implement SBFD

[forrestchu]

implementing the SBFD feature (RFC7880, RFC7881) in FRR.

What is the motivation for this PR?
The PhoenixWing project aims to implement SRv6 features into the SONiC community. In PhoenixWing traffic engineering case, we use SBFD to protect SRv6 TE paths.

How did you do it?
SBFD HLD in SoNiC community: sonic-net/SONiC#1766

use SBFD to protect TE path, two types of configs are supported:

1. SBFD echo mode, which mainly used in Our SRv6 TE case. Only need to config at local side:
   configure terminal->
   bfd ->
   peer X::X bfd-mode sbfd-echo bfd-name name local-address X::X encap-type SRv6 encap-data X::X source-ipv6 X::X
2. SBFD initiator and reflector mode, Need to config at local side and remote side:
   2.1) local config:
   configure terminal->
   bfd ->
   peer X::X bfd-mode sbfd-init bfd-name name local-address X::X encap-type SRv6 encap-data X::X source-ipv6 X::X remote-discr 12345
   2.2) remote config:
   configure terminal ->
   bfd ->
   sbfd reflector source-address X::X discriminator 12345

[riw777]

looks good ... I think we need a topo test for this, though

[riw777]

Needs to be broken into multiple commits, and this also needs a topo test.

[donaldsharp]

a) This needs to be broken up into multiple commits. 4k lines to review is impossible. Break it down into small logical bits of work, this will never be reviewed otherwise
b) Actually take the time and write a topotest to show that this works.
c) The commit message is utterly useless and will help no-one in the future understand what is going on. This needs to be addressed
d) There is no documentation. This must be added as well.

Without some major changes this is dead in the water.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[riw777]

Looks like the docs are in, but we still need a topo test ...

[forrestchu]

Looks like the docs are in, but we still need a topo test ...

Yes Russ White, Thanks for reviewing the code. The topo test in ongoing, I will update the PR later.

[forrestchu]

Hello, @riw777 @donaldsharp greetings :)
The Docs and topotests are added. For the topotests, there are 3 scenarios to use SBFD according to the document:

1. SBFD with SRv6 encapsulation
2. echo SBFD with SRv6 encapsulation
3. normal SBFD with no SRv6 encapsulation

Currently only scenario-3 is topo-tested. Since for scenario-1 and scenario-2, they depend on the PR(#16894) to implement the SRv6 locator Functions.
I will raise another topotest PR for scenario-1 and scenario-2 once the PR #16894 is merged.

Thanks & Regards.

[pguibert6WIND]

is this block really needed ?
I don't see HAVE_IPV6_HDRINCL in the code, so I think is not needed

[forrestchu]

Yes Philippe, I saw build errors on a lower kernel version linux distribution. Added this to solve the build issue.

[pguibert6WIND]

frrouting does not test older distros.
if you don't use that flag, will the CI pass?

whatever, I suspect the feature will not work on this older distro.
so why maintaining something that will be broken?

[forrestchu]

frrouting does not test older distros. if you don't use that flag, will the CI pass?

whatever, I suspect the feature will not work on this older distro. so why maintaining something that will be broken?

CI will fail at building on RedHat 8. So I add this to work around the CI.

[pguibert6WIND]

ok, can you confirm that if you run in a test the code that uses IPV6_HDRINCL, then the SBFD service will work?
I mean, if the problem is only API related, and the kernel implements it, this is fine.
otherwise, you bring up an inconsistency..

[forrestchu]

ok, can you confirm that if you run in a test the code that uses IPV6_HDRINCL, then the SBFD service will work? I mean, if the problem is only API related, and the kernel implements it, this is fine. otherwise, you bring up an inconsistency..

IPV6_HDRINCL is a mandatory socket option for SBFD in our implementation. Because we construct the whole IPv6+SRH+IP/IPv6+UDP+BFD data on our own and instruct kernel to route the packet at the same time.
Here is a tcpdump packet with multiple sids encapped:
aa:a6:32:d5:75:64 > 5e:63:7d:1d:be:97, ethertype IPv6 (0x86dd), length 150: 2001::20 > 100::B RT6 (len=2, type=4, segleft=1, last-entry=0, tag=0, [0]100::D) 2001::20.3784 > 2001::10.7784: UDP, length 24

It means that there is a limitation on SBFD that it may not work on lower version kernel since IPV6_HDRINCL not supported.

