BGP: Some fixes related to VRF and MPLS interactions

 - When next hop is reset to local IP, we should remove BGP label stack,
   as it is related to original next hop

 - BGP next hop or immediate next hop from one VRF should not be passed
   to another VRF, as they are different IP namespaces

diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c
index fc23897d70d163bb3708840923653120fcf3b712..8087608a87c2055166c1a00b06d38e42b8070ddc 100644 (file)
--- a/proto/bgp/packets.c
+++ b/proto/bgp/packets.c
@@ -1112,6 +1112,10 @@ bgp_use_next_hop(struct bgp_export_state *s, eattr *a)
   if ((ipa_is_ip4(*nh) != bgp_channel_is_ipv4(c)) && !c->ext_next_hop)
     return 0;
 
+  /* Do not pass NEXT_HOP between different VRFs */
+  if (p->p.vrf_set && s->src && s->src->p.vrf_set && (p->p.vrf != s->src->p.vrf))
+    return 0;
+
   /* Keep it when exported to internal peers */
   if (p->is_interior && ipa_nonzero(*nh))
     return 1;
@@ -1141,6 +1145,10 @@ bgp_use_gateway(struct bgp_export_state *s)
   if ((ipa_is_ip4(ra->nh.gw) != bgp_channel_is_ipv4(c)) && !c->ext_next_hop)
     return 0;
 
+  /* Do not use gateway from different VRF */
+  if (p->p.vrf_set && ra->nh.iface && (p->p.vrf != ra->nh.iface->master))
+    return 0;
+
   /* Use it when exported to internal peers */
   if (p->is_interior)
     return 1;
@@ -1167,6 +1175,8 @@ bgp_update_next_hop_ip(struct bgp_export_state *s, eattr *a, ea_list **to)
        uint lnum = ra->nh.labels ? ra->nh.labels : 1;
        bgp_set_attr_data(to, s->pool, BA_MPLS_LABEL_STACK, 0, labels, lnum * 4);
       }
+      else
+       bgp_unset_attr(to, s->pool, BA_MPLS_LABEL_STACK);
     }
     else
     {
@@ -1180,6 +1190,8 @@ bgp_update_next_hop_ip(struct bgp_export_state *s, eattr *a, ea_list **to)
        u32 implicit_null = BGP_MPLS_NULL;
        bgp_set_attr_data(to, s->pool, BA_MPLS_LABEL_STACK, 0, &implicit_null, 4);
       }
+      else
+       bgp_unset_attr(to, s->pool, BA_MPLS_LABEL_STACK);
     }
   }