Implement IPv6 RA attributes

* Define new link/interface 'ra' dictionary
* Implement selective merge of link 'ra' attributes with interface
  attributes. Link 'ra' attributes are propagated only to router
  nodes that support 'ra' (features.initial.ra)

Author: ipspace

netsim/ansible/templates/initial/eos.j2

@@ -71,7 +71,25 @@ interface {{ l.ifname }}
 #}
 {% if 'ipv6' in l %}
 {%   if role != 'host' %}
+{%     if l.ra.disable|default(false) is true %}
+ ipv6 nd ra disabled all
+{%     else %}
  ipv6 nd ra interval 5
+{%       if 'ra' in l and l.ipv6 is string %}
+{%         if l.ra.slaac|default(true) is false %}
+ ipv6 nd prefix {{ l.ipv6|ipaddr(0) }} no-autoconfig
+{%         endif %}
+{%         if l.ra.onlink|default(true) is false %}
+ ipv6 nd prefix {{ l.ipv6|ipaddr(0) }} no-onlink
+{%         endif %}
+{%       endif %}
+{%       if l.ra.dhcp|default(false) == 'all' %}
+ ipv6 nd managed-config-flag
+{%       endif %}
+{%       if l.ra.dhcp|default(false) == 'other' %}
+ ipv6 nd other-config-flag
+{%       endif %}
+{%     endif %}
 {%   else %}
  ipv6 nd ra rx accept default-route
 {%   endif %}

netsim/augment/links.py

@@ -1102,6 +1102,67 @@ def copy_link_gateway(link: Box, nodes: Box) -> None:
       if af in link.gateway:
         intf.gateway[af] = link.gateway[af]
 
+"""
+process_link_ra -- copy link IPv6 RA parameters to node-on-link (future interface) data
+
+The link.ra attributes are copied only into the router nodes that support RA
+(features.initial.ra). _netlab_ creates a warning message if a link has an 'ra'
+dictionary but no routers attached, or if no routers attached to the link supports
+'ra' attribute.
+
+Furthermore, when there are no link/intf RA settings, all routers supporting 'ra'
+attributes get the default RA settings when there are hosts attached to the link,
+hopefully simplifying the configuration templates.
+
+TODO: If a router is a DHCP relay and supports 'ra', 'ra.dhcp' should be set to 'all'
+"""
+
+def process_link_ra(link: Box, nodes: Box, defaults: Box) -> None:
+  if 'ra' not in link and not link.get('prefix.ipv6',None): # Processing RAs makes sense only if
+    return                                                  # the link contains RA attribute(s) or uses IPv6
+
+  # Get a list of routers and hosts
+  rtr_list  = [ intf for intf in link.interfaces if nodes[intf.node].get('role','router') == 'router' ]
+  host_list = [ intf for intf in link.interfaces if nodes[intf.node].get('role','') == 'host' ]
+
+  if 'ra' in link and not rtr_list:                         # Link RA attribute with no hosts attached
+    log.warning(
+      text='Cannot use link IPv6 RA attributes on link {link._linkname} with no routers',
+      module='links',flag='ra_useless')
+    return
+
+  if 'ra' not in link and not host_list:                    # No link RA attributes, no attached hosts
+    return                                                  # ... there's nothing for us to do
+
+  if not rtr_list:                                          # No hosts, no routers... what are we doing here?
+    return
+
+  ra_supported = False                                      # Does at least one router support RA attributes?
+  link_ra = link.get('ra',{})
+  for intf in rtr_list:                                     # Now iterate over routers attached to the link
+    n_data = nodes[intf.node]
+    d_features = devices.get_device_features(n_data,defaults)
+    if not d_features.initial.ra:                           # The router does not support the RA attributes
+      if 'ra' in intf:
+        log.error(
+          f'We did not implement configurable IPv6 RA parameters for {n_data.device} yet',
+          category=log.IncorrectAttr,
+          module='links',
+          more_data='Node {intf.node}, link {link._linkname}')
+      continue
+    if 'ra' in intf or link_ra:
+      intf.ra = link_ra + intf.ra                           # Merge link attributes with interface attributes
+    elif host_list:
+      intf.ra.slaac = True
+    ra_supported = True
+
+  if link_ra and not ra_supported:                          # At least one node on the link supports RA
+    log.warning(
+      text='None of the routers connected to link {link._linkname} supports netlab IPv6 RA attributes',
+      module='links',flag='ra_unsupported')
+
+  return
+
 """
 Set node.af flags to indicate that the node has IPv4 and/or IPv6 address family configured on its interfaces
 """
@@ -1250,6 +1311,7 @@ def transform(link_list: typing.Optional[Box], defaults: Box, nodes: Box, pools:
       link_default_pools.append('lan')
     assign_link_prefix(link,link_default_pools,pools,nodes,link._linkname)
     copy_link_gateway(link,nodes)
+    process_link_ra(link,nodes,defaults)
     assign_interface_addresses(link,pools,nodes,defaults)
     create_node_interfaces(link,pools,nodes,defaults=defaults)
 

netsim/defaults/attributes.yml

@@ -58,6 +58,11 @@ link:                       # Global link attributes
       allocation: { type: str, valid_values: [ p2p, sequential, id_based ] }
       _name: str
     _alt_types: [ bool_false, prefix_str, named_pfx ]
+  ra:
+    disable: bool
+    slaac: bool
+    dhcp: { type: str, valid_values: [ all, other ] }
+    onlink: bool
   role: id
   pool: id
   type: { type: str, valid_values: [ lan, p2p, stub, loopback, tunnel, vlan_member ] }

