[vnetorch] Prevent route deletion in default VRF upon conflicting route creation in non default VNET (#4029)

anish-n · web-flow · commit 4c9e4784cc50 · 2025-12-08T08:56:01.000-08:00
What I did
Modified vnetorch to not delete conflicting route space in default vrf if the vnet scope is non default

Why I did it
To support conflicting IP spaces

How I verified it
SWSS UT which shows that conflicting IP space is no longer deleted, and manual testing on device which shows this as well

Details if related
ASIC DB route deleteion issue can be seen below(which is fixed by this PR):
Route entry on switch:
diff --git a/orchagent/routeorch.cpp b/orchagent/routeorch.cpp
@@ -2964,12 +2964,10 @@ bool RouteOrch::removeRoutePost(const RouteBulkContext& ctx)
     return true;
 }
 
-bool RouteOrch::isRouteExists(const IpPrefix& prefix)
+bool RouteOrch::isRouteExists(sai_object_id_t vrf_id, const IpPrefix& prefix)
 {
     SWSS_LOG_ENTER();
 
-    sai_object_id_t& vrf_id = gVirtualRouterId;
-
     sai_route_entry_t route_entry;
     route_entry.vr_id = vrf_id;
     route_entry.switch_id = gSwitchId;
@@ -2978,7 +2976,7 @@ bool RouteOrch::isRouteExists(const IpPrefix& prefix)
     if (it_route_table == m_syncdRoutes.end())
     {
         SWSS_LOG_INFO("Failed to find route table, vrf_id 0x%" PRIx64 "\n", vrf_id);
-        return true;
+        return false;
     }
     auto it_route = it_route_table->second.find(prefix);
     size_t creating = gRouteBulker.creating_entries_count(route_entry);
diff --git a/orchagent/routeorch.h b/orchagent/routeorch.h
@@ -253,7 +253,7 @@ class RouteOrch : public ZmqOrch, public Subject
     const NextHopGroupKey getSyncdRouteNhgKey(sai_object_id_t vrf_id, const IpPrefix& ipPrefix);
     bool createFineGrainedNextHopGroup(sai_object_id_t &next_hop_group_id, vector<sai_attribute_t> &nhg_attrs);
     bool removeFineGrainedNextHopGroup(sai_object_id_t &next_hop_group_id);
-    bool isRouteExists(const IpPrefix& prefix);
+    bool isRouteExists(sai_object_id_t vrf_id, const IpPrefix& prefix);
     bool removeRoutePrefix(const IpPrefix& prefix);
 
     void addLinkLocalRouteToMe(sai_object_id_t vrf_id, IpPrefix linklocal_prefix);
diff --git a/orchagent/vnetorch.cpp b/orchagent/vnetorch.cpp
@@ -1197,7 +1197,7 @@ bool VNetRouteOrch::doRouteTask<VNetVrfObject>(const string& vnet, IpPrefix& ipP
                     prefixToRemove = adv_prefix;
                 }
                 auto prefixSubnet = prefixToRemove.getSubnet();
-                if(gRouteOrch && gRouteOrch->isRouteExists(prefixSubnet))
+                if(gRouteOrch && gRouteOrch->isRouteExists(vr_id, prefixSubnet))
                 {
                     if (!gRouteOrch->removeRoutePrefix(prefixSubnet))
                     {
@@ -2519,7 +2519,9 @@ void VNetRouteOrch::updateVnetTunnel(const BfdUpdate& update)
                                 ipPrefixsubnet = adv_prefix.getSubnet();
                             }
                         }
-                        if(gRouteOrch && gRouteOrch->isRouteExists(ipPrefixsubnet))
+
+                        sai_object_id_t vr_id = vrf_obj->getVRidIngress();
+                        if(gRouteOrch && gRouteOrch->isRouteExists(vr_id, ipPrefixsubnet))
                         {
                             if (!gRouteOrch->removeRoutePrefix(ipPrefixsubnet))
                             {
@@ -2767,7 +2769,7 @@ void VNetRouteOrch::updateVnetTunnelCustomMonitor(const MonitorUpdate& update)
                         }
                     }
                     auto prefixsubnet = prefixToUse.getSubnet();
-                    if (gRouteOrch && gRouteOrch->isRouteExists(prefixsubnet))
+                    if (gRouteOrch && gRouteOrch->isRouteExists(vr_id, prefixsubnet))
                     {
                         if (!gRouteOrch->removeRoutePrefix(prefixsubnet))
                         {
diff --git a/tests/test_vnet2.py b/tests/test_vnet2.py
@@ -106,8 +106,8 @@ def test_vnet_orch_1(self, dvs, testlog):
         
