Add session shutdown logic to controller when drained

CHANGELOG.md

@@ -90,6 +90,7 @@ All notable changes to this project will be documented in this file.
   - Add histogram metric for GetConfig request duration
   - Add gRPC middleware for prometheus metrics
   - Add device status label to controller_grpc_getconfig_requests_total metric
+  - Add logic to shutdown user BGP, IBGP sessions, MSDP neighbors, and ISIS when device.status is drained
 - Device agents
   - Increase default controller request timeout in config agent
   - Initial state collect in telemetry agent

controlplane/controller/internal/controller/fixtures/base.config.drained.txt

@@ -0,0 +1,168 @@
+!
+hardware counter feature gre tunnel interface out
+hardware counter feature gre tunnel interface in
+!
+hardware access-list update default-result permit
+!
+logging buffered 128000
+no logging console
+logging facility local7
+!
+ip name-server vrf default 1.1.1.1
+ip name-server vrf default 9.9.9.9
+clock timezone UTC
+!
+ip multicast-routing
+!
+router pim sparse-mode
+   ipv4
+      rp address 10.0.0.0 239.0.0.0/24 override
+!
+vrf instance vrf1
+ip routing
+ip routing vrf vrf1
+!
+ntp server 0.pool.ntp.org
+ntp server 1.pool.ntp.org
+ntp server 2.pool.ntp.org
+!
+hardware access-list update default-result permit
+!
+no ip access-list MAIN-CONTROL-PLANE-ACL
+ip access-list MAIN-CONTROL-PLANE-ACL
+   counters per-entry
+   10 permit icmp any any
+   20 permit ip any any tracked
+   30 permit udp any any eq bfd ttl eq 255
+   40 permit udp any any eq bfd-echo ttl eq 254
+   50 permit udp any any eq multihop-bfd micro-bfd sbfd
+   60 permit udp any eq sbfd any eq sbfd-initiator
+   70 permit ospf any any
+   80 permit tcp any any eq ssh telnet www snmp bgp https msdp ldp netconf-ssh gnmi
+   90 permit udp any any eq bootps bootpc snmp rip ntp ldp ptp-event ptp-general
+   100 permit tcp any any eq mlag ttl eq 255
+   110 permit udp any any eq mlag ttl eq 255
+   120 permit vrrp any any
+   130 permit ahp any any
+   140 permit pim any any
+   150 permit igmp any any
+   160 permit tcp any any range 5900 5910
+   170 permit tcp any any range 50000 50100
+   180 permit udp any any range 51000 51100
+   190 permit tcp any any eq 3333
+   200 permit tcp any any eq nat ttl eq 255
+   210 permit tcp any eq bgp any
+   220 permit rsvp any any
+   230 permit tcp any any eq 9340
+   240 permit tcp any any eq 9559
+   250 permit udp any any eq 8503
+   260 permit udp any any eq lsp-ping
+   270 permit udp any eq lsp-ping any
+   280 remark Permit TWAMP (UDP 862)
+   290 permit udp any any eq 862
+!
+system control-plane
+   ip access-group MAIN-CONTROL-PLANE-ACL in
