def update_flowspec_vrf_table(self, flowspec_family, route_dist, rules,
actions=None, is_withdraw=False):
"""Update a BGP route in the VRF table for Flow Specification.
``flowspec_family`` specifies one of the flowspec family name.
``route_dist`` specifies a route distinguisher value.
``rules`` specifies NLRIs of Flow Specification as
a dictionary type value.
`` actions`` specifies Traffic Filtering Actions of
Flow Specification as a dictionary type value.
If `is_withdraw` is False, which is the default, add a BGP route
to the VRF table identified by `route_dist`.
If `is_withdraw` is True, remove a BGP route from the VRF table.
"""
from os_ken.services.protocols.bgp.core import BgpCoreError
from os_ken.services.protocols.bgp.api.prefix import (
FLOWSPEC_FAMILY_VPNV4,
FLOWSPEC_FAMILY_VPNV6,
FLOWSPEC_FAMILY_L2VPN,
)
if flowspec_family == FLOWSPEC_FAMILY_VPNV4:
vrf_table = self._tables.get((route_dist, VRF_RF_IPV4_FLOWSPEC))
prefix = FlowSpecIPv4NLRI.from_user(**rules)
try:
communities = create_v4flowspec_actions(actions)
except ValueError as e:
raise BgpCoreError(desc=str(e))
elif flowspec_family == FLOWSPEC_FAMILY_VPNV6:
vrf_table = self._tables.get((route_dist, VRF_RF_IPV6_FLOWSPEC))
prefix = FlowSpecIPv6NLRI.from_user(**rules)
try:
communities = create_v6flowspec_actions(actions)
except ValueError as e:
raise BgpCoreError(desc=str(e))
elif flowspec_family == FLOWSPEC_FAMILY_L2VPN:
vrf_table = self._tables.get((route_dist, VRF_RF_L2VPN_FLOWSPEC))
prefix = FlowSpecL2VPNNLRI.from_user(route_dist, **rules)
try:
communities = create_l2vpnflowspec_actions(actions)
except ValueError as e:
raise BgpCoreError(desc=str(e))
else:
raise BgpCoreError(
desc='Unsupported flowspec_family %s' % flowspec_family)
if vrf_table is None:
raise BgpCoreError(
desc='VRF table does not exist: route_dist=%s, '
'flowspec_family=%s' % (route_dist, flowspec_family))
# We do not check if we have a path to given prefix, we issue
# withdrawal. Hence multiple withdrawals have not side effect.
vrf_table.insert_vrffs_path(
nlri=prefix, communities=communities,
is_withdraw=is_withdraw)
def _test_create_v6flowspec_actions(self, actions, expected_communities):
communities = create_v6flowspec_actions(actions)
expected_communities.sort(key=lambda x: x.subtype)
communities.sort(key=lambda x: x.subtype)
eq_(str(expected_communities), str(communities))
def update_flowspec_global_table(self, flowspec_family, rules,
actions=None, is_withdraw=False):
"""Update a BGP route in the Global table for Flow Specification.
``flowspec_family`` specifies one of the Flow Specification
family name.
``rules`` specifies NLRIs of Flow Specification as
a dictionary type value.
`` actions`` specifies Traffic Filtering Actions of
Flow Specification as a dictionary type value.
If `is_withdraw` is False, which is the default, add a BGP route
to the Global table.
If `is_withdraw` is True, remove a BGP route from the Global table.
"""
from os_ken.services.protocols.bgp.core import BgpCoreError
from os_ken.services.protocols.bgp.api.prefix import (
FLOWSPEC_FAMILY_IPV4,
FLOWSPEC_FAMILY_IPV6,
FLOWSPEC_FAMILY_L2VPN,
)
src_ver_num = 1
peer = None
# set mandatory path attributes
origin = BGPPathAttributeOrigin(BGP_ATTR_ORIGIN_IGP)
aspath = BGPPathAttributeAsPath([[]])
pathattrs = OrderedDict()
pathattrs[BGP_ATTR_TYPE_ORIGIN] = origin
pathattrs[BGP_ATTR_TYPE_AS_PATH] = aspath
if flowspec_family == FLOWSPEC_FAMILY_IPV4:
_nlri = FlowSpecIPv4NLRI.from_user(**rules)
p = IPv4FlowSpecPath
try:
communities = create_v4flowspec_actions(actions)
except ValueError as e:
raise BgpCoreError(desc=str(e))
if communities:
pathattrs[BGP_ATTR_TYPE_EXTENDED_COMMUNITIES] = (
BGPPathAttributeExtendedCommunities(
communities=communities))
elif flowspec_family == FLOWSPEC_FAMILY_IPV6:
_nlri = FlowSpecIPv6NLRI.from_user(**rules)
p = IPv6FlowSpecPath
try:
communities = create_v6flowspec_actions(actions)
except ValueError as e:
raise BgpCoreError(desc=str(e))
if communities:
pathattrs[BGP_ATTR_TYPE_EXTENDED_COMMUNITIES] = (
BGPPathAttributeExtendedCommunities(
communities=communities))
elif flowspec_family == FLOWSPEC_FAMILY_L2VPN:
_nlri = FlowSpecL2VPNNLRI.from_user(**rules)
p = L2vpnFlowSpecPath
try:
communities = create_l2vpnflowspec_actions(actions)
except ValueError as e:
raise BgpCoreError(desc=str(e))
if communities:
pathattrs[BGP_ATTR_TYPE_EXTENDED_COMMUNITIES] = (
BGPPathAttributeExtendedCommunities(
communities=communities))
else:
raise BgpCoreError(
desc='Unsupported flowspec family %s' % flowspec_family)
new_path = p(peer, _nlri, src_ver_num,
pattrs=pathattrs, is_withdraw=is_withdraw)
# add to global table and propagates to neighbors
self.learn_path(new_path)