diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index 30e1ec082..53e62928b 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -1,412 +1,412 @@ {### MACRO definition for recurring peer patter, this can be either fed by a ###} {### peer-group or an individual BGP neighbor ###} {% macro bgp_neighbor(neighbor, config, peer_group=false) %} {% if peer_group == true %} neighbor {{ neighbor }} peer-group {% elif config.peer_group is defined and config.peer_group is not none %} neighbor {{ neighbor }} peer-group {{ config.peer_group }} {% endif %} {% if config.remote_as is defined and config.remote_as is not none %} neighbor {{ neighbor }} remote-as {{ config.remote_as }} {% endif %} {% if config.interface is defined and config.interface.remote_as is defined and config.interface.remote_as is not none %} neighbor {{ neighbor }} interface remote-as {{ config.interface.remote_as }} {% endif %} {% if config.advertisement_interval is defined and config.advertisement_interval is not none %} neighbor {{ neighbor }} advertisement-interval {{ config.advertisement_interval }} {% endif %} {% if config.bfd is defined %} neighbor {{ neighbor }} bfd {% endif %} {% if config.capability is defined and config.capability is not none %} {% if config.capability.dynamic is defined %} neighbor {{ neighbor }} capability dynamic {% endif %} {% if config.capability.extended_nexthop is defined %} neighbor {{ neighbor }} capability extended-nexthop {% endif %} {% endif %} {% if config.description is defined and config.description is not none %} neighbor {{ neighbor }} description {{ config.description }} {% endif %} {% if config.disable_capability_negotiation is defined %} neighbor {{ neighbor }} dont-capability-negotiate {% endif %} {% if config.ebgp_multihop is defined and config.ebgp_multihop is not none %} neighbor {{ neighbor }} ebgp-multihop {{ config.ebgp_multihop }} {% endif %} {% if config.local_as is defined and config.local_as is not none %} {% for local_asn in config.local_as %} neighbor {{ neighbor }} local-as {{ local_asn }} {{ 'no-prepend' if config.local_as[local_asn].no_prepend is defined }} {% endfor %} {% endif %} {% if config.override_capability is defined %} neighbor {{ neighbor }} override-capability {% endif %} {% if config.passive is defined %} neighbor {{ neighbor }} passive {% endif %} {% if config.password is defined and config.password is not none %} neighbor {{ neighbor }} password {{ config.password }} {% endif %} {% if config.port is defined and config.port is not none %} neighbor {{ neighbor }} port {{ config.port }} {% endif %} {% if config.shutdown is defined %} neighbor {{ neighbor }} shutdown {% endif %} {% if config.strict_capability_match is defined %} neighbor {{ neighbor }} strict-capability-match {% endif %} {% if config.ttl_security is defined and config.ttl_security.hops is defined and config.ttl_security.hops is not none %} neighbor {{ neighbor }} ttl-security hops {{ config.ttl_security.hops }} {% endif %} {% if config.timers is defined %} {% if config.timers.connect is defined and config.timers.connect is not none %} neighbor {{ neighbor }} timers connect {{ config.timers.connect }} {% endif %} {% if config.timers.holdtime is defined and config.timers.keepalive is defined and config.timers.holdtime is not none and config.timers.keepalive is not none %} neighbor {{ neighbor }} timers {{ config.timers.keepalive }} {{ config.timers.holdtime }} {% endif %} {% endif %} {% if config.update_source is defined and config.update_source is not none %} neighbor {{ neighbor }} update-source {{ config.update_source }} {% endif %} {% if config.interface is defined and config.interface is not none %} {% if config.interface.peer_group is defined and config.interface.peer_group is not none %} neighbor {{ neighbor }} interface peer-group {{ config.interface.peer_group }} {% endif %} {% if config.interface.v6only is defined and config.interface.v6only is not none %} {% if config.interface.v6only.peer_group is defined and config.interface.v6only.peer_group is not none %} neighbor {{ neighbor }} interface v6only peer-group {{ config.interface.v6only.peer_group }} {% endif %} {% if config.interface.v6only.remote_as is defined and config.interface.v6only.remote_as is not none %} neighbor {{ neighbor }} interface v6only remote-as {{ config.interface.v6only.remote_as }} {% endif %} {% endif %} {% endif %} ! {% if config.address_family is defined and config.address_family is not none %} {% for afi, afi_config in config.address_family.items() %} {% if afi == 'ipv4_unicast' %} address-family ipv4 unicast {% elif afi == 'ipv6_unicast' %} address-family ipv6 unicast {% elif afi == 'l2vpn_evpn' %} address-family l2vpn evpn {% endif %} {% if afi_config.addpath_tx_all is defined %} neighbor {{ neighbor }} addpath-tx-all-paths {% endif %} {% if afi_config.addpath_tx_per_as is defined %} neighbor {{ neighbor }} addpath-tx-bestpath-per-AS {% endif %} {% if afi_config.allowas_in is defined and afi_config.allowas_in is not none %} neighbor {{ neighbor }} allowas-in {{ afi_config.allowas_in.number if afi_config.allowas_in.number is defined }} {% endif %} {% if afi_config.remove_private_as is defined %} neighbor {{ neighbor }} remove-private-AS {% endif %} {% if afi_config.route_reflector_client is defined %} neighbor {{ neighbor }} route-reflector-client {% endif %} {% if afi_config.weight is defined and afi_config.weight is not none %} neighbor {{ neighbor }} weight {{ afi_config.weight }} {% endif %} {% if afi_config.attribute_unchanged is defined and afi_config.attribute_unchanged is not none %} neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if afi_config.attribute_unchanged.as_path is defined }}{{ 'med ' if afi_config.attribute_unchanged.med is defined }}{{ 'next-hop ' if afi_config.attribute_unchanged.next_hop is defined }} {% endif %} {% if afi_config.capability is defined and afi_config.capability.orf is defined and afi_config.capability.orf.prefix_list is defined and afi_config.capability.orf.prefix_list.send is defined %} neighbor {{ neighbor }} capability orf prefix-list send {% endif %} {% if afi_config.capability is defined and afi_config.capability.orf is defined and afi_config.capability.orf.prefix_list is defined and afi_config.capability.orf.prefix_list.receive is defined %} neighbor {{ neighbor }} capability orf prefix-list receive {% endif %} {% if afi_config.default_originate is defined %} neighbor {{ neighbor }} default-originate {{ 'route-map ' + afi_config.default_originate.route_map if afi_config.default_originate.route_map is defined }} {% endif %} {% if afi_config.distribute_list is defined and afi_config.distribute_list is not none %} {% if afi_config.distribute_list.export is defined and afi_config.distribute_list.export is not none %} neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.export }} out {% endif %} {% if afi_config.distribute_list.import is defined and afi_config.distribute_list.import is not none %} neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.import }} in {% endif %} {% endif %} {% if afi_config.filter_list is defined and afi_config.filter_list is not none %} {% if afi_config.filter_list.export is defined and afi_config.filter_list.export is not none %} neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.export }} out {% endif %} {% if afi_config.filter_list.import is defined and afi_config.filter_list.import is not none %} neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.import }} in {% endif %} {% endif %} {% if afi_config.maximum_prefix is defined and afi_config.maximum_prefix is not none %} neighbor {{ neighbor }} maximum-prefix {{ afi_config.maximum_prefix }} {% endif %} {% if afi_config.nexthop_self is defined %} neighbor {{ neighbor }} next-hop-self {{ 'force' if afi_config.nexthop_self.force is defined }} {% endif %} {% if afi_config.route_server_client is defined %} neighbor {{ neighbor }} route-server-client {% endif %} {% if afi_config.route_map is defined and afi_config.route_map is not none %} {% if afi_config.route_map.export is defined and afi_config.route_map.export is not none %} neighbor {{ neighbor }} route-map {{ afi_config.route_map.export }} out {% endif %} {% if afi_config.route_map.import is defined and afi_config.route_map.import is not none %} neighbor {{ neighbor }} route-map {{ afi_config.route_map.import }} in {% endif %} {% endif %} {% if afi_config.prefix_list is defined and afi_config.prefix_list is not none %} {% if afi_config.prefix_list.export is defined and afi_config.prefix_list.export is not none %} neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.export }} out {% endif %} {% if afi_config.prefix_list.import is defined and afi_config.prefix_list.import is not none %} neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.import }} in {% endif %} {% endif %} {% if afi_config.soft_reconfiguration is defined and afi_config.soft_reconfiguration.inbound is defined %} neighbor {{ neighbor }} soft-reconfiguration inbound {% endif %} {% if afi_config.unsuppress_map is defined and afi_config.unsuppress_map is not none %} neighbor {{ neighbor }} unsuppress-map {{ afi_config.unsuppress_map }} {% endif %} {% if afi_config.disable_send_community is defined and afi_config.disable_send_community.extended is defined %} no neighbor {{ neighbor }} send-community extended {% endif %} {% if afi_config.disable_send_community is defined and afi_config.disable_send_community.standard is defined %} no neighbor {{ neighbor }} send-community standard {% endif %} neighbor {{ neighbor }} activate exit-address-family ! {% endfor %} {% endif %} {% endmacro %} ! -router bgp {{ asn }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} +router bgp {{ local_as }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% if parameters is defined and parameters.ebgp_requires_policy is defined %} bgp ebgp-requires-policy {% else %} no bgp ebgp-requires-policy {% endif %} {# Workaround for T2100 until we have decided about a migration script #} no bgp network import-check {% if address_family is defined and address_family is not none %} {% for afi, afi_config in address_family.items() %} ! {% if afi == 'ipv4_unicast' %} address-family ipv4 unicast {% elif afi == 'ipv6_unicast' %} address-family ipv6 unicast {% elif afi == 'l2vpn_evpn' %} address-family l2vpn evpn {% endif %} {% if afi_config.aggregate_address is defined and afi_config.aggregate_address is not none %} {% for ip in afi_config.aggregate_address %} aggregate-address {{ ip }}{{ ' as-set' if afi_config.aggregate_address[ip].as_set is defined }}{{ ' summary-only' if afi_config.aggregate_address[ip].summary_only is defined }} {% endfor %} {% endif %} {% if afi_config.maximum_paths is defined and afi_config.maximum_paths.ebgp is defined and afi_config.maximum_paths.ebgp is not none %} maximum-paths {{ afi_config.maximum_paths.ebgp }} {% endif %} {% if afi_config.maximum_paths is defined and afi_config.maximum_paths.ibgp is defined and afi_config.maximum_paths.ibgp is not none %} maximum-paths ibgp {{ afi_config.maximum_paths.ibgp }} {% endif %} {% if afi_config.redistribute is defined and afi_config.redistribute is not none %} {% for protocol in afi_config.redistribute %} {% if protocol == 'table' %} redistribute table {{ afi_config.redistribute[protocol].table }} {% else %} {% set redistribution_protocol = protocol %} {% if protocol == 'ospfv3' %} {% set redistribution_protocol = 'ospf6' %} {% endif %} redistribute {{ redistribution_protocol }}{% if afi_config.redistribute[protocol].metric is defined %} metric {{ afi_config.redistribute[protocol].metric }}{% endif %}{% if afi_config.redistribute[protocol].route_map is defined %} route-map {{ afi_config.redistribute[protocol].route_map }}{% endif %} {####### we need this blank line!! #######} {% endif %} {% endfor %} {% endif %} {% if afi_config.network is defined and afi_config.network is not none %} {% for network in afi_config.network %} network {{ network }}{% if afi_config.network[network].route_map is defined %} route-map {{ afi_config.network[network].route_map }}{% endif %}{% if afi_config.network[network].backdoor is defined %} backdoor{% endif %} {####### we need this blank line!! #######} {% endfor %} {% endif %} {% if afi_config.advertise_all_vni is defined %} advertise-all-vni {% endif %} {% if afi_config.advertise_default_gw is defined %} advertise-default-gw {% endif %} {% if afi_config.advertise_pip is defined and afi_config.advertise_pip is not none %} advertise-pip ip {{ afi_config.advertise_pip }} {% endif %} {% if afi_config.advertise_svi_ip is defined %} advertise-svi-ip {% endif %} {% if afi_config.rt_auto_derive is defined %} autort rfc8365-compatible {% endif %} {% if afi_config.flooding is defined and afi_config.flooding.disable is defined %} flooding disable {% endif %} {% if afi_config.flooding is defined and afi_config.flooding.head_end_replication is defined %} flooding head-end-replication {% endif %} {% if afi_config.rd is defined and afi_config.rd is not none %} rd {{ afi_config.rd }} {% endif %} {% if afi_config.route_target is defined and afi_config.route_target is not none %} {% if afi_config.route_target.both is defined and afi_config.route_target.both is not none %} route-target both {{ afi_config.route_target.both }} {% endif %} {% if afi_config.route_target.export is defined and afi_config.route_target.export is not none %} route-target export {{ afi_config.route_target.export }} {% endif %} {% if afi_config.route_target.import is defined and afi_config.route_target.import is not none %} route-target import {{ afi_config.route_target.import }} {% endif %} {% endif %} {% if afi_config.vni is defined and afi_config.vni is not none %} {% for vni, vni_config in afi_config.vni.items() %} vni {{ vni }} {% if vni_config.advertise_default_gw is defined %} advertise-default-gw {% endif %} {% if vni_config.advertise_svi_ip is defined %} advertise-svi-ip {% endif %} {% if vni_config.rd is defined and vni_config.rd is not none %} rd {{ vni_config.rd }} {% endif %} {% if vni_config.route_target is defined and vni_config.route_target is not none %} {% if vni_config.route_target.both is defined and vni_config.route_target.both is not none %} route-target both {{ vni_config.route_target.both }} {% endif %} {% if vni_config.route_target.export is defined and vni_config.route_target.export is not none %} route-target export {{ vni_config.route_target.export }} {% endif %} {% if vni_config.route_target.import is defined and vni_config.route_target.import is not none %} route-target import {{ vni_config.route_target.import }} {% endif %} {% endif %} exit-vni {% endfor %} {% endif %} exit-address-family {% endfor %} {% endif %} ! {% if peer_group is defined and peer_group is not none %} {% for peer, config in peer_group.items() %} {{ bgp_neighbor(peer, config, true) }} {% endfor %} {% endif %} ! {% if neighbor is defined and neighbor is not none %} {% for peer, config in neighbor.items() %} {{ bgp_neighbor(peer, config) }} {% endfor %} {% endif %} ! {% if listen is defined %} {% if listen.limit is defined and listen.limit is not none %} bgp listen limit {{ listen.limit }} {% endif %} {% for prefix, options in listen.range.items() %} {% if options.peer_group is defined and options.peer_group is not none %} bgp listen range {{ prefix }} peer-group {{ options.peer_group }} {% endif %} {% endfor %} {% endif %} {% if parameters is defined %} {% if parameters.always_compare_med is defined %} bgp always-compare-med {% endif %} {% if parameters.bestpath is defined and parameters.bestpath is not none %} {% if parameters.bestpath.compare_routerid is defined %} bgp bestpath compare-routerid {% endif %} {% if parameters.bestpath.as_path is defined and parameters.bestpath.as_path is not none %} {% for option in parameters.bestpath.as_path %} bgp bestpath as-path {{ option|replace('_', '-') }} {% endfor %} {% endif %} {% if parameters.bestpath.med is defined and parameters.bestpath.med is not none %} bgp bestpath med {{ 'confed' if parameters.bestpath.med.confed is defined }} {{ 'missing-as-worst' if parameters.bestpath.med.missing_as_worst is defined }} {% endif %} {% endif %} {% if parameters.cluster_id is defined and parameters.cluster_id is not none %} bgp cluster-id {{ parameters.cluster_id }} {% endif %} {% if parameters.confederation is defined and parameters.confederation is not none %} {% if parameters.confederation.identifier is defined and parameters.confederation.identifier is not none %} bgp confederation identifier {{ parameters.confederation.identifier }} {% endif %} {% if parameters.confederation.peers is defined and parameters.confederation.peers is not none %} bgp confederation peers {{ parameters.confederation.peers }} {% endif %} {% endif %} {% if parameters.dampening is defined and parameters.dampening is defined and parameters.dampening.half_life is defined and parameters.dampening.half_life is not none %} {# Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #} bgp dampening {{ parameters.dampening.half_life }} {{ parameters.dampening.re_use if parameters.dampening.re_use is defined }} {{ parameters.dampening.start_suppress_time if parameters.dampening.start_suppress_time is defined }} {{ parameters.dampening.max_suppress_time if parameters.dampening.max_suppress_time is defined }} {% endif %} {% if parameters.default is defined and parameters.default is not none %} {% if parameters.default.local_pref is defined and parameters.default.local_pref is not none %} bgp default local-preference {{ parameters.default.local_pref }} {% endif %} {% if parameters.default.no_ipv4_unicast