+!
+interface Loopback255
+   ip address 14.14.14.14/32
+   node-segment ipv4 index 15
+   isis enable 1
+!
+interface Ethernet1/1
+   mtu 2048
+   no switchport
+   ip address 172.16.0.2/31
+   pim ipv4 sparse-mode
+   isis enable 1
+   isis circuit-type level-2
+   isis hello-interval 1
+   isis metric 40000
+   no isis passive
+   isis hello padding
+   isis network point-to-point
+!
+interface Ethernet1/2
+   mtu 2048
+   no switchport
+   ip address 172.16.0.4/31
+   pim ipv4 sparse-mode
+!
+interface Loopback1000
+   description RP Address
+   ip address 10.0.0.0/32
+!
+mpls ip
+!
+mpls icmp ttl-exceeded tunneling
+mpls icmp ip source-interface Loopback255
+!
+router bgp 65342
+   router-id 14.14.14.14
+   timers bgp 1 3
+   distance bgp 20 200 200
+   no neighbor 12.12.12.12
+   neighbor 12.12.12.12 remote-as 65342
+   neighbor 12.12.12.12 next-hop-self
+   neighbor 12.12.12.12 update-source Loopback256
+   neighbor 12.12.12.12 description remote-dzd-ipv4
+   neighbor 12.12.12.12 timers 3 9
+   neighbor 12.12.12.12 send-community
+   no neighbor 15.15.15.15
+   neighbor 15.15.15.15 remote-as 65342
+   neighbor 15.15.15.15 next-hop-self
+   neighbor 15.15.15.15 update-source Loopback255
+   neighbor 15.15.15.15 description remote-dzd-vpnv4
+   neighbor 15.15.15.15 timers 3 9
+   neighbor 15.15.15.15 send-community
+   address-family ipv4
+      neighbor 12.12.12.12 activate
+      no neighbor 15.15.15.15 activate
+   !
+   address-family vpn-ipv4
+      neighbor 15.15.15.15 activate
+   !
+   vrf vrf1
+      rd 65342:1
+      route-target import vpn-ipv4 65342:1
+      route-target export vpn-ipv4 65342:1
+      router-id 7.7.7.7
+!
+router isis 1
+   net 49.0000.0e0e.0e0e.0000.00
+   router-id ipv4 14.14.14.14
+   log-adjacency-changes
+   !
+   address-family ipv4 unicast
+   !
+   segment-routing mpls
+      no shutdown
+   set-overload-bit
+!
+ip community-list COMM-ALL_USERS permit 21682:1200
+ip community-list COMM-ALL_MCAST_USERS permit 21682:1300
+ip community-list COMM-TST_USERS permit 21682:10050
+!
+no ip access-list SEC-USER-PUB-MCAST-IN
+ip access-list SEC-USER-PUB-MCAST-IN
+   counters per-entry
+   permit icmp any any
+   permit tcp any any eq bgp
+   permit ip any 224.0.0.13/32
+   permit ip any 239.0.0.0/24
+   deny ip any any
+!
+no ip access-list SEC-USER-SUB-MCAST-IN
+ip access-list SEC-USER-SUB-MCAST-IN
+   counters per-entry
+   permit icmp any any
+   permit tcp any any eq bgp
+   permit ip any 224.0.0.13/32
+   deny ip any any
+!
+no router msdp
+router msdp
+   peer 12.12.12.12
+      mesh-group DZ-1
+      local-interface Loopback256
+      description remote-dzd