[pguibert6WIND]

so if I understand correctly, this setsockopt operation will fail:

if (setsockopt(sd, IPPROTO_IPV6, IPV6_HDRINCL, &on, sizeof(on))) 

and sbfd test will fail.
I don't know how the tests are distributed on the various linux distros. Assuming this is random, sooner or later, the sbfd test over redhat8 will fail.

if it is true, you should think of a protection:
what about this code in the place you are using it:

#ifdef IPV6_HDRINCL
if (setsockopt(sd, IPPROTO_IPV6, IPV6_HDRINCL, &on, sizeof(on)))  {
#else
if (1) {
    /* kernel does not support IPV6_HDRINCL */
#endif
     zlog_err("setsockopt IPV6_HDRINCL error: %s", strerror(errno));
     close(sd);
     return -1;
}

and in this way, you remove the configure.ac change.

second change , in the topotest: use the API required_linux_kernel_version to avoid running BFD on a too old release.

[forrestchu]

so if I understand correctly, this setsockopt operation will fail:

if (setsockopt(sd, IPPROTO_IPV6, IPV6_HDRINCL, &on, sizeof(on))) 

and sbfd test will fail. I don't know how the tests are distributed on the various linux distros. Assuming this is random, sooner or later, the sbfd test over redhat8 will fail.

if it is true, you should think of a protection: what about this code in the place you are using it:

#ifdef IPV6_HDRINCL
if (setsockopt(sd, IPPROTO_IPV6, IPV6_HDRINCL, &on, sizeof(on)))  {
#else
if (1) {
    /* kernel does not support IPV6_HDRINCL */
#endif
     zlog_err("setsockopt IPV6_HDRINCL error: %s", strerror(errno));
     close(sd);
     return -1;
}

and in this way, you remove the configure.ac change.

second change , in the topotest: use the API required_linux_kernel_version to avoid running BFD on a too old release.

seems a perfect solution. I will have a try :)

[pguibert6WIND]

one more useless code:

 /* BFD session flags */
 enum bfd_session_flags {
        BFD_SESS_FLAG_NONE = 0,
-       BFD_SESS_FLAG_ECHO = 1 << 0,    /* BFD Echo functionality */
-       BFD_SESS_FLAG_ECHO_ACTIVE = 1 << 1, /* BFD Echo Packets are being sent
+       BFD_SESS_FLAG_ECHO = 1 << 0,            /* BFD Echo functionality */
+       BFD_SESS_FLAG_ECHO_ACTIVE = 1 << 1,     /* BFD Echo Packets are being sent
                                             * actively
                                             */
-       BFD_SESS_FLAG_MH = 1 << 2,        /* BFD Multi-hop session */
-       BFD_SESS_FLAG_IPV6 = 1 << 4,    /* BFD IPv6 session */
+       BFD_SESS_FLAG_MH = 1 << 2,              /* BFD Multi-hop session */
+       BFD_SESS_FLAG_IPV6 = 1 << 4,            /* BFD IPv6 session */
        BFD_SESS_FLAG_SEND_EVT_ACTIVE = 1 << 5, /* send event timer active */
        BFD_SESS_FLAG_SEND_EVT_IGNORE = 1 << 6, /* ignore send event when timer
                                                 * expires
                                                 */
        BFD_SESS_FLAG_SHUTDOWN = 1 << 7,        /* disable BGP peer function */
-       BFD_SESS_FLAG_CONFIG = 1 << 8, /* Session configured with bfd NB API */
-       BFD_SESS_FLAG_CBIT = 1 << 9,   /* CBIT is set */
-       BFD_SESS_FLAG_PASSIVE = 1 << 10, /* Passive mode */
-       BFD_SESS_FLAG_MAC_SET = 1 << 11, /* MAC of peer known */
+       BFD_SESS_FLAG_CONFIG = 1 << 8,          /* Session configured with bfd NB API */
+       BFD_SESS_FLAG_CBIT = 1 << 9,            /* CBIT is set */
+       BFD_SESS_FLAG_PASSIVE = 1 << 10,        /* Passive mode */
+       BFD_SESS_FLAG_MAC_SET = 1 << 11         /* MAC of peer known */
+};

[pguibert6WIND]

where are the missing things list in doc/developer/sbfd.rst please ?
The below list is what I think I understood, which is missing.
Please correct me if I am wrong, and add it to the developer doc, pls.

