Implement IPv6 RA attributes on EOS, FRR, and IOS

* Define new link/interface 'ra' dictionary
* Implement selective merge of link 'ra' attributes with interface
  attributes. Link 'ra' attributes are propagated only to router
  nodes that support 'ra' (features.initial.ra)
* Implement 'ra' attributes on EOS, FRR, and IOS

Author: ipspace

docs/links.md

@@ -76,6 +76,7 @@ A dictionary describing an individual link contains *node names* and *additional
 * **name** -- link name (used for interface description)
 * **pool** -- addressing pool used to assign a prefix to this link. The **pool** attribute is ignored on links with a **prefix** attribute.
 * **prefix** -- [prefix (or a set of prefixes)](links-static-addressing) used on the link. Setting **prefix** to *false* will give you a link without any IP configuration[^NOIP]
+* **ra** -- IPv6 Router Advertisement parameters ([more details](links-ra))
 * **role** -- The link *role* influences the behavior of several configuration modules. Typical link roles include *stub*, *passive*, and *external*. Please read [](module/routing.md) for more details.
 * **type** -- [link type](links-types) (lan, p2p, stub, loopback, tunnel)
 
@@ -346,10 +347,24 @@ links:
 You can also use the **unnumbered** link attribute to get a single unnumbered link. Using an unnumbered pool is recommended when testing network-wide addressing changes.
 ```
 
+(links-ra)=
+## IPv6 Router Advertisement Parameters
+
+_netlab_ configures [routers](node-role-router) to send IPv6 Router Advertisement messages and [hosts](node-role-host) to listen to them and use them to generate an IPv6 default route. Router Advertisement messages are disabled on [bridges](node-role-bridge). The default router advertisement interface is (when possible) set to a few seconds to speed up the IPv6 addressing of attached hosts using SLAAC.
+
+You can use the **ra** link- or interface dictionary to control the contents of the Router Advertisement messages on [devices supporting fine-grained **ra** control](platform-initial-addresses):
+
+* **ra.disable** -- do not send RA messages when set to True
+* **ra.slaac** -- set *autonomous* flag on the link prefix when set to True or missing. Set **ra.slaac** to False to disable SLAAC on attached hosts.
+* **ra.onlink** -- set *on-link* flag on the link prefix when set to True or missing. Set **ra.onlink** to False to disable direct host-to-host communication.
+* **ra.dhcp** -- set *other configuration* flag when set to **other** or *managed configuration* flag when set to **all**. No DHCPv6-related flag is set by default.
+
+While you can set **ra** parameters on individual interfaces (node-to-link attachments), it's best to set them as link parameters to have a consistent set of parameters applied to all attached routers.
+
 (links-mtu)=
 ## Changing MTU
 
-All devices supported by *netlab* are assumed to use ancient default layer-3 MTU value of 1500 bytes. Most VM-based network devices already use that default; container-based devices have their MTU set to 1500 through system settings.
+All devices supported by *netlab* are assumed to use the ancient default layer-3 MTU value of 1500 bytes. Most VM-based network devices already use that default; container-based devices have their MTU set to 1500 through system settings.
 
 Please note that the **mtu** specified by *netlab* is always the layer-3 (IPv4 or IPv6) MTU. The peculiarities of individual device configuration commands are transparently (to the end-user) handled in the device configuration templates.
 

docs/platforms.md

@@ -260,29 +260,29 @@ The following interface parameters are configured on supported network operating
 (platform-initial-addresses)=
 The following interface addresses are supported on various platforms:
 
-| Operating system      | IPv4<br />addresses | IPv6<br />addresses | Unnumbered<br />IPv4 interfaces |
-| --------------------- | :-: | :-: | :-: |
-| Arista EOS            | ✅  | ✅  | ✅  |
-| Aruba AOS-CX          | ✅  | ✅  |  ✅  |
-| Cisco ASAv            | ✅  | ✅  |  ❌  |
-| Cisco IOSv/IOSvL2     | ✅  | ✅  |  ❌  |
-| Cisco IOS XE[^18v]    | ✅  | ✅  | ✅  |
-| Cisco IOS XRv         | ✅  | ✅  | ✅  |
-| Cisco Nexus OS        | ✅  | ✅  | ✅  |
-| Cumulus Linux         | ✅  | ✅  | ✅  |
-| Cumulus Linux 5.x (NVUE) | ✅ | ✅ | ✅ |
-| Dell OS10             | ✅  | ✅  |  ❌  |
-| Fortinet FortiOS      | ✅  | ✅  |  ❌  |
-| FRR                   | ✅  | ✅  | ✅  |
-| Generic Linux         | ✅  | ✅  |  ❌  |
-| Junos[^Junos]         | ✅  | ✅  | ✅  |
-| Mikrotik RouterOS 6   | ✅  | ✅  |  ❌  |
-| Mikrotik RouterOS 7   | ✅  | ✅  |  ❌  |
-| Nokia SR Linux        | ✅  | ✅  |  ❌  |
-| Nokia SR OS[^SROS]    | ✅  | ✅  | ✅  |
-| OpenBSD               | ✅  | ✅  |  ❌  |
-| Sonic                 | ✅  | ✅  | ✅  |
-| VyOS                  | ✅  | ✅  | ✅  |
+| Operating system      | IPv4<br />addresses | IPv6<br />addresses | Unnumbered<br />IPv4 interfaces | Configurable<br>IPv6 RA |
+| --------------------- | :-: | :-: | :-: | :-: |
+| Arista EOS            | ✅  | ✅  | ✅  | ✅  |
+| Aruba AOS-CX          | ✅  | ✅  | ✅  |  ❌  |
+| Cisco ASAv            | ✅  | ✅  |  ❌  |  ❌  |
+| Cisco IOSv/IOSvL2     | ✅  | ✅  |  ❌  | ✅  |
+| Cisco IOS XE[^18v]    | ✅  | ✅  | ✅  | ✅  |
+| Cisco IOS XRv         | ✅  | ✅  | ✅  |  ❌  |
+| Cisco Nexus OS        | ✅  | ✅  | ✅  |  ❌  |
+| Cumulus Linux         | ✅  | ✅  | ✅  |  ❌  |
+| Cumulus Linux 5.x (NVUE) | ✅ | ✅ | ✅ |  ❌  |
+| Dell OS10             | ✅  | ✅  |  ❌  |  ❌  |
+| Fortinet FortiOS      | ✅  | ✅  |  ❌  |  ❌  |
+| FRR                   | ✅  | ✅  | ✅  | ✅  |
+| Generic Linux         | ✅  | ✅  |  ❌  |  ❌  |
+| Junos[^Junos]         | ✅  | ✅  | ✅  |  ❌  |
+| Mikrotik RouterOS 6   | ✅  | ✅  |  ❌  |  ❌  |
+| Mikrotik RouterOS 7   | ✅  | ✅  |  ❌  |  ❌  |
+| Nokia SR Linux        | ✅  | ✅  |  ❌  |  ❌  |
+| Nokia SR OS[^SROS]    | ✅  | ✅  | ✅  |  ❌  |
+| OpenBSD               | ✅  | ✅  |  ❌  |  ❌  |
+| Sonic                 | ✅  | ✅  | ✅  |  ❌  |
+| VyOS                  | ✅  | ✅  | ✅  |  ❌  |
 