         # create vxlan tunnel and verfiy it
         create_vxlan_tunnel(dvs, tunnel_name, '9.9.9.9')
-        create_vnet_entry(dvs, vnet_name, tunnel_name, '1001', "")
-        vnet_obj.check_vnet_entry(dvs, vnet_name)
+        create_vnet_entry(dvs, vnet_name, tunnel_name, '1001', "", scope="default")
+        vnet_obj.check_default_vnet_entry(dvs, vnet_name)
         vnet_obj.check_vxlan_tunnel_entry(dvs, tunnel_name, vnet_name, '1001')
         vnet_obj.check_vxlan_tunnel(dvs, tunnel_name, '9.9.9.9')
 
@@ -240,8 +240,8 @@ def test_vnet_orch_2(self, dvs, testlog):
         
         # create vxlan tunnel and verfiy it
         create_vxlan_tunnel(dvs, tunnel_name, '9.8.8.9')
-        create_vnet_entry(dvs, vnet_name, tunnel_name, '1002', "")
-        vnet_obj.check_vnet_entry(dvs, vnet_name)
+        create_vnet_entry(dvs, vnet_name, tunnel_name, '1002', "", scope="default")
+        vnet_obj.check_default_vnet_entry(dvs, vnet_name)
         vnet_obj.check_vxlan_tunnel_entry(dvs, tunnel_name, vnet_name, '1002')
         vnet_obj.check_vxlan_tunnel(dvs, tunnel_name, '9.8.8.9')
         vnet_obj.fetch_exist_entries(dvs)
@@ -342,8 +342,8 @@ def test_vnet_orch_3(self, dvs, testlog):
         
         # create vxlan tunnel and verfiy it
         create_vxlan_tunnel(dvs, tunnel_name, '19.19.19.19')
-        create_vnet_entry(dvs, vnet_name, tunnel_name, '1003', "", '', advertise_prefix=True, overlay_dmac="22:33:33:44:44:66")
-        vnet_obj.check_vnet_entry(dvs, vnet_name)
+        create_vnet_entry(dvs, vnet_name, tunnel_name, '1003', "", 'default', advertise_prefix=True, overlay_dmac="22:33:33:44:44:66")
+        vnet_obj.check_default_vnet_entry(dvs, vnet_name)
         vnet_obj.check_vxlan_tunnel_entry(dvs, tunnel_name, vnet_name, '1003')
         vnet_obj.check_vxlan_tunnel(dvs, tunnel_name, '19.19.19.19')
 
@@ -420,6 +420,63 @@ def test_vnet_orch_3(self, dvs, testlog):
         vnet_obj.check_del_vnet_entry(dvs, vnet_name)
         delete_vxlan_tunnel(dvs, tunnel_name)
 
