oxidecomputer
diff --git a/‎.github/buildomat/jobs/deploy.sh‎
Lines changed: 1 addition & 1 deletion b/‎.github/buildomat/jobs/deploy.sh‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Cargo.lock‎
Lines changed: 4 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎clients/bootstrap-agent-client/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎clients/bootstrap-agent-client/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎clients/bootstrap-agent-lockstep-client/src/lib.rs‎
Lines changed: 10 additions & 0 deletions b/‎clients/bootstrap-agent-lockstep-client/src/lib.rs‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎clients/nexus-lockstep-client/src/lib.rs‎
Lines changed: 2 additions & 0 deletions b/‎clients/nexus-lockstep-client/src/lib.rs‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎nexus/db-model/src/bgp.rs‎
Lines changed: 41 additions & 12 deletions b/‎nexus/db-model/src/bgp.rs‎
Lines changed: 41 additions & 12 deletions
diff --git a/‎nexus/mgs-updates/src/test_util/host_phase_2_test_state.rs‎
Lines changed: 8 additions & 0 deletions b/‎nexus/mgs-updates/src/test_util/host_phase_2_test_state.rs‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎nexus/src/app/background/tasks/sync_switch_configuration.rs‎
Lines changed: 70 additions & 27 deletions b/‎nexus/src/app/background/tasks/sync_switch_configuration.rs‎
Lines changed: 70 additions & 27 deletions
@@ -294,7 +294,7 @@ infra_ip_last = \"$UPLINK_IP\"
 		/^routes/c\\
 routes = \\[{nexthop = \"$GATEWAY_IP\", destination = \"0.0.0.0/0\"}\\]
 		/^addresses/c\\
-addresses = \\[{address = \"$UPLINK_IP/24\"} \\]
+addresses = \\[{address = {type = \"static\", ip_net = \"$UPLINK_IP/24\"} }\\]
 	}
 " pkg/config-rss.toml
 diff -u pkg/config-rss.toml{~,} || true
 
@@ -15,6 +15,7 @@ reqwest = { workspace = true, features = [ "json", "rustls", "stream" ] }
 schemars.workspace = true
 serde.workspace = true
 serde_json.workspace = true
+sled-agent-types.workspace = true
 sled-hardware-types.workspace = true
 slog.workspace = true
 uuid.workspace = true
 
@@ -26,8 +26,18 @@ progenitor::generate_api!(
     replace = {
         AllowedSourceIps = omicron_common::api::external::AllowedSourceIps,
         Baseboard = sled_hardware_types::Baseboard,
+        BgpPeerConfig = sled_agent_types::early_networking::BgpPeerConfig,
         ImportExportPolicy = sled_agent_types::early_networking::ImportExportPolicy,
+        LldpAdminStatus = sled_agent_types::early_networking::LldpAdminStatus,
+        LldpPortConfig = sled_agent_types::early_networking::LldpPortConfig,
+        PortConfig = sled_agent_types::early_networking::PortConfig,
+        PortFec = sled_agent_types::early_networking::PortFec,
+        PortSpeed = sled_agent_types::early_networking::PortSpeed,
+        RouteConfig = sled_agent_types::early_networking::RouteConfig,
+        RouterLifetimeConfig = sled_agent_types::early_networking::RouterLifetimeConfig,
         SwitchSlot = sled_agent_types::early_networking::SwitchSlot,
+        TxEqConfig = sled_agent_types::early_networking::TxEqConfig,
+        UplinkAddressConfig = sled_agent_types::early_networking::UplinkAddressConfig,
     },
 );
 
 
@@ -69,10 +69,12 @@ progenitor::generate_api!(
         ReconfiguratorConfigParam = nexus_types::deployment::ReconfiguratorConfigParam,
         ReconfiguratorConfigView = nexus_types::deployment::ReconfiguratorConfigView,
         RecoverySiloConfig = sled_agent_types_versions::latest::rack_init::RecoverySiloConfig,
+        RouterPeerType = sled_agent_types::early_networking::RouterPeerType,
         SledAgentUpdateStatus = nexus_types::internal_api::views::SledAgentUpdateStatus,
         SwitchSlot = sled_agent_types::early_networking::SwitchSlot,
         TrustQuorumConfig = nexus_types::trust_quorum::TrustQuorumConfig,
         UpdateStatus = nexus_types::internal_api::views::UpdateStatus,
+        UplinkAddressConfig = sled_agent_types::early_networking::UplinkAddressConfig,
         ZoneStatus = nexus_types::internal_api::views::ZoneStatus,
         ZpoolName = omicron_common::zpool_name::ZpoolName,
     },
 