controlplane/controller/internal/controller/fixtures/base.config.txt

@@ -137,6 +137,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/base.config.with.mgmt.vrf.txt

@@ -113,6 +113,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/e2e.last.user.tmpl

@@ -114,6 +114,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/e2e.peer.removal.tmpl

@@ -163,6 +163,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/e2e.tmpl

@@ -200,6 +200,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/interfaces.txt

@@ -185,6 +185,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/mixed.tunnel.tmpl

@@ -199,6 +199,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/multicast.tunnel.tmpl

@@ -176,6 +176,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/nohardware.tunnel.tmpl

@@ -188,6 +188,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/unicast.tunnel.tmpl

@@ -165,6 +165,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/fixtures/unknown.peer.removal.tmpl

@@ -168,6 +168,7 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+   no set-overload-bit
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300

controlplane/controller/internal/controller/render_test.go

@@ -548,6 +548,61 @@ func TestRenderConfig(t *testing.T) {
 			},
 			Want: "fixtures/base.config.txt",
 		},
+		{
+			Name:        "render_drained_device_config_successfully",
+			Description: "render config for a drained device with BGP, MSDP, and ISIS shutdown",
+			Data: templateData{
+				Strings:                  StringsHelper{},
+				MulticastGroupBlock:      "239.0.0.0/24",
+				TelemetryTWAMPListenPort: 862,
+				LocalASN:                 65342,
+				Device: &Device{
+					PublicIP:        net.IP{7, 7, 7, 7},
+					Vpn4vLoopbackIP: net.IP{14, 14, 14, 14},
+					IsisNet:         "49.0000.0e0e.0e0e.0000.00",
+					Ipv4LoopbackIP:  net.IP{13, 13, 13, 13},
+					ExchangeCode:    "tst",
+					BgpCommunity:    10050,
+					Status:          serviceability.DeviceStatusDrained,
+					Interfaces: []Interface{
+						{
+							Name:           "Loopback255",
+							InterfaceType:  InterfaceTypeLoopback,
+							LoopbackType:   LoopbackTypeVpnv4,
+							Ip:             netip.MustParsePrefix("14.14.14.14/32"),
+							NodeSegmentIdx: 15,
+						},
+						{
+							Name:          "Ethernet1/1",
+							InterfaceType: InterfaceTypePhysical,
+							Ip:            netip.MustParsePrefix("172.16.0.2/31"),
+							Metric:        40000,
+							IsLink:        true,
+						},
+						{
+							Name:          "Ethernet1/2",
+							InterfaceType: InterfaceTypePhysical,
+							Ip:            netip.MustParsePrefix("172.16.0.4/31"),
+						},
+					},
+					Vpn4vLoopbackIntfName: "Loopback255",
+					Ipv4LoopbackIntfName:  "Loopback256",
+				},
+				Vpnv4BgpPeers: []BgpPeer{
+					{
+						PeerIP:   net.IP{15, 15, 15, 15},
+						PeerName: "remote-dzd",
+					},
+				},
+				Ipv4BgpPeers: []BgpPeer{
+					{
+						PeerIP:   net.IP{12, 12, 12, 12},
+						PeerName: "remote-dzd",
+					},
+				},
+			},
+			Want: "fixtures/base.config.drained.txt",
+		},
 	}
 
 	for _, test := range tests {

controlplane/controller/internal/controller/templates/tunnel.tmpl

@@ -108,7 +108,7 @@ interface {{ .Name }}
    isis circuit-type level-2
    isis hello-interval 1
    isis metric {{ .Metric }}
-   {{- if eq .LinkStatus.String "hard-drained" }}
+   {{- if .LinkStatus.IsHardDrained }}
    isis passive
    {{- else }}
    no isis passive
@@ -205,6 +205,9 @@ router bgp 65342
    neighbor {{ .OverlayDstIP }} route-map RM-USER-{{ .Id }}-OUT out
    neighbor {{ .OverlayDstIP }} maximum-routes 1
    neighbor {{ .OverlayDstIP }} maximum-accepted-routes 1
+   {{- if $.Device.Status.IsDrained }}
+   neighbor {{ .OverlayDstIP }} shutdown
+   {{- end }}
    {{- end }}
    {{- end }}
    address-family ipv4
@@ -254,6 +257,9 @@ router bgp 65342
       neighbor {{ .OverlayDstIP }} route-map RM-USER-{{ .Id }}-OUT out
       neighbor {{ .OverlayDstIP }} maximum-routes 1
       neighbor {{ .OverlayDstIP }} maximum-accepted-routes 1
+      {{- if $.Device.Status.IsDrained }}
+      neighbor {{ .OverlayDstIP }} shutdown
+      {{- end }}
       {{- end }}
       {{- end }}
       {{- end }}
@@ -270,6 +276,11 @@ router isis 1
    !
    segment-routing mpls
       no shutdown
+{{- if $.Device.Status.IsDrained }}
+   set-overload-bit
+{{- else }}
+   no set-overload-bit
+{{- end }}
 !
 ip community-list COMM-ALL_USERS permit 21682:1200
 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300