+    '''
+    Test 4 - Test that conflicting IP space does not result in deletion on default VRF for vnets which are not in default scope
+    '''
+    def test_vnet_orch_conflicting_route_non_default_vnet(self, dvs, testlog):
+        vnet_obj = self.get_vnet_obj()
+
+        tunnel_name = 'tunnel_1'
+        vnet_name = 'Vnet1'
+        self.setup_db(dvs)
+        vnet_obj.fetch_exist_entries(dvs)
+        # create l3 interface and bring it up
+        self.create_l3_intf("Ethernet0", "")
+        self.add_ip_address("Ethernet0", "20.20.20.1/24")
+        self.set_admin_status("Ethernet0", "down")
+        time.sleep(1)
+        self.set_admin_status("Ethernet0", "up")
+
+        # set ip address and default route
+        dvs.servers[0].runcmd("ip address add 20.20.20.5/24 dev eth0")
+        dvs.servers[0].runcmd("ip route add default via 20.20.20.1") 
+
+        # create vxlan tunnel and verify it
+        create_vxlan_tunnel(dvs, tunnel_name, '9.9.9.9')
+        create_vnet_entry(dvs, vnet_name, tunnel_name, '1001', "")
+        vnet_obj.check_vnet_entry(dvs, vnet_name)
+        vnet_obj.check_vxlan_tunnel_entry(dvs, tunnel_name, vnet_name, '1001')
+        vnet_obj.check_vxlan_tunnel(dvs, tunnel_name, '9.9.9.9')
+
+        # add conflicting route
+        dvs.runcmd("vtysh -c \"configure terminal\" -c \"ip route 106.100.1.1/32 20.20.20.5\"")
+        # check ASIC route database
+        self.check_route_entries(["106.100.1.1/32"])
+        vnet_obj.fetch_exist_entries(dvs)
+
+        create_vnet_routes(dvs, "106.100.1.1/32", vnet_name, '9.8.0.1,9.8.0.2,9.8.0.3')
+        # Default vrf route should be present
+        vnet_obj.check_default_vrf_route(dvs, "106.100.1.1/32")
+        # State DB route should show non existent endpoints as bfd state is down
+        check_state_db_routes(dvs, vnet_name, "106.100.1.1/32", ['9.8.0.1', '9.8.0.2', '9.8.0.3'])
+
+        vnet_obj.check_vnet_ecmp_routes(dvs, vnet_name, ['9.8.0.1','9.8.0.2', '9.8.0.3'], tunnel_name)
+
+        # Default vrf route should still be present
+        vnet_obj.check_default_vrf_route(dvs, "106.100.1.1/32")
+
+        delete_vnet_routes(dvs, "106.100.1.1/32", vnet_name)
+        vnet_obj.check_del_vnet_route_in_vnet(dvs, vnet_name, "106.100.1.1/32")
+        check_remove_state_db_routes(dvs, vnet_name, "106.100.1.1/32")
+
+        # Default vrf route should still be present
+        vnet_obj.check_default_vrf_route(dvs, "106.100.1.1/32")
+        dvs.runcmd("vtysh -c \"configure terminal\" -c \"no ip route 106.100.1.1/32\"")
+        self.check_route_entries(["106.100.1.1/32"], absent=True)
+        delete_vnet_entry(dvs, vnet_name)
+        vnet_obj.check_del_vnet_entry(dvs, vnet_name)
+        delete_vxlan_tunnel(dvs, tunnel_name)
+
 # Add Dummy always-pass test at end as workaroud
 # for issue when Flaky fail on final test it invokes module tear-down before retrying
 def test_nonflaky_dummy():
diff --git a/tests/vnet_lib.py b/tests/vnet_lib.py
@@ -959,6 +959,21 @@ def check_del_router_interface(self, dvs, name):
 
         self.rifs.remove(old_rif[0])
 
+    def check_default_vrf_route(self, dvs, ip_pref):
+        global def_vr_id
+
+        def _access_function():
+            route_entries = get_exist_entries(dvs, self.ASIC_ROUTE_ENTRY)
+            for route_entry in route_entries:
+                json_rt_entry = json.loads(route_entry)
+                if (json_rt_entry["dest"] == ip_pref and json_rt_entry['vr'] == def_vr_id):
+                    return (True, None)
+                else:
+                    continue
+            return (False, None)
+
+        wait_for_result(_access_function)
+
     def check_vnet_local_routes(self, dvs, name, vlan_subnet_route=False):
         asic_db = swsscommon.DBConnector(swsscommon.ASIC_DB, dvs.redis_sock, 0)
 
@@ -1275,6 +1290,19 @@ def check_priority_vnet_ecmp_routes(self, dvs, name, endpoints_primary, tunnel,
             del self.nhg_ids[endpoint_str_primary]
             return new_route
 
+    def check_del_vnet_route_in_vnet(self, dvs, vnet_name, prefix):
+        vr_id = self.vr_map[vnet_name].get('ing')
+
+        def _access_function():
+            route_entries = get_exist_entries(dvs, self.ASIC_ROUTE_ENTRY)
+            for route_entry in route_entries:
+                rt_json = json.loads(route_entry)
+                if rt_json['vr'] == vr_id:
+                    if rt_json['dest'] == prefix:
+                        return (False, None)
+            return (True, None)
+        wait_for_result(_access_function)
+
     def check_del_vnet_routes(self, dvs, name, prefixes=[], absent=False):
         # TODO: Implement for VRF VNET
 