 ```{tip}
 * Use **‌netlab show modules -m initial** to display optional initial configuration features supported by individual devices

netsim/ansible/templates/initial/eos.j2

@@ -70,9 +70,27 @@ interface {{ l.ifname }}
     Set interface IPv6 addresses
 #}
 {% if 'ipv6' in l %}
-{%   if role != 'host' %}
+{%   if role == 'router' %}
+{%     if l.ra.disable|default(false) is true %}
+ ipv6 nd ra disabled all
+{%     else %}
  ipv6 nd ra interval 5
-{%   else %}
+{%       if 'ra' in l and l.ipv6 is string %}
+{%         if l.ra.slaac|default(true) is false %}
+ ipv6 nd prefix {{ l.ipv6|ipaddr(0) }} no-autoconfig
+{%         endif %}
+{%         if l.ra.onlink|default(true) is false %}
+ ipv6 nd prefix {{ l.ipv6|ipaddr(0) }} no-onlink
+{%         endif %}
+{%       endif %}
+{%       if l.ra.dhcp|default(false) == 'all' %}
+ ipv6 nd managed-config-flag
+{%       endif %}
+{%       if l.ra.dhcp|default(false) == 'other' %}
+ ipv6 nd other-config-flag
+{%       endif %}
+{%     endif %}
+{%   elif role == 'host' %}
  ipv6 nd ra rx accept default-route
 {%   endif %}
 {%   if l.ipv6 is sameas True %}

netsim/ansible/templates/initial/frr.j2

@@ -171,13 +171,31 @@ interface {{ i.ifname }}
  ! no ip address
 {% endif %}
 {% if i.ipv6 is defined %}
-{%  if i.ipv6 is string and i.ipv6|ipv6 %}
+{%   if i.ipv6 is string and i.ipv6|ipv6 %}
  ipv6 address {{ i.ipv6 }}
-{%  endif %}
-{%  if i.type != 'loopback' and role == 'router' %}
+{%   endif %}
+{%   if i.type != 'loopback' and role == 'router' %}
+{%     if i.ra.disable|default(false) is true %}
+ ipv6 nd suppress-ra
+{%     else %}
  ipv6 nd ra-interval 5
  no ipv6 nd suppress-ra
-{%  endif %}
+{%     endif %}
+{%     if 'ra' in i and i.ipv6 is string %}
+{%       if i.ra.slaac|default(true) is false %}
+ ipv6 nd prefix {{ i.ipv6|ipaddr(0) }} no-autoconfig
+{%       endif %}
+{%       if i.ra.onlink|default(true) is false %}
+ ipv6 nd prefix {{ i.ipv6|ipaddr(0) }} off-link
+{%       endif %}
+{%     endif %}
+{%     if i.ra.dhcp|default(false) == 'all' %}
+ ipv6 nd managed-config-flag
+{%     endif %}
+{%     if i.ra.dhcp|default(false) == 'other' %}
+ ipv6 nd other-config-flag
+{%     endif %}
+{%   endif %}
 {% endif %}
 {% if i.bandwidth is defined %}
  bandwidth {{ i.bandwidth  }}

netsim/ansible/templates/initial/ios.j2

@@ -97,9 +97,31 @@ interface {{ l.ifname }}
     Set interface addresses: IPv6
 #}
 {% if 'ipv6' in l %}
-{%   if role == 'host' %}
+{%   if role != 'router' %}
  ipv6 nd ra suppress all
+{%     if role == 'host' %}
  ipv6 nd autoconfig default-route
+{%     endif %}
+{%   else %}{# router #}
+{%     if l.ra.disable|default(false) is true %}
+ ipv6 nd ra suppress all
+{%     else %}
+ ipv6 nd ra interval 5
+{%       if 'ra' in l and l.ipv6 is string %}
+{%         if l.ra.slaac|default(true) is false %}
+ ipv6 nd prefix {{ l.ipv6|ipaddr(0) }} 30 30 no-autoconfig
+{%         endif %}
+{%         if l.ra.onlink|default(true) is false %}
+ ipv6 nd prefix {{ l.ipv6|ipaddr(0) }} 30 30 no-onlink
+{%         endif %}
+{%       endif %}
+{%       if l.ra.dhcp|default(false) == 'all' %}
+ ipv6 nd managed-config-flag
+{%       endif %}
+{%       if l.ra.dhcp|default(false) == 'other' %}
+ ipv6 nd other-config-flag
+{%       endif %}
+{%     endif %}
 {%   endif %}
 {%   if l.ipv6 == True %}
  ipv6 enable

netsim/augment/links.py

@@ -1102,6 +1102,86 @@ def copy_link_gateway(link: Box, nodes: Box) -> None:
       if af in link.gateway:
         intf.gateway[af] = link.gateway[af]
 
+"""
+process_link_ra -- copy link IPv6 RA parameters to node-on-link (future interface) data
+
+The link.ra attributes are copied only into the router nodes that support RA
+(features.initial.ra). _netlab_ creates a warning message if a link has an 'ra'
+dictionary but no routers attached, or if no routers attached to the link supports
+'ra' attribute.
+
+Furthermore, when there are no link/intf RA settings, all routers supporting 'ra'
+attributes get the default RA settings when there are hosts attached to the link,
+hopefully simplifying the configuration templates.
+
+TODO: If a router is a DHCP relay and supports 'ra', 'ra.dhcp' should be set to 'all'
+"""
+
+def process_link_ra(link: Box, nodes: Box, defaults: Box) -> None:
+  rtr_list  = []
+  host_list = []
+
+  for intf in link.interfaces:                              # First figure out what we're dealing with
+    role = nodes[intf.node].get('role','router')
+    if role == 'router':
+      rtr_list.append(intf)
+      if 'ra' in intf and 'ipv6' not in intf:
+        log.warning(
+          text='Applying RA attributes to an interface without an IPv6 address makes no sense',
+          more_data='Node {intf.node} link {link._linkname}',
+          module='links',
+          flag='ra_no_ipv6')
+      continue
+    elif role == 'host':
+      host_list.append(intf)
+    if 'ra' in intf:
+      log.warning(
+        text='Applying RA attributes to a device that is not a router makes no sense',
+        more_data='Node {intf.node} link {link._linkname}',
+        module='links',
+        flag='ra_not_router')
+
+  if 'ra' in link and not rtr_list:                         # Link RA attribute with no hosts attached
+    log.warning(
+      text='Cannot use link IPv6 RA attributes on link {link._linkname} with no routers',
+      module='links',flag='ra_useless')
+    return
+
+  if 'ra' not in link and not link.get('prefix.ipv6',None): # Processing RAs makes sense only if
+    return                                                  # the link contains RA attribute(s) or uses IPv6
+
+  if 'ra' not in link and not host_list:                    # No link RA attributes, no attached hosts
+    return                                                  # ... there's nothing for us to do
+
+  if not rtr_list:                                          # No hosts, no routers... what are we doing here?
+    return
+
+  ra_supported = False                                      # Does at least one router support RA attributes?
+  link_ra = link.get('ra',{})
+  for intf in rtr_list:                                     # Now iterate over routers attached to the link
+    n_data = nodes[intf.node]
+    d_features = devices.get_device_features(n_data,defaults)
+    if not d_features.initial.ra:                           # The router does not support the RA attributes
+      if 'ra' in intf:
+        log.error(
+          f'We did not implement configurable IPv6 RA parameters for {n_data.device} yet',
+          category=log.IncorrectAttr,
+          module='links',
+          more_data='Node {intf.node}, link {link._linkname}')
+      continue
+    if 'ra' in intf or link_ra:
+      intf.ra = link_ra + intf.ra                           # Merge link attributes with interface attributes
+    elif host_list:
+      intf.ra.slaac = True
+    ra_supported = True
+
+  if link_ra and not ra_supported:                          # At least one node on the link supports RA
+    log.warning(
+      text='None of the routers connected to link {link._linkname} supports netlab IPv6 RA attributes',
+      module='links',flag='ra_unsupported')
+
+  return
+
 """
 Set node.af flags to indicate that the node has IPv4 and/or IPv6 address family configured on its interfaces
 """
@@ -1250,6 +1330,7 @@ def transform(link_list: typing.Optional[Box], defaults: Box, nodes: Box, pools:
       link_default_pools.append('lan')
     assign_link_prefix(link,link_default_pools,pools,nodes,link._linkname)
     copy_link_gateway(link,nodes)
+    process_link_ra(link,nodes,defaults)
     assign_interface_addresses(link,pools,nodes,defaults)
     create_node_interfaces(link,pools,nodes,defaults=defaults)
 

netsim/defaults/attributes.yml

@@ -58,6 +58,11 @@ link:                       # Global link attributes
       allocation: { type: str, valid_values: [ p2p, sequential, id_based ] }
       _name: str
     _alt_types: [ bool_false, prefix_str, named_pfx ]
+  ra:
+    disable: bool
+    slaac: bool
+    dhcp: { type: str, valid_values: [ all, other ] }
+    onlink: bool
   role: id
   pool: id
   type: { type: str, valid_values: [ lan, p2p, stub, loopback, tunnel, vlan_member ] }

netsim/devices/eos.yml

@@ -26,6 +26,7 @@ features:
       use_ra: true
     max_mtu: 9194
     min_mtu: 68
+    ra: true
     roles: [ host, router, bridge ]
     mgmt_vrf: true
   bfd: true

netsim/devices/frr.yml

@@ -57,6 +57,7 @@ features:
     ipv6:
       lla: true
       use_ra: true
+    ra: true
     roles: [ host, router ]
   bfd: True
   bgp:

netsim/devices/ios.yml

@@ -52,6 +52,7 @@ features:
       use_ra: true
     roles: [ host, router, bridge ]
     mgmt_vrf: true
+    ra: true
   isis:
     circuit_type: true
     import: [ bgp, ospf, ripv2, connected, static ]