Sonic t2 support for radian (#21732)

Why I did it
Adding support for RADIAN feature for SONiC T2

Work item tracking
Microsoft ADO (number only):30112967
How I did it
Cli commands to add/remove ANCHOR prefix to a PREFIX_LIST table in CONFIG_DB
yang model changes for the new table
PrefixListMgr to handle add/remove of configuration
Templates
add_radian/del_radian : to add or remove an anchor prefix list and aggregate address
How to verify it
Unit tests : config gen, manager and yang model

---------

Signed-off-by: Mukul Chodhary <70460358+Muckthebuck@users.noreply.github.com>

Author: Muckthebuck

dockers/docker-fpm-frr/base_image_files/prefix_list

@@ -0,0 +1,178 @@
+#!/bin/bash
+
+# Function to display help message
+display_help() {
+    echo "Usage: sudo prefix-list <command> <PREFIX_TYPE> <NETWORK>"
+    echo ""
+    echo "Commands:"
+    echo "  add       Add a prefix with prefix type and network."
+    echo "            Requires: <PREFIX_TYPE>, <NETWORK>."
+    echo ""
+    echo "  remove    Remove a prefix with prefix type and network."
+    echo "            Requires: <PREFIX_TYPE>, <NETWORK>."
+    echo ""
+    echo "  status    Display current prefix lists."
+    echo "            No additional parameters required."
+    echo ""
+    echo "Arguments:"
+    echo "  <PREFIX_TYPE>  Type of prefix list. Allowed values: {$(printf "%s" "${supported_prefix_types[*]}" | tr ' ' '|')}."
+    echo "  <NETWORK>      Network in CIDR format."
+    echo ""
+    echo "Options:"
+    echo "  -h, --help    Display this help message."
+    exit 0
+}
+
+
+# Function to check if the user has root privileges
+check_root_privileges() {
+    if [ "$EUID" -ne 0 ] ; then
+        echo "Root privileges are needed for this operation." >&2
+        exit 1
+    fi
+}
+
+# Function to check if the device is supported device with type spine routers and subtype UpstreamLC
+check_spine_router() {
+    type=$(sonic-cfggen -d -v DEVICE_METADATA.localhost.type)
+    sub_type=$(sonic-cfggen -d -v DEVICE_METADATA.localhost.sub_type)
+    
+    # only supported on spine routers and UpstreamLC
+    if [[ "$type" != "SpineRouter" ||  "$sub_type" != "UpstreamLC" ]]; then
+        echo "Operation is only supported on UpstreamLC of SpineRouter." >&2
+        exit 1
+    fi
+}
+
+# Function to skip operation on chassis supervisor
+skip_chassis_supervisor() {
+    if [ -f /etc/sonic/chassisdb.conf ]; then  
+        echo "Skipping Operation on chassis supervisor"
+        exit 0
+    fi
+}
+
+# Function to validate the operation and prefix type parameters
+validate_operation() {
+    local valid_operation=false
+    local valid_prefix_type=false
+
+    for operation in "${prefix_list_operations[@]}"; do
+        if [[ "$1" == "$operation" ]]; then
+            valid_operation=true
+            break
+        fi
+    done
+
+    if [ $valid_operation == false ]; then
+        echo "Invalid parameter $1, Operation not supported" >&2
+        echo ""
+        display_help
+        exit 1
+    fi
+
+    # Check if the prefix type is supported or not if the operation is not status
+    if [ $1 != "status" ]; then
+        for prefix_type in "${supported_prefix_types[@]}"; do
+        if [[ "$2" == "$prefix_type" ]]; then
+            valid_prefix_type=true
+            break
+        fi
+        done
+
+        if [ $valid_prefix_type == false ]; then
+            echo "Invalid parameter $2, Prefix type not supported" >&2
+            echo ""
+            display_help
+            exit 1
+        fi
+    fi
+}
+
+# Function to handle prefix list operations for a specific ASIC