@@ -16,12 +16,14 @@ use omicron_common::api::external::IdentityMetadataCreateParams;
 use serde::{Deserialize, Serialize};
 use sled_agent_types::early_networking::BgpPeerConfig;
 use sled_agent_types::early_networking::ImportExportPolicy;
+use sled_agent_types::early_networking::InvalidIpAddrError;
 use sled_agent_types::early_networking::MaxPathConfig;
 use sled_agent_types::early_networking::RouterLifetimeConfig;
 use sled_agent_types::early_networking::RouterLifetimeConfigError;
+use sled_agent_types::early_networking::RouterPeerIpAddr;
+use sled_agent_types::early_networking::RouterPeerIpAddrError;
+use sled_agent_types::early_networking::RouterPeerType;
 use slog_error_chain::InlineErrorChain;
-use std::net::IpAddr;
-use std::net::Ipv6Addr;
 use uuid::Uuid;
 
 #[derive(
@@ -172,24 +174,52 @@ pub struct BgpPeerView {
 pub enum BgpPeerConfigDataError {
     #[error("database contains illegal router lifetime value")]
     RouterLifetime(#[source] RouterLifetimeConfigError),
+    #[error("database contains illegal router peer address")]
+    Address(#[source] RouterPeerIpAddrError),
 }
 
 impl TryFrom<BgpPeerView> for BgpPeerConfig {
     type Error = BgpPeerConfigDataError;
 
     fn try_from(value: BgpPeerView) -> Result<Self, Self::Error> {
-        // For unnumbered peers (addr is None), use UNSPECIFIED
-        let addr = match value.addr {
-            None => IpAddr::V6(Ipv6Addr::UNSPECIFIED),
-            Some(addr) => addr.ip(),
-        };
-
-        // TODO-correctness We should have db constraints to ensure these can't
+        // TODO-correctness We should have db constraints to ensure this can't
         // fail.
         let router_lifetime =
             RouterLifetimeConfig::new(value.router_lifetime.0)
                 .map_err(BgpPeerConfigDataError::RouterLifetime)?;
-        let min_ttl = value.min_ttl.map(|val| val.0);
+
+        // Convert weaker database representation IP address back to a
+        // strongly-typed `RouterPeerType`.
+        let addr = match value
+            .addr
+            .map(|addr| RouterPeerIpAddr::try_from(addr.ip()))
+        {
+            Some(Ok(ip)) => RouterPeerType::Numbered { ip },
+
+            // TODO-cleanup This allows any of three DB values (NULL, `0.0.0.0`,
+            // `::`) to be converted to `RouterPeerType::Unnumbered`. Should we
+            // add db constraints to squish that down to one (probably NULL)?
+            Some(Err(RouterPeerIpAddrError {
+                err: InvalidIpAddrError::UnspecifiedAddress,
+                ..
+            }))
+            | None => RouterPeerType::Unnumbered { router_lifetime },
+
+            // We should never see any other kind of invalid address as a peer -
+            // those will fail if we try to send them to maghemite anyway. Bail
+            // out as early as we can.
+            Some(Err(
+                err @ RouterPeerIpAddrError {
+                    err:
+                        InvalidIpAddrError::LoopbackAddress
+                        | InvalidIpAddrError::MulticastAddress
+                        | InvalidIpAddrError::Ipv4Broadcast
+                        | InvalidIpAddrError::Ipv6UnicastLinkLocal
+                        | InvalidIpAddrError::Ipv4MappedIpv6,
+                    ..
+                },
+            )) => return Err(BgpPeerConfigDataError::Address(err)),
+        };
 
