SR Linux: IS-IS route import

ipspace · Sep 12, 2024 · a6e8a57 · a6e8a57
1 parent f084d8b
commit a6e8a57
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 65 deletions.
diff --git a/docs/caveats.md b/docs/caveats.md
@@ -302,6 +302,9 @@ See also [](caveats-junos).
 * Inter-VRF route leaking is supported only in combination with BGP EVPN
 * SR Linux does not support configurable propagation of extended BGP communities.
 * The SR Linux prefix filters cannot contain the **deny** action.
+* The SR Linux configuration templates do not support additional routing policies on routing protocol route imports
+* SR Linux needs a static default route (with low route preference) to implement OSPF **default-originate always** functionality.
+* SR Linux does not set metrics on routes imported into OSPF. While you can specify the metric and metric type of the OSPF default route, those settings have no impact.
 
 (caveats-sros)=
 ## Nokia SR OS

diff --git a/docs/module/bgp.md b/docs/module/bgp.md
@@ -83,7 +83,7 @@ The following features are only supported on a subset of platforms:
 | Cumulus Linux 4.x     |  ✅ |  ✅ |  ✅ |  ✅ |
 | Dell OS10             |  ✅ |  ❌  |  ❌  |  ❌  |
 | FRR                   |  ✅ |  ✅ |  ✅ |  ✅ |
-| Nokia SR Linux        |  ✅ |  ✅ |  ✅ |  ✅ |
+| Nokia SR Linux        |  ✅ |  ✅ |  ✅ [❗](caveats-srlinux) |  ✅ |
 | Nokia SR OS           |  ✅ |  ✅ |  ❌  |  ❌  |
 | Sonic                 |  ✅ |  ✅ |  ❌  |  ❌  |
 | VyOS                  |  ✅ |  ❌  |  ✅ |  ✅ |

diff --git a/docs/module/isis.md b/docs/module/isis.md
@@ -36,7 +36,7 @@ The following table describes per-platform support of individual IS-IS features:
 | Cisco Nexus OS     | ✅  | ✅  | ✅  | ✅  |  ❌  |
 | FRR                | ✅  | ✅  | ✅  | ✅  | ✅  |
 | Junos[^Junos]      | ✅  | ✅  | ✅  | ✅  |  ❌  |
-| Nokia SR Linux     | ✅  | ✅  | ✅  | ✅  |  ❌  |
+| Nokia SR Linux     | ✅  | ✅  | ✅  | ✅  | ✅ [❗](caveats-srlinux) |
 | Nokia SR OS        | ✅  | ✅  | ✅  | ✅  |  ❌  |
 | VyOS               | ✅  | ✅  | ❌   |  ❌  |  ❌  |
 

diff --git a/docs/module/ospf.md b/docs/module/ospf.md
@@ -63,7 +63,7 @@ The following table describes per-platform support of individual router-level OS
 | Junos[^Junos]            | ✅| ✅| ✅| ❌ | ❌ |
 | Mikrotik RouterOS 6      | ✅| ❌ | ❌ | ❌ | ❌ |
 | Mikrotik RouterOS 7      | ✅| ❌ | ✅| ❌ | ❌ |
-| Nokia SR Linux           | ✅| ✅| ✅| ✅| ❌ |
+| Nokia SR Linux           | ✅| ✅| ✅| ✅ [❗](caveats-srlinux) | ✅ [❗](caveats-srlinux) |
 | Nokia SR OS              | ✅| ✅| ✅| ❌ | ❌ |
 | VyOS                     | ✅| ✅| ✅| ✅| ✅|
 