+handle_prefix_list_asic() {
+    local asic=$1
+    local operation=$2
+    local PREFIX_TYPE=$3
+    local network=$4
+    local namespace_prefix='asic'
+
+    if [ $operation == 'status' ] ; then
+        echo "BGP$asic: Current prefix lists:"
+        sonic-cfggen -d -v PREFIX_LIST -n $namespace_prefix$asic
+    else
+        if [ $operation == 'add' ]; then
+            local prefix_list_entry="{\"PREFIX_LIST\":{\"$PREFIX_TYPE|$network\":{}}}"
+            sonic-cfggen -a "$prefix_list_entry" -w -n $namespace_prefix$asic
+            logger -t $operation -p user.info "Added prefix list: $PREFIX_TYPE with network: $network"
+            echo "BGP$asic: Added prefix list: $PREFIX_TYPE with network: $network"
+        elif [ $operation == 'remove' ]; then
+            sonic-db-cli -n $namespace_prefix$asic CONFIG_DB DEL "PREFIX_LIST|$PREFIX_TYPE|$network"
+            logger -t $operation -p user.info "Removed prefix list: $PREFIX_TYPE with network: $network"
+            echo "BGP$asic: Removed prefix list: $PREFIX_TYPE with network: $network"
+        fi
+    fi
+}
+
+# Function to handle prefix list operations for a single ASIC
+handle_prefix_list_single() {
+    local operation=$1
+    local PREFIX_TYPE=$2
+    local network=$3
+
+    if [ $operation == 'status' ] ; then
+        echo "Current prefix lists:"
+        sonic-cfggen -d -v PREFIX_LIST
+    else
+        if [ $operation == 'add' ]; then
+            local prefix_list_entry="{\"PREFIX_LIST\":{\"$PREFIX_TYPE|$network\":{}}}"
+            sonic-cfggen -a "$prefix_list_entry" -w
+            logger -t $operation -p user.info "Added prefix list: $PREFIX_TYPE with network: $network"
+            echo "Added prefix list: $PREFIX_TYPE with network: $network"
+        elif [ $operation == 'remove' ]; then
+            sonic-db-cli CONFIG_DB DEL "PREFIX_LIST|$PREFIX_TYPE|$network"
+            logger -t $operation -p user.info "Removed prefix list: $PREFIX_TYPE with network: $network"
+            echo "Removed prefix list: $PREFIX_TYPE with network: $network"
+        fi
+    fi
+}
+
+prefix_list_operations=("add" "remove" "status")
+supported_prefix_types=("ANCHOR_PREFIX")
+# Main script execution
+if [[ "$1" == "-h" || "$1" == "--help" ]]; then
+    display_help
+fi
+
+check_root_privileges
+check_spine_router
+skip_chassis_supervisor
+
+validate_operation $1 $2
+
+# Read SONiC immutable variables
+[ -f /etc/sonic/sonic-environment ] && . /etc/sonic/sonic-environment
+
+PLATFORM=${PLATFORM:-`sonic-cfggen -H -v DEVICE_METADATA.localhost.platform`}
+
+# Parse the device specific asic conf file, if it exists
+ASIC_CONF=/usr/share/sonic/device/$PLATFORM/asic.conf
+[ -f $ASIC_CONF ] && . $ASIC_CONF
+
+if [[ ($NUM_ASIC -gt 1) ]]; then
+    asic=0
+    while [ $asic -lt $NUM_ASIC ]
+    do        
+        sub_role=`sonic-cfggen -d -v "DEVICE_METADATA['localhost']['sub_role']" -n asic$asic`
+        if [ $sub_role == 'FrontEnd' ]; then
+            handle_prefix_list_asic $asic $1 $2 $3
+        fi
+        asic=$((asic+1))
+    done
+else
+        handle_prefix_list_single $1 $2 $3
+fi
+
+if [ $1 != 'status' ]; then
+    echo "Please execute 'sudo config save' to preserve prefix list after reboot or config reload"
+fi

dockers/docker-fpm-frr/frr/bgpd/radian/add_radian.conf.j2

@@ -0,0 +1,11 @@
+{{ data.ipv }} prefix-list ANCHOR_CONTRIBUTING_ROUTES permit {{ data.prefix }} ge 48
+{# #}
+router bgp {{ data.bgp_asn }}
+{% if data.ipv == 'ip' -%}
+ address-family ipv4 unicast
+{% else -%}
+ address-family ipv6 unicast
+{% endif %}
+ aggregate-address {{ data.prefix }} route-map TAG_ANCHOR_COMMUNITY
+ exit
+exit