Original file line number	Diff line number	Diff line change
`@@ -2964,12 +2964,10 @@ bool RouteOrch::removeRoutePost(const RouteBulkContext& ctx)`
`2964`	`2964`	`return true;`
`2965`	`2965`	`}`
`2966`	`2966`
`2967`		`-bool RouteOrch::isRouteExists(const IpPrefix& prefix)`
	`2967`	`+bool RouteOrch::isRouteExists(sai_object_id_t vrf_id, const IpPrefix& prefix)`
`2968`	`2968`	`{`
`2969`	`2969`	`SWSS_LOG_ENTER();`
`2970`	`2970`
`2971`		`- sai_object_id_t& vrf_id = gVirtualRouterId;`
`2972`		`-`
`2973`	`2971`	`sai_route_entry_t route_entry;`
`2974`	`2972`	`route_entry.vr_id = vrf_id;`
`2975`	`2973`	`route_entry.switch_id = gSwitchId;`
`@@ -2978,7 +2976,7 @@ bool RouteOrch::isRouteExists(const IpPrefix& prefix)`
`2978`	`2976`	`if (it_route_table == m_syncdRoutes.end())`
`2979`	`2977`	`{`
`2980`	`2978`	`SWSS_LOG_INFO("Failed to find route table, vrf_id 0x%" PRIx64 "\n", vrf_id);`
`2981`		`- return true;`
	`2979`	`+ return false;`
`2982`	`2980`	`}`
`2983`	`2981`	`auto it_route = it_route_table->second.find(prefix);`
`2984`	`2982`	`size_t creating = gRouteBulker.creating_entries_count(route_entry);`
Original file line number	Diff line number	Diff line change
`@@ -1197,7 +1197,7 @@ bool VNetRouteOrch::doRouteTask<VNetVrfObject>(const string& vnet, IpPrefix& ipP`
`1197`	`1197`	`prefixToRemove = adv_prefix;`
`1198`	`1198`	`}`
`1199`	`1199`	`auto prefixSubnet = prefixToRemove.getSubnet();`
`1200`		`- if(gRouteOrch && gRouteOrch->isRouteExists(prefixSubnet))`
	`1200`	`+ if(gRouteOrch && gRouteOrch->isRouteExists(vr_id, prefixSubnet))`
`1201`	`1201`	`{`
`1202`	`1202`	`if (!gRouteOrch->removeRoutePrefix(prefixSubnet))`
`1203`	`1203`	`{`
`@@ -2519,7 +2519,9 @@ void VNetRouteOrch::updateVnetTunnel(const BfdUpdate& update)`
`2519`	`2519`	`ipPrefixsubnet = adv_prefix.getSubnet();`
`2520`	`2520`	`}`
`2521`	`2521`	`}`
`2522`		`- if(gRouteOrch && gRouteOrch->isRouteExists(ipPrefixsubnet))`
	`2522`	`+`
	`2523`	`+ sai_object_id_t vr_id = vrf_obj->getVRidIngress();`
	`2524`	`+ if(gRouteOrch && gRouteOrch->isRouteExists(vr_id, ipPrefixsubnet))`
`2523`	`2525`	`{`
`2524`	`2526`	`if (!gRouteOrch->removeRoutePrefix(ipPrefixsubnet))`
`2525`	`2527`	`{`
`@@ -2767,7 +2769,7 @@ void VNetRouteOrch::updateVnetTunnelCustomMonitor(const MonitorUpdate& update)`
`2767`	`2769`	`}`
`2768`	`2770`	`}`
`2769`	`2771`	`auto prefixsubnet = prefixToUse.getSubnet();`
`2770`		`- if (gRouteOrch && gRouteOrch->isRouteExists(prefixsubnet))`
	`2772`	`+ if (gRouteOrch && gRouteOrch->isRouteExists(vr_id, prefixsubnet))`
`2771`	`2773`	`{`
`2772`	`2774`	`if (!gRouteOrch->removeRoutePrefix(prefixsubnet))`
`2773`	`2775`	`{`