diff --git a/netsim/ansible/templates/isis/srlinux.j2 b/netsim/ansible/templates/isis/srlinux.j2
@@ -1,21 +1,27 @@
+{% import "templates/routing/_redistribute.srlinux.j2" as redistribute with context %}
+
 updates:
+{{ redistribute.config(vrf='default',proto='isis',p_data=isis,evpn_active=False,af=isis.af.keys()) }}
 - path: /network-instance[name=default]/protocols/isis
   value:
    instance:
    - name: {{ isis.instance }}
      admin-state: enable
      net: [ "{{ isis.net | default( "%s.0000.0000.%04d.00" % (isis.area,id) ) }}" ]
      level-capability: "{{ 'L2' if isis.type=='level-2' else 'L1' if isis.type=='level-1' else 'L1L2' }}"
-{%   if isis.af.ipv6 is defined %}
+{% if isis.default|default(False) or isis.import|default(False) %}
+     export-policy: "default_export_isis"
+{% endif %}
+{% if isis.af.ipv6 is defined %}
      ipv6-unicast:
       admin-state: enable
-{%    if clab.type in ['ixr6','ixr10','ixr6e','ixr10e'] %}
+{%   if clab.type in ['ixr6','ixr10','ixr6e','ixr10e'] %}
       multi-topology: {{ 'sr' not in module|default([]) }}
       _annotate_multi-topology: "Not supported in combination with SR"
-{%    else %}
+{%   else %}
       multi-topology: True
-{%    endif %}
 {%   endif %}
+{% endif %}
 {% if ldp is defined and ldp.igp_sync|default(True) %}
      ldp-synchronization: { }
 {% endif %}
@@ -27,11 +33,11 @@ updates:
        ipv6-unicast:
         admin-state: {{ 'enable' if 'ipv6' in loopback and 'ipv6' in isis.af else 'disable' }}
 
-{%   for l in interfaces if (l.vlan is not defined or l.vlan.mode|default('irb')!='bridge') and l.subif_index is not defined %}
-{%    set ifname = l.ifname if '.' in l.ifname else l.ifname|replace('vlan','irb0.') if l.type=='svi' else (l.ifname+'.0') %}
-{%    if "isis" not in l %}
+{% for l in interfaces if (l.vlan is not defined or l.vlan.mode|default('irb')!='bridge') and l.subif_index is not defined %}
+{%   set ifname = l.ifname if '.' in l.ifname else l.ifname|replace('vlan','irb0.') if l.type=='svi' else (l.ifname+'.0') %}
+{%   if "isis" not in l %}
      # IS-IS not configured on external interface {{ ifname }}
-{%    else %}
+{%   else %}
      - interface-name: {{ ifname }}
        circuit-type: {{ l.isis.network_type|default("broadcast") }}
        passive: {{ l.isis.passive }}
@@ -45,14 +51,14 @@ updates:
 {%     endif %}
 {%     if l.isis.metric is defined or l.isis.cost is defined %}
        level:
-{%      if isis.type!='level-2' %}
+{%       if isis.type!='level-2' %}
        - level-number: 1
          metric: {{ l.isis.metric|default(l.isis.cost) }}
-{%      endif %}
-{%      if isis.type!='level-1' %}
+{%       endif %}
+{%       if isis.type!='level-1' %}
        - level-number: 2
          metric: {{ l.isis.metric|default(l.isis.cost) }}
-{%      endif %}
+{%       endif %}
 {%     endif %}
-{%    endif %}
-{%   endfor %}
+{%   endif %}
+{% endfor %}
diff --git a/netsim/ansible/templates/ospf/srlinux.macro.j2 b/netsim/ansible/templates/ospf/srlinux.macro.j2
@@ -1,3 +1,5 @@
+{% import "templates/routing/_redistribute.srlinux.j2" as redistribute with context %}
+
 {% macro format_area(a) -%}
 {{ '0.0.0.0' if not a else a | ipv4 }}
 {%- endmacro %}
@@ -7,52 +9,7 @@
    Just to make it more fun, while one might be 'redistributing' or 'importing' routes into a routing
    protocol, SR Linux 'exports' them in the same routing protocol, so we have an 'export-policy'
 #}
-{% if ospf.default|default(False) %}
-- path: /routing-policy/prefix-set[name=default_route]
-  value:
-    prefix:
-    - ip-prefix: "0.0.0.0/0"
-      mask-length-range: exact
-    - ip-prefix: "::/0"
-      mask-length-range: exact
-{%   if ospf.default.always|default(False) %}
-- path: /network-instance[name={{vrf}}]/next-hop-groups/group[name=blackhole]
-  value:
-    blackhole:
-      generate-icmp: True
-
-- path: /network-instance[name={{vrf}}]/static-routes
-  value:
-    route:
-    - prefix: {{ "0.0.0.0/0" if af == 'ipv4' else "::/0" }}
-      preference: 254
-      next-hop-group: blackhole
-{%   endif %}
-{% endif %}
-{% set ospf_import = ospf.import|default(False) or ospf.default|default(False) %}
-{% if ospf_import %}
-- path: /routing-policy/policy[name={{vrf}}_export_ospf]
-  value:
-    default-action:
-      policy-result: reject
-    statement:
-{%   if ospf.default|default(False) %}
-    - name: default
-      match:
-        prefix-set: default_route
-      action:
-        policy-result: accept
-{%   endif %}
-{%   for s_proto in ospf.import|default([]) %}
-{%     for srl_proto in netlab_match_protomap[s_proto] if srl_proto != 'bgp-evpn' or evpn_active %}
-    - name: export_{{ srl_proto }}
-      match:
-        protocol: {{ srl_proto }}
-      action:
-        policy-result: accept
-{%     endfor %}
-{%   endfor %}
-{% endif %}
+{{ redistribute.config(vrf=vrf,proto='ospf',p_data=ospf,evpn_active=evpn_active,af=[ af ]) }}
 