dockers/docker-fpm-frr/frr/bgpd/radian/del_radian.conf.j2

@@ -0,0 +1,10 @@
+no {{ data.ipv }} prefix-list ANCHOR_CONTRIBUTING_ROUTES permit {{ data.prefix }} ge 48 
+router bgp {{ data.bgp_asn }}
+{% if data.ipv == 'ip' -%}
+ address-family ipv4 unicast
+{% else %}
+ address-family ipv6 unicast
+{% endif -%}
+ no aggregate-address {{ data.prefix }} route-map TAG_ANCHOR_COMMUNITY
+ exit
+exit

dockers/docker-fpm-frr/frr/bgpd/templates/general/peer-group.conf.j2

@@ -14,6 +14,9 @@
     neighbor PEER_V4 soft-reconfiguration inbound
     neighbor PEER_V4 route-map FROM_BGP_PEER_V4 in
     neighbor PEER_V4 route-map TO_BGP_PEER_V4 out
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' %}
+    table-map SELECTIVE_ROUTE_DOWNLOAD_V4
+{% endif %}
   exit-address-family
   address-family ipv6
 {% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'ToRRouter' %}
@@ -26,6 +29,9 @@
     neighbor PEER_V6 soft-reconfiguration inbound
     neighbor PEER_V6 route-map FROM_BGP_PEER_V6 in
     neighbor PEER_V6 route-map TO_BGP_PEER_V6 out
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' %}
+    table-map SELECTIVE_ROUTE_DOWNLOAD_V6
+{% endif %}
   exit-address-family
 !
 ! end of template: bgpd/templates/general/peer-group.conf.j2

dockers/docker-fpm-frr/frr/bgpd/templates/general/policies.conf.j2

@@ -73,7 +73,8 @@ route-map FROM_BGP_PEER_V6 permit 13
 {% else %}
   set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }}
 {% endif %}
-  set community {{ constants.bgp.internal_fallback_community }} additive                                                                                                                                         {% endif %}
+  set community {{ constants.bgp.internal_fallback_community }} additive
+{% endif %}
 {% endif %}
 !
 {% endif %}
@@ -97,5 +98,44 @@ route-map TO_BGP_PEER_V6 permit 100
 !
 route-map CHECK_IDF_ISOLATION permit 10
 !
+!
+!
+{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %}
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %}
+bgp community-list standard ANCHOR_ROUTE_COMMUNITY permit {{ constants.bgp.anchor_route_community }}
+bgp community-list standard LOCAL_ANCHOR_ROUTE_COMMUNITY permit {{ constants.bgp.local_anchor_route_community }}
+bgp community-list standard ANCHOR_CONTRIBUTING_ROUTE_COMMUNITY permit {{ constants.bgp.anchor_contributing_route_community }}
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V4 deny 10
+  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V4 permit 1000
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V6 deny 10
+  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V6 permit 1000
+!
+route-map TAG_ANCHOR_COMMUNITY permit 10
+  set community {{ constants.bgp.local_anchor_route_community }} {{ constants.bgp.anchor_route_community }} additive
+!
+route-map TO_BGP_PEER_V6 permit 30
+  match ipv6 address prefix-list ANCHOR_CONTRIBUTING_ROUTES
+  set community {{ constants.bgp.anchor_contributing_route_community }} additive
+  on-match next
+!
+route-map TO_BGP_PEER_V6 permit 40
+  set comm-list LOCAL_ANCHOR_ROUTE_COMMUNITY delete
+!
+route-map TO_BGP_PEER_V4 permit 30
+  match ipv6 address prefix-list ANCHOR_CONTRIBUTING_ROUTES
+  set community {{ constants.bgp.anchor_contributing_route_community }} additive
+  on-match next
+!
+route-map TO_BGP_PEER_V4 permit 40
+  set comm-list LOCAL_ANCHOR_ROUTE_COMMUNITY delete
+!
+{% endif %}
+{% endif %}
 ! end of template: bgpd/templates/general/policies.conf.j2
 !

dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2

@@ -1,6 +1,7 @@
 !
 ! template: bgpd/templates/voq_chassis/policies.conf.j2
 !
+bgp community-list standard LOCAL_ANCHOR_ROUTE_COMMUNITY permit {{ constants.bgp.local_anchor_route_community }}
 bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }}
 bgp community-list standard DEVICE_INTERNAL_FALLBACK_COMMUNITY permit {{ constants.bgp.internal_fallback_community }}
 bgp community-list standard NO_EXPORT permit no-export
@@ -31,6 +32,9 @@ route-map TO_VOQ_CHASSIS_V4_PEER permit 1
   match ip address prefix-list PL_LoopbackV4
   set community {{ constants.bgp.internal_community }}
 !
+route-map TO_VOQ_CHASSIS_V4_PEER deny 15
+  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
+!
 route-map TO_VOQ_CHASSIS_V4_PEER permit 100
 !
 route-map FROM_VOQ_CHASSIS_V6_PEER permit 1
@@ -63,6 +67,9 @@ route-map TO_VOQ_CHASSIS_V6_PEER permit 1
   match ipv6 address prefix-list PL_LoopbackV6
   set community {{ constants.bgp.internal_community }}
 !
+route-map TO_VOQ_CHASSIS_V6_PEER deny 15
+  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
+!
 route-map TO_VOQ_CHASSIS_V6_PEER permit 100
 !
 ! end of template: bgpd/templates/voq_chassis/policies.conf.j2

files/image_config/constants/constants.yml

@@ -8,6 +8,9 @@ constants:
     internal_fallback_community: 22222:22222
     sentinel_community: 12345:12346
     internal_community_match_tag: 201
+    local_anchor_route_community: 12345:555
+    anchor_route_community: 12345:666
+    anchor_contributing_route_community: 12345:777
     route_do_not_send_appdb_tag: 202
     route_eligible_for_fallback_to_default_tag: 203
     families:

rules/docker-fpm-frr.mk

@@ -41,6 +41,7 @@ $(DOCKER_FPM_FRR)_BASE_IMAGE_FILES += TSB:/usr/bin/TSB
 $(DOCKER_FPM_FRR)_BASE_IMAGE_FILES += TSC:/usr/bin/TSC
 $(DOCKER_FPM_FRR)_BASE_IMAGE_FILES += TS:/usr/bin/TS
 $(DOCKER_FPM_FRR)_BASE_IMAGE_FILES += idf_isolation:/usr/bin/idf_isolation
+$(DOCKER_FPM_FRR)_BASE_IMAGE_FILES += prefix_list:/usr/bin/prefix_list
 
 SONIC_BOOKWORM_DOCKERS += $(DOCKER_FPM_FRR)
 SONIC_BOOKWORM_DBG_DOCKERS += $(DOCKER_FPM_FRR_DBG)

src/sonic-bgpcfgd/bgpcfgd/main.py

@@ -24,6 +24,7 @@
 from .managers_chassis_app_db import ChassisAppDbMgr
 from .managers_bfd import BfdMgr
 from .managers_srv6 import SRv6Mgr
+from .managers_prefix_list import PrefixListMgr
 from .static_rt_timer import StaticRouteTimer
 from .runner import Runner, signal_handler
 from .template import TemplateFabric
@@ -79,7 +80,9 @@ def do_work():
         DeviceGlobalCfgMgr(common_objs, "CONFIG_DB", swsscommon.CFG_BGP_DEVICE_GLOBAL_TABLE_NAME),
         # SRv6 Manager
         SRv6Mgr(common_objs, "CONFIG_DB", "SRV6_MY_SIDS"),
-        SRv6Mgr(common_objs, "CONFIG_DB", "SRV6_MY_LOCATORS")
+        SRv6Mgr(common_objs, "CONFIG_DB", "SRV6_MY_LOCATORS"),
+        # Prefix List Manager
+        PrefixListMgr(common_objs, "CONFIG_DB", "PREFIX_LIST")
     ]
 
     if device_info.is_chassis():