         Ok(Self {
             asn: *value.asn,
@@ -203,7 +233,7 @@ impl TryFrom<BgpPeerView> for BgpPeerConfig {
             enforce_first_as: value.enforce_first_as,
             local_pref: value.local_pref.map(|x| x.into()),
             md5_auth_key: value.md5_auth_key,
-            min_ttl,
+            min_ttl: value.min_ttl.map(|val| val.0),
             multi_exit_discriminator: value
                 .multi_exit_discriminator
                 .map(|x| x.into()),
@@ -212,7 +242,6 @@ impl TryFrom<BgpPeerView> for BgpPeerConfig {
             allowed_export: ImportExportPolicy::NoFiltering,
             allowed_import: ImportExportPolicy::NoFiltering,
             vlan_id: value.vlan_id.map(|x| x.0),
-            router_lifetime,
         })
     }
 }
@@ -271,6 +271,7 @@ mod api_impl {
     use sled_agent_types_versions::v20;
     use sled_agent_types_versions::v25;
     use sled_agent_types_versions::v26;
+    use sled_agent_types_versions::v30;
     use sled_diagnostics::SledDiagnosticsQueryOutput;
     use std::collections::BTreeMap;
     use std::collections::BTreeSet;
@@ -771,6 +772,13 @@ mod api_impl {
             unimplemented!()
         }
 
+        async fn write_network_bootstore_config_v30(
+            _rqctx: RequestContext<Self::Context>,
+            _body: TypedBody<v30::early_networking::WriteNetworkConfigRequest>,
+        ) -> Result<HttpResponseUpdatedNoContent, HttpError> {
+            unimplemented!()
+        }
+
         async fn write_network_bootstore_config_v26(
             _rqctx: RequestContext<Self::Context>,
             _body: TypedBody<v26::early_networking::WriteNetworkConfigRequest>,
 
@@ -56,14 +56,17 @@ use sled_agent_types::early_networking::BgpPeerConfig as SledBgpPeerConfig;
 use sled_agent_types::early_networking::EarlyNetworkConfigBody;
 use sled_agent_types::early_networking::EarlyNetworkConfigEnvelope;
 use sled_agent_types::early_networking::ImportExportPolicy;
+use sled_agent_types::early_networking::InvalidIpAddrError;
 use sled_agent_types::early_networking::LldpAdminStatus;
 use sled_agent_types::early_networking::LldpPortConfig;
 use sled_agent_types::early_networking::MaxPathConfig;
 use sled_agent_types::early_networking::PortConfig;
 use sled_agent_types::early_networking::RackNetworkConfig;
 use sled_agent_types::early_networking::RouteConfig as SledRouteConfig;
+use sled_agent_types::early_networking::RouterPeerType;
 use sled_agent_types::early_networking::SwitchSlot;
 use sled_agent_types::early_networking::TxEqConfig;
+use sled_agent_types::early_networking::UplinkAddress;
 use sled_agent_types::early_networking::UplinkAddressConfig;
 use sled_agent_types::early_networking::WriteNetworkConfigRequest;
 use slog_error_chain::InlineErrorChain;
@@ -468,7 +471,7 @@ impl BackgroundTask for SwitchPortSettingsManager {
                 //
                 // calculate and apply switch zone SMF changes
                 //
-                let uplinks = uplinks(&changes);
+                let uplinks = uplinks(&changes, &log);
 
                 // yeet the messages
                 for (switch_slot, config) in &uplinks {
@@ -1097,22 +1100,42 @@ impl BackgroundTask for SwitchPortSettingsManager {
                                 log,
                                 "failed to convert database peer configs to \
                                  API peer configs";
+                                "switch_slot" => ?switch_slot,
+                                "port" => &port.port_name.to_string(),
+                                InlineErrorChain::new(&err),
+                            );
+                            continue;
+                        }
+                    };
+
+                    let addresses = match info
+                        .addresses
+                        .iter()
+                        .map(|a| {
+                             let address = UplinkAddress::try_from_ip_net_treating_unspecified_as_addrconf(a.address)?;
+                             Ok(UplinkAddressConfig {
+                                 address,
+                                 vlan_id: a.vlan_id
+                             })
+                        })
+                        .collect::<Result<_, InvalidIpAddrError>>()
+                    {
+                        Ok(addresses) => addresses,
+                        Err(err) => {
+                            error!(
+                                log,
+                                "failed to convert database uplink addresses \
+                                 to API uplink addresses";
+                                "switch_slot" => ?switch_slot,
+                                "port" => &port.port_name.to_string(),
                                 InlineErrorChain::new(&err),
                             );
                             continue;
                         }
                     };
 
                     let mut port_config = PortConfig {
-                        addresses: info
-                            .addresses
-                            .iter()
-                            .map(|a|
-                                 UplinkAddressConfig {
-                                     address: if a.address.addr().is_unspecified() {None} else {Some(a.address)},
-                                     vlan_id: a.vlan_id
-                                 }
-                            ).collect(),
+                        addresses,
                         autoneg: info
                             .links
                             .get(0) //TODO breakout support
@@ -1162,11 +1185,15 @@ impl BackgroundTask for SwitchPortSettingsManager {
                     ;
 
                     for peer in port_config.bgp_peers.iter_mut() {
-                        // For unnumbered peers (addr is UNSPECIFIED), pass None
-                        let peer_addr_for_lookup = if peer.addr.is_unspecified() {
-                            None
-                        } else {
-                            Some(peer.addr)
+                        // For unnumbered peers, pass None
+                        //
+                        // TODO-cleanup Push `RouterPeerAddress` down to all the
+                        // datastore methods below instead of an `Option`.
+                        let peer_addr_for_lookup = match peer.addr {
+                            RouterPeerType::Unnumbered { .. } => None,
+                            RouterPeerType::Numbered { ip } => {
+                                Some(IpAddr::from(ip))
+                            }
                         };
 
                         peer.communities = match self
@@ -1679,6 +1706,7 @@ async fn switch_loopback_addresses(
 
 fn uplinks(
     changes: &[(SwitchSlot, nexus_db_model::SwitchPort, PortSettingsChange)],
+    log: &slog::Logger,
 ) -> HashMap<SwitchSlot, Vec<HostPortConfig>> {
     let mut uplinks: HashMap<SwitchSlot, Vec<HostPortConfig>> = HashMap::new();
     for (switch_slot, port, change) in changes {
@@ -1720,20 +1748,35 @@ fn uplinks(
             None
         };
 
+        let addrs = match config
+            .addresses
+            .iter()
+            .map(|a| {
+                 let address = UplinkAddress::try_from_ip_net_treating_unspecified_as_addrconf(a.address)?;
+                 Ok(UplinkAddressConfig {
+                     address,
+                     vlan_id: a.vlan_id
+                 })
+            })
+            .collect::<Result<_, InvalidIpAddrError>>()
+        {
+            Ok(addresses) => addresses,
+            Err(err) => {
+                error!(
+                    log,
+                    "failed to convert database uplink addresses to \
+                     API uplink addresses";
+                    "switch_slot" => ?switch_slot,
+                    "port" => &port.port_name.to_string(),
+                    InlineErrorChain::new(&err),
+                );
+                continue;
+            }
+        };
+
         let config = HostPortConfig {
             port: port.port_name.to_string(),
-            addrs: config
-                .addresses
-                .iter()
-                .map(|a| UplinkAddressConfig {
-                    address: if a.address.addr().is_unspecified() {
-                        None
-                    } else {
-                        Some(a.address)
-                    },
-                    vlan_id: a.vlan_id,
-                })
-                .collect(),
+            addrs,
             lldp,
             tx_eq,
         };
Original file line number	Diff line number	Diff line change
`@@ -294,7 +294,7 @@ infra_ip_last = \"$UPLINK_IP\"`
`294`	`294`	`/^routes/c\\`
`295`	`295`	`routes = \\[{nexthop = \"$GATEWAY_IP\", destination = \"0.0.0.0/0\"}\\]`
`296`	`296`	`/^addresses/c\\`
`297`		`-addresses = \\[{address = \"$UPLINK_IP/24\"} \\]`
	`297`	`+addresses = \\[{address = {type = \"static\", ip_net = \"$UPLINK_IP/24\"} }\\]`
`298`	`298`	`}`
`299`	`299`	`" pkg/config-rss.toml`
`300`	`300`	`diff -u pkg/config-rss.toml{~,} \|\| true`