 - path: /network-instance[name={{ vrf|default('default') }}]
   value:
@@ -73,9 +30,9 @@
 {%     if ospf.reference_bandwidth is defined %}
           reference-bandwidth: {{ ospf.reference_bandwidth * 1000 }} # in kbps
 {%     endif %}
-{%     if ospf_import %}
+{%     if ospf.default|default(False) or ospf.import|default(False) %}
           asbr: {}
-          export-policy: "{{vrf}}_export_ospf"
+          export-policy: "{{ vrf }}_export_ospf"
 {%     endif %}
           area:
 {%     if vrf=='default' %}

diff --git a/netsim/ansible/templates/routing/_redistribute.srlinux.j2 b/netsim/ansible/templates/routing/_redistribute.srlinux.j2
@@ -0,0 +1,50 @@
+{% macro config(vrf='default',proto='ospf',p_data={},evpn_active=True,af=['ipv4']) %}
+{% if p_data.default|default(False) %}
+- path: /routing-policy/prefix-set[name=default_route]
+  value:
+    prefix:
+    - ip-prefix: "0.0.0.0/0"
+      mask-length-range: exact
+    - ip-prefix: "::/0"
+      mask-length-range: exact
+{%   if p_data.default.always|default(False) %}
+- path: /network-instance[name={{vrf}}]/next-hop-groups/group[name=blackhole]
+  value:
+    blackhole:
+      generate-icmp: True
+
+{%     for afm in af %}
+- path: /network-instance[name={{vrf}}]/static-routes
+  value:
+    route:
+    - prefix: {{ "0.0.0.0/0" if afm == 'ipv4' else "::/0" }}
+      preference: 254
+      next-hop-group: blackhole
+{%     endfor %}
+{%   endif %}
+{% endif %}
+{% set p_import = p_data.import|default(False) or p_data.default|default(False) %}
+{% if p_import %}
+- path: /routing-policy/policy[name={{ vrf }}_export_{{ proto }}]
+  value:
+    default-action:
+      policy-result: reject
+    statement:
+{%   if p_data.default|default(False) %}
+    - name: default
+      match:
+        prefix-set: default_route
+      action:
+        policy-result: accept
+{%   endif %}
+{%   for s_proto in p_data.import|default([]) %}
+{%     for srl_proto in netlab_match_protomap[s_proto] if srl_proto != 'bgp-evpn' or evpn_active %}
+    - name: export_{{ srl_proto }}
+      match:
+        protocol: {{ srl_proto }}
+      action:
+        policy-result: accept
+{%     endfor %}
+{%   endfor %}
+{% endif %}
+{% endmacro %}
diff --git a/netsim/devices/srlinux.yml b/netsim/devices/srlinux.yml
@@ -56,6 +56,7 @@ features:
       ipv4: True
       ipv6: True
       network: True
+    import: [ ospf, bgp, connected, vrf, no_policy ]
   mpls:
     ldp: True                           # on 7250 IXR only
   ospf: