frr: fix EVPN type-5 forwarding for IPv6 prefixes#633
Merged
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
🚧 Files skipped from review as they are similar to previous changes (4)
📝 WalkthroughWalkthroughThe GR nexthop path now handles IPv4 and mapped IPv6 L3VNI nexthops with RMAC-based VXLAN interface rewrites. The VXLAN output path now uses the nexthop address family when building VTEP data. The smoke test now sets up IPv6 on both peers, advertises both IPv4 and IPv6 EVPN Type-5 routes, checks IPv6 route installation, and adds IPv6 connectivity tests. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
rjarry
requested changes
Jun 26, 2026
| l3 = (struct gr_nexthop_info_l3 *)req->nh.info; | ||
| l3->af = GR_AF_IP4; | ||
| memcpy(&l3->ipv4, &nh->gate.ipv4, sizeof(l3->ipv4)); | ||
| // Apply cached RMAC from EVPN NEIGH install if available. |
Collaborator
There was a problem hiding this comment.
Keep this comment, it cannot hurt.
| l3 = (struct gr_nexthop_info_l3 *)req->nh.info; | ||
| l3->af = GR_AF_IP6; | ||
| memcpy(&l3->ipv6, &nh->gate.ipv6, sizeof(l3->ipv6)); | ||
| // Apply cached RMAC from EVPN NEIGH install if available. |
zeeke
force-pushed
the
vxlan-fix-ipv6
branch
4 times, most recently
from
f6a183d to
7b0541f
Compare
rjarry
approved these changes
Jun 26, 2026
The IPv4 nexthop path redirects iface_id to the VXLAN tunnel when a remote RMAC is found, but the IPv6 path was missing this. Fixes: 45afc2b ("frr: only redirect to VXLAN for remote L3 nexthops") Signed-off-by: Andrea Panattoni <apanatto@redhat.com> Reviewed-by: Robin Jarry <rjarry@redhat.com>
EVPN type-5 routes for IPv6 prefixes use v4-mapped nexthop addresses (::ffff:X.X.X.X) when the VTEP uses IPv4. These failed for two reasons: grout_add_nexthop() looked up the RMAC cache with an IPADDR_V6 key but grout_neigh_update_ctx() stored it under IPADDR_V4, so the hash never matched; and the nexthop carried GR_AF_IP6, causing vxlan_output to look for an IPv6 underlay route that does not exist. Fix both by detecting v4-mapped addresses: extract the embedded IPv4, store the nexthop as GR_AF_IP4, and look up the RMAC with the matching IPADDR_V4 key. Add the VXLAN interface redirect that was missing from the IPv6 path. In ip6_output, derive the VTEP address family from l3->af instead of hardcoding GR_AF_IP6. Signed-off-by: Andrea Panattoni <apanatto@redhat.com> Reviewed-by: Robin Jarry <rjarry@redhat.com>
grout-bot
force-pushed
the
vxlan-fix-ipv6
branch
from
7b0541f to
e950717
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
depends on:
EVPN type-5 routes for IPv6 prefixes use v4-mapped nexthop
addresses (::ffff:X.X.X.X) when the VTEP uses IPv4.
These failed for two reasons: grout_add_nexthop() looked up the
RMAC cache with an IPADDR_V6 key but grout_neigh_update_ctx()
stored it under IPADDR_V4, so the hash never matched; and the
nexthop carried GR_AF_IP6, causing vxlan_output to look for an
IPv6 underlay route that does not exist.
Fix both by detecting v4-mapped addresses: extract the embedded
IPv4, store the nexthop as GR_AF_IP4, and look up the RMAC with
the matching IPADDR_V4 key. Add the VXLAN interface redirect that
was missing from the IPv6 path. In ip6_output, derive the VTEP
address family from l3->af instead of hardcoding GR_AF_IP6.
EVPN Type-5 (IP prefix) nexthops now handle IPv6 v4-mapped next-hops (
::ffff:X.X.X.X) correctly when the VTEP uses IPv4: ingrout_add_nexthop,IS_MAPPED_IPV6triggersipv4_mapped_ipv6_to_ipv4, and the L3 nexthop is stored as IPv4 (l3->af = GR_AF_IP4withl3->ipv4set to the embedded IPv4) rather than forcing IPv6 (GR_AF_IP6). RMAC cache lookup is performed with the matching VTEP address representation by setting the VTEP key tovtep.ipa_type = IPADDR_V4/vtep.ipaddr_v4before callingl3vni_rmac_get, so remote nexthops resolve against the RMAC cached under the IPv4 VTEP entry instead of failing and causing VXLAN forwarding to use an invalid IPv6 underlay route. Native (non-mapped) IPv6 nexthops continue to useGR_AF_IP6with IPv6 VTEP data.The missing VXLAN interface redirect on the IPv6 (including mapped) path was fixed:
req->nh.iface_idis now set tovxlan_iface_idonly inside theif (rmac != NULL)block (guarded byvxlan_iface_id != GR_IFACE_ID_UNDEF), alongside setting the remote nexthop MAC andGR_NH_F_REMOTEflag.VXLAN datapath VTEP address-family handling was generalized to match the L3 address family:
ip_output_processandip6_output_processnow seteth_data->vtep.af = l3->afand populateeth_data->vtep.ipv4whenl3->af == GR_AF_IP4, otherwise populateeth_data->vtep.ipv6(removing hardcoded IPv4/IPv6 assumptions on the output path).EVPN L3VPN smoke coverage was extended to dual-stack:
smoke/evpn_l3vpn_frr_test.shenables IPv6 forwarding and adds IPv6 addressing/default routes on both namespaces, updates FRR to redistribute and advertise both IPv4/IPv6 unicast inaddress-family l2vpn evpn, adds IPv6 Type-5 readiness/installation waits forfd00:16::/64andfd00:48::/64(viawait_eventusingroute6 add), validates IPv6 VRF route installation withip -n evpn-peer -6 route show, and extends connectivity checks with IPv6 pings (ping -6) across the VXLAN L3 overlay.