
+}

lib/bfd.h

@@ -463,6 +463,7 @@ extern int bfd_nht_update(const struct prefix *match,
 			  const struct zapi_route *route);
 
 extern bool bfd_session_is_down(const struct bfd_session_params *session);
+extern bool bfd_session_is_admin_down(const struct bfd_session_params *session);
 
 #ifdef __cplusplus
 }

tests/topotests/bgp_bfd_down_cease_notification/r1/bgpd.conf

@@ -4,6 +4,7 @@ router bgp 65001
  neighbor 192.168.255.2 timers 3 10
  neighbor 192.168.255.2 timers connect 1
  neighbor 192.168.255.2 bfd profile r1
+ neighbor 192.168.255.2 bfd strict
  neighbor 192.168.255.2 passive
  address-family ipv4
   redistribute connected