diff --git a/microovn/frr/bgp/redirect.go b/microovn/frr/bgp/redirect.go index 7f36330f..3eae5699 100644 --- a/microovn/frr/bgp/redirect.go +++ b/microovn/frr/bgp/redirect.go @@ -356,18 +356,67 @@ func startBgpUnnumbered(_ context.Context, extConnections []types.BgpExternalCon var confBuilder strings.Builder fmt.Fprintln(&confBuilder, "configure") + + // Ensure we don't announce any default route from VRF to our peer. + fmt.Fprint(&confBuilder, ` +ip prefix-list no-default seq 5 deny 0.0.0.0/0 +ip prefix-list no-default seq 10 permit 0.0.0.0/0 le 32 +ipv6 prefix-list no-default seq 5 deny ::/0 +ipv6 prefix-list no-default seq 10 permit ::/0 le 128 +`) + fmt.Fprintf(&confBuilder, "router bgp %s vrf %s\n", asn, vrfName) for _, connection := range extConnections { fmt.Fprintf(&confBuilder, "neighbor %s interface remote-as external\n", getBgpRedirectIfaceName(connection.Iface), ) + + // Disable IPv4 address family until we actually have support for + // routing IPv4 prefixes over IPv6 nexthops in OVN. + fmt.Fprint(&confBuilder, + "address-family ipv4 unicast\n", + ) + fmt.Fprintf(&confBuilder, + "no neighbor %s activate\n", + getBgpRedirectIfaceName(connection.Iface), + ) + fmt.Fprintln(&confBuilder, + "exit-address-family", + ) + + // Enable IPv6 address family. + fmt.Fprint(&confBuilder, + "address-family ipv6 unicast\n", + ) + fmt.Fprintf(&confBuilder, + "neighbor %s soft-reconfiguration inbound\n", + getBgpRedirectIfaceName(connection.Iface), + ) + fmt.Fprintf(&confBuilder, + "neighbor %s prefix-list no-default out\n", + getBgpRedirectIfaceName(connection.Iface), + ) + fmt.Fprintln(&confBuilder, + "redistribute kernel", + ) + fmt.Fprintf(&confBuilder, + "neighbor %s activate\n", + getBgpRedirectIfaceName(connection.Iface), + ) + fmt.Fprintln(&confBuilder, + "exit-address-family", + ) } fmt.Fprintln(&confBuilder, "do copy running-config startup-config") cmd := exec.Command(filepath.Join(paths.Wrappers(), "vtysh")) cmd.Stdin = strings.NewReader(confBuilder.String()) - err := cmd.Run() + err := cmd.Start() + if err != nil { + return err + } + err = cmd.Wait() return err } diff --git a/tests/test_helper/bgp_utils.bash b/tests/test_helper/bgp_utils.bash index fa46c5b6..43c3af51 100644 --- a/tests/test_helper/bgp_utils.bash +++ b/tests/test_helper/bgp_utils.bash @@ -28,8 +28,19 @@ function frr_start_bgp_unnumbered() { cat << EOF | lxc_exec "$container" "vtysh" configure + ! router bgp $asn neighbor $interface interface remote-as external + ! + address-family ipv4 unicast + no neighbor $interface activate + exit-address-family + ! + address-family ipv6 unicast + neighbor $interface soft-reconfiguration inbound + neighbor $interface activate + exit-address-family + ! EOF }