netsim/devices/eos.yml

@@ -26,6 +26,7 @@ features:
       use_ra: true
     max_mtu: 9194
     min_mtu: 68
+    ra: true
     roles: [ host, router, bridge ]
     mgmt_vrf: true
   bfd: true

netsim/devices/none.yml

@@ -67,6 +67,7 @@ features:
     ipv6:
       lla: True
     mgmt_vrf: True
+    ra: True
     roles: [ router, bridge, host ]
   isis:
     import: [ bgp, ospf, ripv2, connected, vrf ]

tests/integration/initial/08-ra.yml

@@ -0,0 +1,128 @@
+---
+message:
+  This scenario tests IPv6 RA behavior
+
+defaults.sources.extra: [ ../wait_times.yml, ../warnings.yml ]
+
+addressing:
+  loopback:
+    ipv4: False
+    ipv6: 2001:db8:0::/48
+  lan:
+    ipv4: False
+    ipv6: 2001:db8:1::/48
+
+groups:
+  _auto_create: True
+  hosts:
+    members: [ h0, h1, h2, h3, h4 ]
+    device: frr
+    role: host
+    provider: clab
+
+nodes:
+  dut:
+    module: []
+    id: 132
+    loopback: True
+  h4:
+    device: linux
+    provider: libvirt
+  dhsrv:
+    module: [ dhcp ]
+    device: dnsmasq
+    dhcp.server: true
+    provider: clab
+
+links:
+- name: Regular link (default RA behavior)
+  dut:
+  h0:
+    ipv6: True
+- name: no RA
+  dut:
+  h1:
+    ipv6: True
+  ra.disable: True              # No RA on this link -> no SLAAC, no default route
+- name: No SLAAC
+  dut:
+  h2:
+    ipv6: True
+  ra.slaac: False               # No SLAAC on this link, default route should be present
+- name: No onlink
+  dut:
+  h3:
+    ipv6: True
+  ra.onlink: False              # The prefix should not be in the IPv6 routing table
+- name: DHCPv6 managed config
+  dut:
+  h4:
+    ipv6: dhcp
+  dhsrv:
+  ra.dhcp: all                  # The host should use DHCP to get an IPv6 address
+  ra.slaac: False
+
+# Expected results
+#
+# H0: SLAAC address, default route, prefix in routing table
+# H1: No SLAAC address, no default route, no prefix
+# H2: Default route, prefix, no SLAAC address
+# H3: Default route, SLAAC address, no prefix
+# H4: Default route, SLAAC address, prefix, DHCPv6 address (maybe)
+
+validate:
+  ra:
+    description: Check RA-generated default route
+    wait: ra_send
+    wait_msg: Waiting for RA message to generate the default route
+    nodes: [ h0, h2, h3, h4 ]
+    plugin: default6()
+    stop_on_error: True
+  slaac:
+    description: Check for SLAAC IPv6 address
+    wait: ra_send
+    devices: [ linux ]
+    nodes: [ h0, h3, h4 ]
+    exec: ip addr show dev {{ interfaces[0].ifname }}
+    valid: >-
+      '2001:db8' in stdout
+  onlink:
+    description: Check for onlink prefix
+    wait: ra_send
+    devices: [ linux ]
+    nodes: [ h0, h2, h4 ]
+    exec: ip -6 route
+    valid: >-
+      '2001:db8' in stdout
+  dhcpv6:
+    description: Check for DHCPv6 IPv6 address
+    wait: ra_send
+    devices: [ linux ]
+    nodes: [ h4 ]
+    exec: ip addr show dev {{ interfaces[0].ifname }}
+    valid: >-
+      '2001:db8' in stdout and '/128' in stdout
+  w3:
+    description: Waiting a few seconds just in case...
+    wait: 3
+  no_slaac:
+    description: Check for lack of SLAAC address
+    devices: [ linux ]
+    nodes: [ h1, h2 ]
+    exec: ip addr show dev {{ interfaces[0].ifname }}
+    valid: >-
+      '2001:db8' not in stdout
+  no_link:
+    description: Check for lack of onlink prefix
+    devices: [ linux ]
+    nodes: [ h1, h3 ]
+    exec: ip -6 route
+    valid: >-
+      '2001:db8' not in stdout
+  no_def:
+    description: Check for lack of IPv6 default route
+    devices: [ linux ]
+    nodes: [ h1 ]
+    exec: ip -6 route
+    valid: >-
+      'default' not in stdout

tests/topology/expected/anycast-gateway.yml

@@ -261,6 +261,8 @@ links:
     ipv4: 172.31.31.3/24
     ipv6: 2001:db8:cafe:1::3/64
     node: r2
+    ra:
+      slaac: true
   - gateway:
       anycast:
         mac: 0200.cafe.00ff
@@ -1036,6 +1038,8 @@ nodes:
         area: 0.0.0.0
         network_type: point-to-point
         passive: true
+      ra:
+        slaac: true
       role: stub
       type: lan
     - ifindex: 6

tests/topology/expected/dhcp-vlan.yml

@@ -44,6 +44,8 @@ links:
     ipv4: 192.168.42.2/24
     ipv6: 2001:db8:cafe:d001::2/64
     node: s1
+    ra:
+      slaac: true
   - ifindex: 1
     ifname: eth1
     ipv4: 192.168.42.7/24
@@ -83,6 +85,8 @@ links:
     ifname: eth2
     ipv6: 2001:db8:cafe:1::2/64
     node: s1
+    ra:
+      slaac: true
     vlan:
       access: blue
   - dhcp:
@@ -529,6 +533,8 @@ nodes:
         ipv4: 192.168.42.7/24
         ipv6: 2001:db8:cafe:d001::7/64
         node: dhs
+      ra:
+        slaac: true
       type: lan
     - bridge: input_2
       ifindex: 2