Hi,
You need to choose an appropriate priority for:
lcp_rt_fib_src =
fib_source_allocate ("lcp-rt", FIB_SOURCE_PRIORITY_HI, FIB_SOURCE_BH_API);
in plugins/linux-cp/lcp_router.c
from vnet/fb/fib_source.h
/**
* The fixed source to priority mappings.
* Declared here so those adding new sources can better determine their
respective
* priority values.
*/
#define foreach_fib_source \
/** you can't do better then the special source */ \
_(FIB_SOURCE_SPECIAL, 0x00, FIB_SOURCE_BH_SIMPLE) \
_(FIB_SOURCE_CLASSIFY, 0x01, FIB_SOURCE_BH_SIMPLE) \
_(FIB_SOURCE_PROXY, 0x02, FIB_SOURCE_BH_SIMPLE) \
_(FIB_SOURCE_INTERFACE, 0x03, FIB_SOURCE_BH_INTERFACE) \
_(FIB_SOURCE_SR, 0x10, FIB_SOURCE_BH_API) \
_(FIB_SOURCE_BIER, 0x20, FIB_SOURCE_BH_SIMPLE) \
_(FIB_SOURCE_6RD, 0x30, FIB_SOURCE_BH_API) \
_(FIB_SOURCE_API, 0x80, FIB_SOURCE_BH_API) \
_(FIB_SOURCE_CLI, 0x81, FIB_SOURCE_BH_API) \
_(FIB_SOURCE_LISP, 0x90, FIB_SOURCE_BH_LISP) \
_(FIB_SOURCE_MAP, 0xa0, FIB_SOURCE_BH_SIMPLE) \
_(FIB_SOURCE_DHCP, 0xb0, FIB_SOURCE_BH_API) \
_(FIB_SOURCE_IP6_ND_PROXY, 0xc0, FIB_SOURCE_BH_API) \
_(FIB_SOURCE_IP6_ND, 0xc1, FIB_SOURCE_BH_API) \
_(FIB_SOURCE_ADJ, 0xd0, FIB_SOURCE_BH_ADJ) \
_(FIB_SOURCE_MPLS, 0xe0, FIB_SOURCE_BH_MPLS) \
_(FIB_SOURCE_AE, 0xf0, FIB_SOURCE_BH_SIMPLE) \
_(FIB_SOURCE_RR, 0xfb, FIB_SOURCE_BH_RR) \
_(FIB_SOURCE_URPF_EXEMPT, 0xfc, FIB_SOURCE_BH_RR) \
_(FIB_SOURCE_DEFAULT_ROUTE, 0xfd, FIB_SOURCE_BH_DROP) \
_(FIB_SOURCE_INTERPOSE, 0xfe, FIB_SOURCE_BH_INTERPOSE) \
_(FIB_SOURCE_INVALID, 0xff, FIB_SOURCE_BH_DROP)
/**
* Some priority values that plugins might use when they are not to concerned
* where in the list they'll go.
*/
#define FIB_SOURCE_PRIORITY_HI 0x10
#define FIB_SOURCE_PRIORITY_LOW 0xd0
/neale
From: [email protected] <[email protected]> on behalf of Chinmaya Aggarwal
via lists.fd.io <[email protected]>
Date: Tuesday, 5 April 2022 at 16:55
To: [email protected] <[email protected]>
Subject: Re: [vpp-dev] Prevent blackhole routes being leaked into VPP
Hi,
We are adding blackhole routes via linux command "sudo ip netns exec dataplane
ip -6 route add blackhole 2001:50:10:a111::101/64 table 1203"
After adding blackhole routes on linux (that are leaked to vpp), if we try to
view the route in vpp ,we get the below output
[root@j3chysr01stg05 ~]# vppctl show ip6 fib table 1203 2001:50:10:a111::/64
ipv6-VRF:1203, fib_index:3, flow hash:[src dst sport dport proto flowlabel ]
epoch:0 flags:none locks:[CLI:3, lcp-rt:1, ]
2001:50:10:a111::/64 fib:3 index:86 locks:2
lcp-rt refs:1 entry-flags:drop, src-flags:added,contributing,active,
path-list:[126] locks:2 flags:drop, uPRF-list:76 len:0 itfs:[]
path:[126] pl-index:126 ip6 weight=1 pref=0 deag: cfg-flags:drop,
fib-index:0
forwarding: unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:88 buckets:1 uRPF:76 to:[0:0]]
[0] [@0]: dpo-drop ip6
[root@j3chysr01stg05 ~]#
Now, if we add another route via ipip tunnel (that supposedly should overwrite
the blackhole route) using the API. We get below below output for command "show
ip6 fib table 1203 2001:50:10:a111::/64"
[root@j3chysr01stg05 ~]# vppctl show ip6 fib table 1203 2001:50:10:a111::/64
ipv6-VRF:1203, fib_index:3, flow hash:[src dst sport dport proto flowlabel ]
epoch:0 flags:none locks:[CLI:3, lcp-rt:1, ]
2001:50:10:a111::/64 fib:3 index:86 locks:3
lcp-rt refs:1 entry-flags:drop, src-flags:added,contributing,active,
path-list:[126] locks:2 flags:drop, uPRF-list:76 len:0 itfs:[]
path:[126] pl-index:126 ip6 weight=1 pref=0 deag: cfg-flags:drop,
fib-index:0
API refs:1 entry-flags:attached,import, src-flags:added,
path-list:[161] locks:1 flags:shared, uPRF-list:106 len:1 itfs:[40, ]
path:[211] pl-index:161 ip6 weight=100 pref=0 attached:
oper-flags:resolved,
ipip19
forwarding: unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:88 buckets:1 uRPF:76 to:[0:0]]
[0] [@0]: dpo-drop ip6
[root@j3chysr01stg05 ~]#
lcp-rt gets added the moment the blackhole routes get leaked to VPP. I think
"lcp-rt" denotes the blackhole routes.
API is still below the "lcp-rt" route. How can we prioritize API route over
lcp-rt route?
Thanks and Regards,
Chinmaya Agarwal.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21207): https://lists.fd.io/g/vpp-dev/message/21207
Mute This Topic: https://lists.fd.io/mt/90236408/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