• admin of admin down at init side and route reflector side. (bit is not set in packet).
• handle of ipv4 sbfd packets over SRv6
• handle of ipv4 sbfd packets without srv6 seg list
• sbfd over mpls

[forrestchu]

one more useless code:

 /* BFD session flags */
 enum bfd_session_flags {
        BFD_SESS_FLAG_NONE = 0,
-       BFD_SESS_FLAG_ECHO = 1 << 0,    /* BFD Echo functionality */
-       BFD_SESS_FLAG_ECHO_ACTIVE = 1 << 1, /* BFD Echo Packets are being sent
+       BFD_SESS_FLAG_ECHO = 1 << 0,            /* BFD Echo functionality */
+       BFD_SESS_FLAG_ECHO_ACTIVE = 1 << 1,     /* BFD Echo Packets are being sent
                                             * actively
                                             */
-       BFD_SESS_FLAG_MH = 1 << 2,        /* BFD Multi-hop session */
-       BFD_SESS_FLAG_IPV6 = 1 << 4,    /* BFD IPv6 session */
+       BFD_SESS_FLAG_MH = 1 << 2,              /* BFD Multi-hop session */
+       BFD_SESS_FLAG_IPV6 = 1 << 4,            /* BFD IPv6 session */
        BFD_SESS_FLAG_SEND_EVT_ACTIVE = 1 << 5, /* send event timer active */
        BFD_SESS_FLAG_SEND_EVT_IGNORE = 1 << 6, /* ignore send event when timer
                                                 * expires
                                                 */
        BFD_SESS_FLAG_SHUTDOWN = 1 << 7,        /* disable BGP peer function */
-       BFD_SESS_FLAG_CONFIG = 1 << 8, /* Session configured with bfd NB API */
-       BFD_SESS_FLAG_CBIT = 1 << 9,   /* CBIT is set */
-       BFD_SESS_FLAG_PASSIVE = 1 << 10, /* Passive mode */
-       BFD_SESS_FLAG_MAC_SET = 1 << 11, /* MAC of peer known */
+       BFD_SESS_FLAG_CONFIG = 1 << 8,          /* Session configured with bfd NB API */
+       BFD_SESS_FLAG_CBIT = 1 << 9,            /* CBIT is set */
+       BFD_SESS_FLAG_PASSIVE = 1 << 10,        /* Passive mode */
+       BFD_SESS_FLAG_MAC_SET = 1 << 11         /* MAC of peer known */
+};

seems an indentation issue.

[pguibert6WIND]

replace MAX_SEG_NUM with SRV6_MAX_SEGS which is already defined in lib/srv6.h

[forrestchu]

where are the missing things list in doc/developer/sbfd.rst please ? The below list is what I think I understood, which is missing. Please correct me if I am wrong, and add it to the developer doc, pls.

• admin of admin down at init side and route reflector side. (bit is not set in packet).
• handle of ipv4 sbfd packets over SRv6
• handle of ipv4 sbfd packets without srv6 seg list
• sbfd over mpls

*handle of ipv4 sbfd packets over SRv6 -> this is already supported.

*sbfd over mpls -> this is the missing one, will update it to doc :)

[forrestchu]

If I reset all the commits for this branch, I can see that zebra_ptm.h file is modified, whereas it should not:

root@ubuntu2204hwe:~/frr# git reset HEAD~24
--- a/zebra/zebra_ptm.h
+++ b/zebra/zebra_ptm.h
@@ -48,13 +48,13 @@ struct zebra_ptm_cb {
 #define ZEBRA_IF_PTM_ENABLE_ON     1
 #define ZEBRA_IF_PTM_ENABLE_UNSPEC 2
 
-#define IS_BFD_ENABLED_PROTOCOL(protocol)                                      \
-       ((protocol) == ZEBRA_ROUTE_BGP || (protocol) == ZEBRA_ROUTE_OSPF ||    \
-        (protocol) == ZEBRA_ROUTE_OSPF6 || (protocol) == ZEBRA_ROUTE_ISIS ||  \
-        (protocol) == ZEBRA_ROUTE_PIM ||                                      \
-        (protocol) == ZEBRA_ROUTE_OPENFABRIC ||                               \
+#define IS_BFD_ENABLED_PROTOCOL(protocol)                                                          \
+       ((protocol) == ZEBRA_ROUTE_BGP || (protocol) == ZEBRA_ROUTE_OSPF ||                        \
+        (protocol) == ZEBRA_ROUTE_OSPF6 || (protocol) == ZEBRA_ROUTE_ISIS ||                      \
+        (protocol) == ZEBRA_ROUTE_PIM || (protocol) == ZEBRA_ROUTE_OPENFABRIC ||                  \
         (protocol) == ZEBRA_ROUTE_STATIC || (protocol) == ZEBRA_ROUTE_RIP)
 
+

One of the last changes you should do is rework all the changes you made and split in consistent commits.

Thanks Philippe, I will rework all the changes after CI pass.

[pguibert6WIND]

useless space

[pguibert6WIND]

useless space

[pguibert6WIND]

for frrbot complaints, use the git clang-format HEAD~1 for each commit so that individual commits will all be aligned with frrbot.

[Jafaral]

Topotest need to be updated to use unified configs