is defined %} no bgp default ipv4-unicast {% endif %} {% endif %} {% if parameters.deterministic_med is defined %} bgp deterministic-med {% endif %} {% if parameters.distance is defined and parameters.distance is not none %} ! address-family ipv4 unicast {% if parameters.distance.global is defined and parameters.distance.global.external is defined and parameters.distance.global.internal is defined and parameters.distance.global.local is defined %} distance bgp {{ parameters.distance.global.external }} {{ parameters.distance.global.internal }} {{ parameters.distance.global.local }} {% endif %} {% if parameters.distance.prefix is defined and parameters.distance.prefix is not none %} {% for prefix in parameters.distance.prefix %} distance {{ parameters.distance.prefix[prefix].distance }} {{ prefix }} {% endfor %} {% endif %} exit-address-family ! {% endif %} {% if parameters.graceful_restart is defined %} bgp graceful-restart {{ 'stalepath-time ' + parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is defined }} {% endif %} {% if parameters.graceful_shutdown is defined %} bgp graceful-shutdown {% endif %} {% if parameters.log_neighbor_changes is defined %} bgp log-neighbor-changes {% endif %} {% if parameters.network_import_check is defined %} bgp network import-check {% endif %} {% if parameters.no_client_to_client_reflection is defined %} no bgp client-to-client reflection {% endif %} {% if parameters.no_fast_external_failover is defined %} no bgp fast-external-failover {% endif %} {% if parameters.router_id is defined and parameters.router_id is not none %} bgp router-id {{ parameters.router_id }} {% endif %} {% endif %} {% if timers is defined and timers.keepalive is defined and timers.holdtime is defined %} timers bgp {{ timers.keepalive }} {{ timers.holdtime }} {% endif %} ! {% if route_map is defined and route_map is not none %} ip protocol bgp route-map {{ route_map }} {% endif %} ! diff --git a/interface-definitions/include/bgp/bgp-common-config.xml.i b/interface-definitions/include/bgp/bgp-common-config.xml.i index ae0e8b178..c89e2288e 100644 --- a/interface-definitions/include/bgp/bgp-common-config.xml.i +++ b/interface-definitions/include/bgp/bgp-common-config.xml.i @@ -1,825 +1,837 @@ <!-- include start from bgp/bgp-common-config.xml.i --> <node name="address-family"> <properties> <help>BGP address-family parameters</help> </properties> <children> <node name="ipv4-unicast"> <properties> <help>IPv4 BGP settings</help> </properties> <children> <tagNode name="aggregate-address"> <properties> <help>BGP aggregate network</help> <valueHelp> <format>ipv4net</format> <description>BGP aggregate network</description> </valueHelp> <constraint> <validator name="ipv4-prefix"/> </constraint> </properties> <children> #include <include/bgp/bgp-afi-aggregate-address.xml.i> </children> </tagNode> <tagNode name="network"> <properties> <help>BGP network</help> <valueHelp> <format>ipv4net</format> <description>BGP network</description> </valueHelp> <constraint> <validator name="ipv4-prefix"/> </constraint> </properties> <children> <leafNode name="backdoor"> <properties> <help>Network as a backdoor route</help> <valueless/> </properties> </leafNode> #include <include/route-map.xml.i> </children> </tagNode> #include <include/bgp/bgp-afi-maximum-paths.xml.i> <node name="redistribute"> <properties> <help>Redistribute routes from other protocols into BGP</help> </properties> <children> <node name="connected"> <properties> <help>Redistribute connected routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="isis"> <properties> <help>Redistribute IS-IS routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="kernel"> <properties> <help>Redistribute kernel routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="ospf"> <properties> <help>Redistribute OSPF routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="rip"> <properties> <help>Redistribute RIP routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="static"> <properties> <help>Redistribute static routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <leafNode name="table"> <properties> <help>Redistribute non-main Kernel Routing Table</help> </properties> </leafNode> </children> </node> </children> </node> <node name="ipv6-unicast"> <properties> <help>IPv6 BGP settings</help> </properties> <children> <tagNode name="aggregate-address"> <properties> <help>BGP aggregate network</help> <valueHelp> <format>ipv6net</format> <description>Aggregate network</description> </valueHelp> <constraint> <validator name="ipv6-prefix"/> </constraint> </properties> <children> #include <include/bgp/bgp-afi-aggregate-address.xml.i> </children> </tagNode> <tagNode name="network"> <properties> <help>BGP network</help> <valueHelp> <format>ipv6net</format> <description>Aggregate network</description> </valueHelp> <constraint> <validator name="ipv6-prefix"/> </constraint> </properties> <children> <leafNode name="path-limit"> <properties> <help>AS-path hopcount limit</help> <valueHelp> <format>u32:0-255</format> <description>AS path hop count limit</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-255"/> </constraint> </properties> </leafNode> #include <include/route-map.xml.i> </children> </tagNode> #include <include/bgp/bgp-afi-maximum-paths.xml.i> <node name="redistribute"> <properties> <help>Redistribute routes from other protocols into BGP</help> </properties> <children> <node name="connected"> <properties> <help>Redistribute connected routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="kernel"> <properties> <help>Redistribute kernel routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="ospfv3"> <properties> <help>Redistribute OSPFv3 routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="ripng"> <properties> <help>Redistribute RIPng routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <node name="static"> <properties> <help>Redistribute static routes into BGP</help> </properties> <children> #include <include/bgp/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> <leafNode name="table"> <properties> <help>Redistribute non-main Kernel Routing Table</help> </properties> </leafNode> </children> </node> </children> </node> <node name="l2vpn-evpn"> <properties> <help>L2VPN EVPN BGP settings</help> </properties> <children> <leafNode name="advertise-all-vni"> <properties> <help>Advertise All local VNIs</help> <valueless/> </properties> </leafNode> #include <include/bgp/bgp-afi-l2vpn-common.xml.i> <leafNode name="advertise-pip"> <properties> <help>EVPN system primary IP</help> <valueHelp> <format>ipv4</format> <description>IP address</description> </valueHelp> <constraint> <validator name="ipv4-address"/> </constraint> </properties> </leafNode> <leafNode name="rt-auto-derive"> <properties> <help>Auto derivation of Route Target (RFC8365)</help> <valueless/> </properties> </leafNode> <node name="flooding"> <properties> <help>Specify handling for BUM packets</help> </properties> <children> <leafNode name="disable"> <properties> <help>Do not flood any BUM packets</help> <valueless/> </properties> </leafNode> <leafNode name="head-end-replication"> <properties> <help>Flood BUM packets using head-end replication</help> <valueless/> </properties> </leafNode> </children> </node> <tagNode name="vni"> <properties> <help>VXLAN Network Identifier</help> <valueHelp> <format>u32:1-16777215</format> <description>VNI number</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-16777215"/> </constraint> </properties> <children> #include <include/bgp/bgp-afi-l2vpn-common.xml.i> </children> </tagNode> </children> </node> </children> </node> <node name="listen"> <properties> - <help>Listen for and accept BGP dynamic neighbors from range</help> + <help>BGP dynamic neighbors listen commands</help> </properties> <children> <leafNode name="limit"> <properties> <help>Maximum number of dynamic neighbors that can be created</help> <valueHelp> <format>u32:1-5000</format> <description>BGP neighbor limit</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-5000"/> </constraint> </properties> </leafNode> <tagNode name="range"> <properties> - <help>BGP dynamic neighbors listen range</help> + <help>Dynamic neighbors listen range</help> <valueHelp> <format>ipv4net</format> <description>IPv4 dynamic neighbors listen range</description> </valueHelp> <valueHelp> <format>ipv6net</format> <description>IPv6 dynamic neighbors listen range</description> </valueHelp> <constraint> <validator name="ipv4-prefix"/> <validator name="ipv6-prefix"/> </constraint> </properties> <children> #include <include/bgp/bgp-peer-group.xml.i> </children> </tagNode> </children> </node> +<leafNode name="local-as"> + <properties> + <help>Autonomous System Number (ASN)</help> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Autonomous System Number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> +</leafNode> <tagNode name="neighbor"> <properties> <help>BGP neighbor</help> <valueHelp> <format>ipv4</format> <description>BGP neighbor IP address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>BGP neighbor IPv6 address</description> </valueHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> <validator name="interface-name"/> </constraint> </properties> <children> <node name="address-family"> <properties> <help>Parameters relating to IPv4 or IPv6 routes</help> </properties> <children> #include <include/bgp/bgp-neighbor-afi-ipv4-unicast.xml.i> #include <include/bgp/bgp-neighbor-afi-ipv6-unicast.xml.i> #include <include/bgp/bgp-neighbor-afi-l2vpn-evpn.xml.i> </children> </node> <leafNode name="advertisement-interval"> <properties> <help>Minimum interval for sending routing updates</help> <valueHelp> <format>u32:0-600</format> <description>Advertisement interval in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-600"/> </constraint> </properties> </leafNode> #include <include/bgp/bgp-bfd.xml.i> #include <include/bgp/bgp-capability.xml.i> #include <include/bgp/bgp-description.xml.i> #include <include/bgp/bgp-disable-capability-negotiation.xml.i> #include <include/bgp/bgp-disable-connected-check.xml.i> #include <include/bgp/bgp-ebgp-multihop.xml.i> <node name="interface"> <properties> <help>Interface parameters</help> </properties> <children> #include <include/bgp/bgp-peer-group.xml.i> #include <include/bgp/bgp-remote-as.xml.i> <node name="v6only"> <properties> <help>Enable BGP with v6 link-local only</help> </properties> <children> #include <include/bgp/bgp-peer-group.xml.i> #include <include/bgp/bgp-remote-as.xml.i> </children> </node> </children> </node> #include <include/bgp/bgp-local-as.xml.i> #include <include/bgp/bgp-override-capability.xml.i> #include <include/bgp/bgp-passive.xml.i> #include <include/bgp/bgp-password.xml.i> #include <include/bgp/bgp-peer-group.xml.i> <leafNode name="port"> <properties> <help>Neighbor BGP port</help> <valueHelp> <format>u32:1-65535</format> <description>Neighbor BGP port number</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> </leafNode> #include <include/bgp/bgp-remote-as.xml.i> #include <include/bgp/bgp-shutdown.xml.i> <leafNode name="strict-capability-match"> <properties> <help>Enable strict capability negotiation</help> <valueless/> </properties> </leafNode> <node name="timers"> <properties> <help>Neighbor timers</help> </properties> <children> <leafNode name="connect"> <properties> <help>BGP connect timer for this neighbor</help> <valueHelp> <format>u32:1-65535</format> <description>Connect timer in seconds</description> </valueHelp> <valueHelp> <format>0</format> <description>Disable connect timer</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> </constraint> </properties> </leafNode> #include <include/bgp/bgp-timers-holdtime.xml.i> #include <include/bgp/bgp-timers-keepalive.xml.i> </children> </node> #include <include/bgp/bgp-ttl-security.xml.i> #include <include/bgp/bgp-update-source.xml.i> </children> </tagNode> <node name="parameters"> <properties> <help>BGP parameters</help> </properties> <children> <leafNode name="always-compare-med"> <properties> <help>Always compare MEDs from different neighbors</help> <valueless/> </properties> </leafNode> <node name="bestpath"> <properties> <help>Default bestpath selection mechanism</help> </properties> <children> <node name="as-path"> <properties> <help>AS-path attribute comparison parameters</help> </properties> <children> <leafNode name="confed"> <properties> <help>Compare AS-path lengths including confederation sets and sequences</help> <valueless/> </properties> </leafNode> <leafNode name="ignore"> <properties> <help>Ignore AS-path length in selecting a route</help> <valueless/> </properties> </leafNode> <leafNode name="multipath-relax"> <properties> <help>Allow load sharing across routes that have different AS paths (but same length)</help> <valueless/> </properties> </leafNode> </children> </node> <leafNode name="compare-routerid"> <properties> <help>Compare the router-id for identical EBGP paths</help> <valueless/> </properties> </leafNode> <node name="med"> <properties> <help>MED attribute comparison parameters</help> </properties> <children> <leafNode name="confed"> <properties> <help>Compare MEDs among confederation paths</help> <valueless/> </properties> </leafNode> <leafNode name="missing-as-worst"> <properties> <help>Treat missing route as a MED as the least preferred one</help> <valueless/> </properties> </leafNode> </children> </node> </children> </node> <leafNode name="cluster-id"> <properties> <help>Route-reflector cluster-id</help> <valueHelp> <format>ipv4</format> <description>Route-reflector cluster-id</description> </valueHelp> <constraint> <validator name="ipv4-address"/> </constraint> </properties> </leafNode> <node name="confederation"> <properties> <help>AS confederation parameters</help> </properties> <children> <leafNode name="identifier"> <properties> <help>Confederation AS identifier [REQUIRED]</help> <valueHelp> <format>u32:1-4294967294</format> <description>Confederation AS id</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-4294967294"/> </constraint> </properties> </leafNode> <leafNode name="peers"> <properties> <help>Peer ASs in the BGP confederation</help> <valueHelp> <format>u32:1-4294967294</format> <description>Peer AS number</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-4294967294"/> </constraint> </properties> </leafNode> </children> </node> <node name="dampening"> <properties> <help>Enable route-flap dampening</help> </properties> <children> <leafNode name="half-life"> <properties> <help>Half-life time for dampening [REQUIRED]</help> <valueHelp> <format>u32:1-45</format> <description>Half-life penalty in minutes</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-45"/> </constraint> </properties> </leafNode> <leafNode name="max-suppress-time"> <properties> <help>Maximum duration to suppress a stable route [REQUIRED]</help> <valueHelp> <format>u32:1-255</format> <description>Maximum suppress duration in minutes</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> </leafNode> <leafNode name="re-use"> <properties> <help>Threshold to start reusing a route [REQUIRED]</help> <valueHelp> <format>u32:1-20000</format> <description>Re-use penalty points</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-20000"/> </constraint> </properties> </leafNode> <leafNode name="start-suppress-time"> <properties> <help>When to start suppressing a route [REQUIRED]</help> <valueHelp> <format>u32:1-20000</format> <description>Start-suppress penalty points</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-20000"/> </constraint> </properties> </leafNode> </children> </node> <node name="default"> <properties> <help>BGP defaults</help> </properties> <children> <leafNode name="local-pref"> <properties> <help>Default local preference</help> <valueHelp> <format>u32</format> <description>Local preference</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295"/> </constraint> </properties> </leafNode> <leafNode name="no-ipv4-unicast"> <properties> <help>Deactivate IPv4 unicast for a peer by default</help> <valueless/> </properties> </leafNode> </children> </node> <leafNode name="deterministic-med"> <properties> <help>Compare MEDs between different peers in the same AS</help> <valueless/> </properties> </leafNode> <node name="distance"> <properties> <help>Administratives distances for BGP routes</help> </properties> <children> <node name="global"> <properties> <help>Global administratives distances for BGP routes</help> </properties> <children> <leafNode name="external"> <properties> <help>Administrative distance for external BGP routes</help> <valueHelp> <format>u32:1-255</format> <description>Administrative distance for external BGP routes</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> </leafNode> <leafNode name="internal"> <properties> <help>Administrative distance for internal BGP routes</help> <valueHelp> <format>u32:1-255</format> <description>Administrative distance for internal BGP routes</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> </leafNode> <leafNode name="local"> <properties> <help>Administrative distance for local BGP routes</help> <valueHelp> <format>u32:1-255</format> <description>Administrative distance for internal BGP routes</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> </leafNode> </children> </node> <tagNode name="prefix"> <properties> <help>Administrative distance for a specific BGP prefix</help> <valueHelp> <format>ipv4net</format> <description>Administrative distance for a specific BGP prefix</description> </valueHelp> <constraint> <validator name="ipv4-prefix"/> </constraint> </properties> <children> <leafNode name="distance"> <properties> <help>Administrative distance for prefix</help> <valueHelp> <format>u32:1-255</format> <description>Administrative distance for external BGP routes</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> </leafNode> </children> </tagNode> </children> </node> <leafNode name="ebgp-requires-policy"> <properties> <help>Require in and out policy for eBGP peers (RFC8212)</help> <valueless/> </properties> </leafNode> <node name="graceful-restart"> <properties> <help>Graceful restart capability parameters</help> </properties> <children> <leafNode name="stalepath-time"> <properties> <help>Maximum time to hold onto restarting neighbors stale paths</help> <valueHelp> <format>u32:1-3600</format> <description>Hold time in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-3600"/> </constraint> </properties> </leafNode> </children> </node> <leafNode name="graceful-shutdown"> <properties> <help>Graceful shutdown</help> <valueless/> </properties> </leafNode> <leafNode name="log-neighbor-changes"> <properties> <help>Log neighbor up/down changes and reset reason</help> <valueless/> </properties> </leafNode> <leafNode name="network-import-check"> <properties> <help>Enable IGP route check for network statements</help> <valueless/> </properties> </leafNode> <leafNode name="no-client-to-client-reflection"> <properties> <help>Disable client to client route reflection</help> <valueless/> </properties> </leafNode> <leafNode name="no-fast-external-failover"> <properties> <help>Disable immediate session reset on peer link down event</help> <valueless/> </properties> </leafNode> <leafNode name="router-id"> <properties> <help>BGP router id</help> <valueHelp> <format>ipv4</format> <description>BGP router id</description> </valueHelp> <constraint> <validator name="ipv4-address"/> </constraint> </properties> </leafNode> </children> </node> <tagNode name="peer-group"> <properties> <help>BGP peer-group</help> </properties> <children> <node name="address-family"> <properties> <help>BGP peer-group address-family parameters</help> </properties> <children> #include <include/bgp/bgp-neighbor-afi-ipv4-unicast.xml.i> #include <include/bgp/bgp-neighbor-afi-ipv6-unicast.xml.i> #include <include/bgp/bgp-neighbor-afi-l2vpn-evpn.xml.i> </children> </node> #include <include/bgp/bgp-bfd.xml.i> #include <include/bgp/bgp-capability.xml.i> #include <include/bgp/bgp-description.xml.i> #include <include/bgp/bgp-disable-capability-negotiation.xml.i> #include <include/bgp/bgp-disable-connected-check.xml.i> #include <include/bgp/bgp-ebgp-multihop.xml.i> #include <include/bgp/bgp-local-as.xml.i> #include <include/bgp/bgp-override-capability.xml.i> #include <include/bgp/bgp-passive.xml.i> #include <include/bgp/bgp-password.xml.i> #include <include/bgp/bgp-remote-as.xml.i> #include <include/bgp/bgp-shutdown.xml.i> #include <include/bgp/bgp-ttl-security.xml.i> #include <include/bgp/bgp-update-source.xml.i> </children> </tagNode> #include <include/route-map.xml.i> <node name="timers"> <properties> <help>BGP protocol timers</help> </properties> <children> #include <include/bgp/bgp-timers-holdtime.xml.i> #include <include/bgp/bgp-timers-keepalive.xml.i> </children> </node> <!-- include end --> diff --git a/interface-definitions/protocols-bgp.xml.in b/interface-definitions/protocols-bgp.xml.in index cf897d04f..d610f8dff 100644 --- a/interface-definitions/protocols-bgp.xml.in +++ b/interface-definitions/protocols-bgp.xml.in @@ -1,23 +1,16 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="protocols"> <children> - <tagNode name="bgp" owner="${vyos_conf_scripts_dir}/protocols_bgp.py"> + <node name="bgp" owner="${vyos_conf_scripts_dir}/protocols_bgp.py"> <properties> <help>Border Gateway Protocol (BGP)</help> <priority>820</priority> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Autonomous System Number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - </constraint> </properties> <children> #include <include/bgp/bgp-common-config.xml.i> </children> - </tagNode> + </node> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 7e5765c54..8a56b1bc0 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -1,99 +1,92 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="vrf" owner="${vyos_conf_scripts_dir}/vrf.py"> <properties> <help>Virtual Routing and Forwarding</help> <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl --> <priority>299</priority> </properties> <children> <leafNode name="bind-to-all"> <properties> <help>Enable binding services to all VRFs</help> <valueless/> </properties> </leafNode> <tagNode name="name"> <properties> <help>Virtual Routing and Forwarding instance</help> <constraint> <validator name="vrf-name"/> </constraint> <constraintErrorMessage>VRF instance name must be 15 characters or less and can not\nbe named as regular network interfaces.\n</constraintErrorMessage> <valueHelp> <format>txt</format> <description>VRF instance name</description> </valueHelp> </properties> <children> #include <include/interface/interface-description.xml.i> #include <include/interface/interface-disable.xml.i> <node name="protocols"> <properties> <help>Routing protocol parameters</help> </properties> <children> - <tagNode name="bgp" owner="${vyos_conf_scripts_dir}/protocols_bgp.py $VAR(../../@)"> + <node name="bgp" owner="${vyos_conf_scripts_dir}/protocols_bgp.py $VAR(../../@)"> <properties> <help>Border Gateway Protocol (BGP)</help> <priority>821</priority> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Autonomous System Number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - </constraint> </properties> <children> #include <include/bgp/bgp-common-config.xml.i> </children> - </tagNode> + </node> <node name="isis" owner="${vyos_conf_scripts_dir}/protocols_isis.py $VAR(../../@)"> <properties> <help>Intermediate System to Intermediate System (IS-IS)</help> <priority>611</priority> </properties> <children> #include <include/isis/isis-common-config.xml.i> </children> </node> <node name="ospf" owner="${vyos_conf_scripts_dir}/protocols_ospf.py $VAR(../../@)"> <properties> <help>Open Shortest Path First (OSPF)</help> <priority>621</priority> </properties> <children> #include <include/ospf/ospf-common-config.xml.i> </children> </node> <node name="static" owner="${vyos_conf_scripts_dir}/protocols_static.py $VAR(../../@)"> <properties> <help>Static route parameters</help> <priority>481</priority> </properties> <children> #include <include/static/static-route.xml.i> #include <include/static/static-route6.xml.i> </children> </node> </children> </node> <leafNode name="table"> <properties> <help>Routing table associated with this instance</help> <valueHelp> <format>100-2147483647</format> <description>Routing table ID</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 100-2147483647"/> </constraint> <constraintErrorMessage>VRF routing table must be in range from 100 to 2147483647</constraintErrorMessage> </properties> </leafNode> </children> </tagNode> </children> </node> </interfaceDefinition> diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index be99a0960..4f39948c0 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -1,562 +1,583 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import unittest from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError from vyos.template import is_ipv6 from vyos.util import process_named_running PROCESS_NAME = 'bgpd' ASN = '64512' -base_path = ['protocols', 'bgp', ASN] +base_path = ['protocols', 'bgp'] route_map_in = 'foo-map-in' route_map_out = 'foo-map-out' prefix_list_in = 'pfx-foo-in' prefix_list_out = 'pfx-foo-out' prefix_list_in6 = 'pfx-foo-in6' prefix_list_out6 = 'pfx-foo-out6' neighbor_config = { '192.0.2.1' : { 'cap_dynamic' : '', 'cap_ext_next' : '', 'remote_as' : '100', 'adv_interv' : '400', 'passive' : '', 'password' : 'VyOS-Secure123', 'shutdown' : '', 'cap_over' : '', 'ttl_security' : '5', 'local_as' : '300', 'route_map_in' : route_map_in, 'route_map_out': route_map_out, 'no_send_comm_ext' : '', 'addpath_all' : '', }, '192.0.2.2' : { 'remote_as' : '200', 'shutdown' : '', 'no_cap_nego' : '', 'port' : '667', 'cap_strict' : '', 'pfx_list_in' : prefix_list_in, 'pfx_list_out' : prefix_list_out, 'no_send_comm_std' : '', }, '192.0.2.3' : { 'description' : 'foo bar baz', 'remote_as' : '200', 'passive' : '', 'multi_hop' : '5', 'update_src' : 'lo', }, '2001:db8::1' : { 'cap_dynamic' : '', 'cap_ext_next' : '', 'remote_as' : '123', 'adv_interv' : '400', 'passive' : '', 'password' : 'VyOS-Secure123', 'shutdown' : '', 'cap_over' : '', 'ttl_security' : '5', 'local_as' : '300', 'route_map_in' : route_map_in, 'route_map_out': route_map_out, 'no_send_comm_std' : '', 'addpath_per_as' : '', }, '2001:db8::2' : { 'remote_as' : '456', 'shutdown' : '', 'no_cap_nego' : '', 'port' : '667', 'cap_strict' : '', 'pfx_list_in' : prefix_list_in6, 'pfx_list_out' : prefix_list_out6, 'no_send_comm_ext' : '', }, } peer_group_config = { 'foo' : { 'remote_as' : '100', 'passive' : '', 'password' : 'VyOS-Secure123', 'shutdown' : '', 'cap_over' : '', # XXX: not available in current Perl backend # 'ttl_security': '5', }, 'bar' : { 'description' : 'foo peer bar group', 'remote_as' : '200', 'shutdown' : '', 'no_cap_nego' : '', 'local_as' : '300', 'pfx_list_in' : prefix_list_in, 'pfx_list_out' : prefix_list_out, 'no_send_comm_ext' : '', }, 'baz' : { 'cap_dynamic' : '', 'cap_ext_next' : '', 'remote_as' : '200', 'passive' : '', 'multi_hop' : '5', 'update_src' : 'lo', 'route_map_in' : route_map_in, 'route_map_out': route_map_out, }, } class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): def setUp(self): self.cli_set(['policy', 'route-map', route_map_in, 'rule', '10', 'action', 'permit']) self.cli_set(['policy', 'route-map', route_map_out, 'rule', '10', 'action', 'permit']) self.cli_set(['policy', 'prefix-list', prefix_list_in, 'rule', '10', 'action', 'permit']) self.cli_set(['policy', 'prefix-list', prefix_list_in, 'rule', '10', 'prefix', '192.0.2.0/25']) self.cli_set(['policy', 'prefix-list', prefix_list_out, 'rule', '10', 'action', 'permit']) self.cli_set(['policy', 'prefix-list', prefix_list_out, 'rule', '10', 'prefix', '192.0.2.128/25']) self.cli_set(['policy', 'prefix-list6', prefix_list_in6, 'rule', '10', 'action', 'permit']) self.cli_set(['policy', 'prefix-list6', prefix_list_in6, 'rule', '10', 'prefix', '2001:db8:1000::/64']) self.cli_set(['policy', 'prefix-list6', prefix_list_out6, 'rule', '10', 'action', 'deny']) self.cli_set(['policy', 'prefix-list6', prefix_list_out6, 'rule', '10', 'prefix', '2001:db8:2000::/64']) def tearDown(self): self.cli_delete(['policy', 'route-map', route_map_in]) self.cli_delete(['policy', 'route-map', route_map_out]) self.cli_delete(['policy', 'prefix-list', prefix_list_in]) self.cli_delete(['policy', 'prefix-list', prefix_list_out]) self.cli_delete(['policy', 'prefix-list6', prefix_list_in6]) self.cli_delete(['policy', 'prefix-list6', prefix_list_out6]) self.cli_delete(base_path) self.cli_commit() # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) def verify_frr_config(self, peer, peer_config, frrconfig): # recurring patterns to verify for both a simple neighbor and a peer-group if 'cap_dynamic' in peer_config: self.assertIn(f' neighbor {peer} capability dynamic', frrconfig) if 'cap_ext_next' in peer_config: self.assertIn(f' neighbor {peer} capability extended-nexthop', frrconfig) if 'description' in peer_config: self.assertIn(f' neighbor {peer} description {peer_config["description"]}', frrconfig) if 'no_cap_nego' in peer_config: self.assertIn(f' neighbor {peer} dont-capability-negotiate', frrconfig) if 'multi_hop' in peer_config: self.assertIn(f' neighbor {peer} ebgp-multihop {peer_config["multi_hop"]}', frrconfig) if 'local_as' in peer_config: self.assertIn(f' neighbor {peer} local-as {peer_config["local_as"]}', frrconfig) if 'cap_over' in peer_config: self.assertIn(f' neighbor {peer} override-capability', frrconfig) if 'passive' in peer_config: self.assertIn(f' neighbor {peer} passive', frrconfig) if 'password' in peer_config: self.assertIn(f' neighbor {peer} password {peer_config["password"]}', frrconfig) if 'remote_as' in peer_config: self.assertIn(f' neighbor {peer} remote-as {peer_config["remote_as"]}', frrconfig) if 'shutdown' in peer_config: self.assertIn(f' neighbor {peer} shutdown', frrconfig) if 'ttl_security' in peer_config: self.assertIn(f' neighbor {peer} ttl-security hops {peer_config["ttl_security"]}', frrconfig) if 'update_src' in peer_config: self.assertIn(f' neighbor {peer} update-source {peer_config["update_src"]}', frrconfig) if 'route_map_in' in peer_config: self.assertIn(f' neighbor {peer} route-map {peer_config["route_map_in"]} in', frrconfig) if 'route_map_out' in peer_config: self.assertIn(f' neighbor {peer} route-map {peer_config["route_map_out"]} out', frrconfig) if 'pfx_list_in' in peer_config: self.assertIn(f' neighbor {peer} prefix-list {peer_config["pfx_list_in"]} in', frrconfig) if 'pfx_list_out' in peer_config: self.assertIn(f' neighbor {peer} prefix-list {peer_config["pfx_list_out"]} out', frrconfig) if 'no_send_comm_std' in peer_config: self.assertIn(f' no neighbor {peer} send-community', frrconfig) if 'no_send_comm_ext' in peer_config: self.assertIn(f' no neighbor {peer} send-community extended', frrconfig) if 'addpath_all' in peer_config: self.assertIn(f' neighbor {peer} addpath-tx-all-paths', frrconfig) if 'addpath_per_as' in peer_config: self.assertIn(f' neighbor {peer} addpath-tx-bestpath-per-AS', frrconfig) def test_bgp_01_simple(self): router_id = '127.0.0.1' local_pref = '500' stalepath_time = '60' max_path_v4 = '2' max_path_v4ibgp = '4' max_path_v6 = '8' max_path_v6ibgp = '16' self.cli_set(base_path + ['parameters', 'router-id', router_id]) self.cli_set(base_path + ['parameters', 'log-neighbor-changes']) + + # Local AS number MUST be defined + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(base_path + ['local-as', ASN]) + # Default local preference (higher = more preferred, default value is 100) self.cli_set(base_path + ['parameters', 'default', 'local-pref', local_pref]) # Deactivate IPv4 unicast for a peer by default self.cli_set(base_path + ['parameters', 'default', 'no-ipv4-unicast']) self.cli_set(base_path + ['parameters', 'graceful-restart', 'stalepath-time', stalepath_time]) self.cli_set(base_path + ['parameters', 'graceful-shutdown']) self.cli_set(base_path + ['parameters', 'ebgp-requires-policy']) # AFI maximum path support self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ebgp', max_path_v4]) self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ibgp', max_path_v4ibgp]) self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'maximum-paths', 'ebgp', max_path_v6]) self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'maximum-paths', 'ibgp', max_path_v6ibgp]) # commit changes self.cli_commit() # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN}') self.assertIn(f'router bgp {ASN}', frrconfig) self.assertIn(f' bgp router-id {router_id}', frrconfig) self.assertIn(f' bgp log-neighbor-changes', frrconfig) self.assertIn(f' bgp default local-preference {local_pref}', frrconfig) self.assertIn(f' no bgp default ipv4-unicast', frrconfig) self.assertIn(f' bgp graceful-restart stalepath-time {stalepath_time}', frrconfig) self.assertIn(f' bgp graceful-shutdown', frrconfig) self.assertNotIn(f'bgp ebgp-requires-policy', frrconfig) afiv4_config = self.getFRRconfig(' address-family ipv4 unicast') self.assertIn(f' maximum-paths {max_path_v4}', afiv4_config) self.assertIn(f' maximum-paths ibgp {max_path_v4ibgp}', afiv4_config) afiv6_config = self.getFRRconfig(' address-family ipv6 unicast') self.assertIn(f' maximum-paths {max_path_v6}', afiv6_config) self.assertIn(f' maximum-paths ibgp {max_path_v6ibgp}', afiv6_config) def test_bgp_02_neighbors(self): + self.cli_set(base_path + ['local-as', ASN]) # Test out individual neighbor configuration items, not all of them are # also available to a peer-group! for peer, peer_config in neighbor_config.items(): afi = 'ipv4-unicast' if is_ipv6(peer): afi = 'ipv6-unicast' if 'adv_interv' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'advertisement-interval', peer_config["adv_interv"]]) if 'cap_dynamic' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'capability', 'dynamic']) if 'cap_ext_next' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'capability', 'extended-nexthop']) if 'description' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'description', peer_config["description"]]) if 'no_cap_nego' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'disable-capability-negotiation']) if 'multi_hop' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'ebgp-multihop', peer_config["multi_hop"]]) if 'local_as' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'local-as', peer_config["local_as"]]) if 'cap_over' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'override-capability']) if 'passive' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'passive']) if 'password' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'password', peer_config["password"]]) if 'port' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'port', peer_config["port"]]) if 'remote_as' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'remote-as', peer_config["remote_as"]]) if 'cap_strict' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'strict-capability-match']) if 'shutdown' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'shutdown']) if 'ttl_security' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'ttl-security', 'hops', peer_config["ttl_security"]]) if 'update_src' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'update-source', peer_config["update_src"]]) if 'route_map_in' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'route-map', 'import', peer_config["route_map_in"]]) if 'route_map_out' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'route-map', 'export', peer_config["route_map_out"]]) if 'pfx_list_in' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'prefix-list', 'import', peer_config["pfx_list_in"]]) if 'pfx_list_out' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'prefix-list', 'export', peer_config["pfx_list_out"]]) if 'no_send_comm_std' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'disable-send-community', 'standard']) if 'no_send_comm_ext' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'disable-send-community', 'extended']) if 'addpath_all' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'addpath-tx-all']) if 'addpath_per_as' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'addpath-tx-per-as']) # commit changes self.cli_commit() # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN}') self.assertIn(f'router bgp {ASN}', frrconfig) for peer, peer_config in neighbor_config.items(): if 'adv_interv' in peer_config: self.assertIn(f' neighbor {peer} advertisement-interval {peer_config["adv_interv"]}', frrconfig) if 'port' in peer_config: self.assertIn(f' neighbor {peer} port {peer_config["port"]}', frrconfig) if 'cap_strict' in peer_config: self.assertIn(f' neighbor {peer} strict-capability-match', frrconfig) self.verify_frr_config(peer, peer_config, frrconfig) def test_bgp_03_peer_groups(self): + self.cli_set(base_path + ['local-as', ASN]) # Test out individual peer-group configuration items for peer_group, config in peer_group_config.items(): if 'cap_dynamic' in config: self.cli_set(base_path + ['peer-group', peer_group, 'capability', 'dynamic']) if 'cap_ext_next' in config: self.cli_set(base_path + ['peer-group', peer_group, 'capability', 'extended-nexthop']) if 'description' in config: self.cli_set(base_path + ['peer-group', peer_group, 'description', config["description"]]) if 'no_cap_nego' in config: self.cli_set(base_path + ['peer-group', peer_group, 'disable-capability-negotiation']) if 'multi_hop' in config: self.cli_set(base_path + ['peer-group', peer_group, 'ebgp-multihop', config["multi_hop"]]) if 'local_as' in config: self.cli_set(base_path + ['peer-group', peer_group, 'local-as', config["local_as"]]) if 'cap_over' in config: self.cli_set(base_path + ['peer-group', peer_group, 'override-capability']) if 'passive' in config: self.cli_set(base_path + ['peer-group', peer_group, 'passive']) if 'password' in config: self.cli_set(base_path + ['peer-group', peer_group, 'password', config["password"]]) if 'remote_as' in config: self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', config["remote_as"]]) if 'shutdown' in config: self.cli_set(base_path + ['peer-group', peer_group, 'shutdown']) if 'ttl_security' in config: self.cli_set(base_path + ['peer-group', peer_group, 'ttl-security', 'hops', config["ttl_security"]]) if 'update_src' in config: self.cli_set(base_path + ['peer-group', peer_group, 'update-source', config["update_src"]]) if 'route_map_in' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'route-map', 'import', config["route_map_in"]]) if 'route_map_out' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'route-map', 'export', config["route_map_out"]]) if 'pfx_list_in' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'prefix-list', 'import', config["pfx_list_in"]]) if 'pfx_list_out' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'prefix-list', 'export', config["pfx_list_out"]]) if 'no_send_comm_std' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'disable-send-community', 'standard']) if 'no_send_comm_ext' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'disable-send-community', 'extended']) if 'addpath_all' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'addpath-tx-all']) if 'addpath_per_as' in config: self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'addpath-tx-per-as']) # commit changes self.cli_commit() # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN}') self.assertIn(f'router bgp {ASN}', frrconfig) for peer, peer_config in peer_group_config.items(): self.assertIn(f' neighbor {peer_group} peer-group', frrconfig) self.verify_frr_config(peer, peer_config, frrconfig) def test_bgp_04_afi_ipv4(self): networks = { '10.0.0.0/8' : { 'as_set' : '', }, '100.64.0.0/10' : { 'as_set' : '', }, '192.168.0.0/16' : { 'summary_only' : '', }, } + self.cli_set(base_path + ['local-as', ASN]) + # We want to redistribute ... redistributes = ['connected', 'isis', 'kernel', 'ospf', 'rip', 'static'] for redistribute in redistributes: self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'redistribute', redistribute]) for network, network_config in networks.items(): self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'network', network]) if 'as_set' in network_config: self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'aggregate-address', network, 'as-set']) if 'summary_only' in network_config: self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'aggregate-address', network, 'summary-only']) # commit changes self.cli_commit() # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN}') self.assertIn(f'router bgp {ASN}', frrconfig) self.assertIn(f' address-family ipv4 unicast', frrconfig) for redistribute in redistributes: self.assertIn(f' redistribute {redistribute}', frrconfig) for network, network_config in networks.items(): self.assertIn(f' network {network}', frrconfig) if 'as_set' in network_config: self.assertIn(f' aggregate-address {network} as-set', frrconfig) if 'summary_only' in network_config: self.assertIn(f' aggregate-address {network} summary-only', frrconfig) def test_bgp_05_afi_ipv6(self): networks = { '2001:db8:100::/48' : { }, '2001:db8:200::/48' : { }, '2001:db8:300::/48' : { 'summary_only' : '', }, } + self.cli_set(base_path + ['local-as', ASN]) + # We want to redistribute ... redistributes = ['connected', 'kernel', 'ospfv3', 'ripng', 'static'] for redistribute in redistributes: self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'redistribute', redistribute]) for network, network_config in networks.items(): self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'network', network]) if 'summary_only' in network_config: self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'aggregate-address', network, 'summary-only']) # commit changes self.cli_commit() # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN}') self.assertIn(f'router bgp {ASN}', frrconfig) self.assertIn(f' address-family ipv6 unicast', frrconfig) # T2100: By default ebgp-requires-policy is disabled to keep VyOS # 1.3 and 1.2 backwards compatibility self.assertIn(f' no bgp ebgp-requires-policy', frrconfig) for redistribute in redistributes: # FRR calls this OSPF6 if redistribute == 'ospfv3': redistribute = 'ospf6' self.assertIn(f' redistribute {redistribute}', frrconfig) for network, network_config in networks.items(): self.assertIn(f' network {network}', frrconfig) if 'as_set' in network_config: self.assertIn(f' aggregate-address {network} summary-only', frrconfig) def test_bgp_06_listen_range(self): # Implemented via T1875 limit = '64' listen_ranges = ['192.0.2.0/25', '192.0.2.128/25'] peer_group = 'listenfoobar' + + self.cli_set(base_path + ['local-as', ASN]) self.cli_set(base_path + ['listen', 'limit', limit]) + for prefix in listen_ranges: self.cli_set(base_path + ['listen', 'range', prefix]) # check validate() - peer-group must be defined for range/prefix with self.assertRaises(ConfigSessionError): self.cli_commit() self.cli_set(base_path + ['listen', 'range', prefix, 'peer-group', peer_group]) # check validate() - peer-group does yet not exist! with self.assertRaises(ConfigSessionError): self.cli_commit() self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', ASN]) # commit changes self.cli_commit() # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN}') self.assertIn(f'router bgp {ASN}', frrconfig) self.assertIn(f' neighbor {peer_group} peer-group', frrconfig) self.assertIn(f' neighbor {peer_group} remote-as {ASN}', frrconfig) self.assertIn(f' bgp listen limit {limit}', frrconfig) for prefix in listen_ranges: self.assertIn(f' bgp listen range {prefix} peer-group {peer_group}', frrconfig) def test_bgp_07_l2vpn_evpn(self): vnis = ['10010', '10020', '10030'] neighbors = ['192.0.2.10', '192.0.2.20', '192.0.2.30'] + + self.cli_set(base_path + ['local-as', ASN]) + self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'advertise-all-vni']) self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'advertise-default-gw']) self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'advertise-svi-ip']) self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'flooding', 'disable']) for vni in vnis: self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'vni', vni, 'advertise-default-gw']) self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'vni', vni, 'advertise-svi-ip']) # commit changes self.cli_commit() # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN}') self.assertIn(f'router bgp {ASN}', frrconfig) self.assertIn(f' address-family l2vpn evpn', frrconfig) self.assertIn(f' advertise-all-vni', frrconfig) self.assertIn(f' advertise-default-gw', frrconfig) self.assertIn(f' advertise-svi-ip', frrconfig) self.assertIn(f' flooding disable', frrconfig) for vni in vnis: vniconfig = self.getFRRconfig(f' vni {vni}') self.assertIn(f'vni {vni}', vniconfig) self.assertIn(f' advertise-default-gw', vniconfig) self.assertIn(f' advertise-svi-ip', vniconfig) def test_bgp_08_vrf_simple(self): router_id = '127.0.0.3' vrfs = ['red', 'green', 'blue'] + # It is safe to assume that when the basic VRF test works, all - # other OSPF related features work, as we entirely inherit the CLI + # other BGP related features work, as we entirely inherit the CLI # templates and Jinja2 FRR template. table = '1000' + for vrf in vrfs: vrf_base = ['vrf', 'name', vrf] self.cli_set(vrf_base + ['table', table]) - self.cli_set(vrf_base + ['protocols', 'bgp', ASN, 'parameters', 'router-id', router_id]) + self.cli_set(vrf_base + ['protocols', 'bgp', 'local-as', ASN]) + self.cli_set(vrf_base + ['protocols', 'bgp', 'parameters', 'router-id', router_id]) table = str(int(table) + 1000) self.cli_commit() for vrf in vrfs: # Verify FRR bgpd configuration frrconfig = self.getFRRconfig(f'router bgp {ASN} vrf {vrf}') self.assertIn(f'router bgp {ASN} vrf {vrf}', frrconfig) self.assertIn(f' bgp router-id {router_id}', frrconfig) if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 2f60795c1..6770865ff 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -1,250 +1,229 @@ #!/usr/bin/env python3 # # Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os from sys import exit from sys import argv from vyos.config import Config from vyos.configdict import dict_merge from vyos.template import is_ip from vyos.template import render_to_string from vyos.util import call from vyos.util import dict_search from vyos.validate import is_addr_assigned from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() frr_daemon = 'bgpd' def get_config(config=None): if config: conf = config else: conf = Config() vrf = None if len(argv) > 1: vrf = argv[1] base_path = ['protocols', 'bgp'] # eqivalent of the C foo ? 'a' : 'b' statement base = vrf and ['vrf', 'name', vrf, 'protocols', 'bgp'] or base_path bgp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) # Assign the name of our VRF context. This MUST be done before the return # statement below, else on deletion we will delete the default instance # instead of the VRF instance. if vrf: bgp.update({'vrf' : vrf}) if not conf.exists(base): bgp.update({'deleted' : ''}) return bgp # We also need some additional information from the config, # prefix-lists and route-maps for instance. base = ['policy'] tmp = conf.get_config_dict(base, key_mangling=('-', '_')) - # As we only support one ASN (later checked in begin of verify()) we add the - # new information only to the first AS number - asn = next(iter(bgp)) # Merge policy dict into bgp dict - bgp[asn] = dict_merge(tmp, bgp[asn]) + bgp = dict_merge(tmp, bgp) return bgp -def verify_remote_as(peer_config, asn_config): +def verify_remote_as(peer_config, bgp_config): if 'remote_as' in peer_config: return peer_config['remote_as'] if 'peer_group' in peer_config: peer_group_name = peer_config['peer_group'] - tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', asn_config) + tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', bgp_config) if tmp: return tmp if 'interface' in peer_config: if 'remote_as' in peer_config['interface']: return peer_config['interface']['remote_as'] if 'peer_group' in peer_config['interface']: peer_group_name = peer_config['interface']['peer_group'] - tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', asn_config) + tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', bgp_config) if tmp: return tmp return None def verify(bgp): - if not bgp: + if not bgp or 'deleted' in bgp: return None - # FRR bgpd only supports one Autonomous System Number, verify this! - asn = 0 - for key in bgp: - if key.isnumeric(): - asn +=1 - if asn > 1: - raise ConfigError('Only one BGP AS number can be defined!') - - for asn, asn_config in bgp.items(): - # Workaround for https://phabricator.vyos.net/T1711 - # We also have a vrf, and deleted key now - so we can only veriy "numbers" - if not asn.isnumeric(): + if 'local_as' not in bgp: + raise ConfigError('BGP local-as number must be defined!') + + # Common verification for both peer-group and neighbor statements + for neighbor in ['neighbor', 'peer_group']: + # bail out early if there is no neighbor or peer-group statement + # this also saves one indention level + if neighbor not in bgp: continue - # Common verification for both peer-group and neighbor statements - for neighbor in ['neighbor', 'peer_group']: - # bail out early if there is no neighbor or peer-group statement - # this also saves one indention level - if neighbor not in asn_config: - continue - - for peer, peer_config in asn_config[neighbor].items(): - # Only regular "neighbor" statement can have a peer-group set - # Check if the configure peer-group exists - if 'peer_group' in peer_config: - peer_group = peer_config['peer_group'] - if 'peer_group' not in asn_config or peer_group not in asn_config['peer_group']: - raise ConfigError(f'Specified peer-group "{peer_group}" for '\ - f'neighbor "{neighbor}" does not exist!') - - # ttl-security and ebgp-multihop can't be used in the same configration - if 'ebgp_multihop' in peer_config and 'ttl_security' in peer_config: - raise ConfigError('You can\'t set both ebgp-multihop and ttl-security hops') - - # Check spaces in the password - if 'password' in peer_config and ' ' in peer_config['password']: - raise ConfigError('You can\'t use spaces in the password') - - # Some checks can/must only be done on a neighbor and not a peer-group - if neighbor == 'neighbor': - # remote-as must be either set explicitly for the neighbor - # or for the entire peer-group - if not verify_remote_as(peer_config, asn_config): - raise ConfigError(f'Neighbor "{peer}" remote-as must be set!') - - # Only checks for ipv4 and ipv6 neighbors - # Check if neighbor address is assigned as system interface address - if is_ip(peer) and is_addr_assigned(peer): - raise ConfigError(f'Can\'t configure local address as neighbor "{peer}"') - - for afi in ['ipv4_unicast', 'ipv6_unicast', 'l2vpn_evpn']: - # Bail out early if address family is not configured - if 'address_family' not in peer_config or afi not in peer_config['address_family']: - continue - - afi_config = peer_config['address_family'][afi] - # Validate if configured Prefix list exists - if 'prefix_list' in afi_config: - for tmp in ['import', 'export']: - if tmp not in afi_config['prefix_list']: - # bail out early - continue - # get_config_dict() mangles all '-' characters to '_' this is legitimate, thus all our - # compares will run on '_' as also '_' is a valid name for a prefix-list - prefix_list = afi_config['prefix_list'][tmp].replace('-', '_') - if afi == 'ipv4_unicast': - if dict_search(f'policy.prefix_list.{prefix_list}', asn_config) == None: - raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!') - elif afi == 'ipv6_unicast': - if dict_search(f'policy.prefix_list6.{prefix_list}', asn_config) == None: - raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!') - - if 'route_map' in afi_config: - for tmp in ['import', 'export']: - if tmp in afi_config['route_map']: - # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our - # compares will run on '_' as also '_' is a valid name for a route-map - route_map = afi_config['route_map'][tmp].replace('-', '_') - if dict_search(f'policy.route_map.{route_map}', asn_config) == None: - raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!') - - if 'route_reflector_client' in afi_config: - if 'remote_as' in peer_config and asn != peer_config['remote_as']: - raise ConfigError('route-reflector-client only supported for iBGP peers') - else: - if 'peer_group' in peer_config: - peer_group_as = dict_search(f'peer_group.{peer_group}.remote_as', asn_config) - if peer_group_as != None and peer_group_as != asn: - raise ConfigError('route-reflector-client only supported for iBGP peers') - - # Throw an error if a peer group is not configured for allow range - for prefix in dict_search('listen.range', asn_config) or []: - # we can not use dict_search() here as prefix contains dots ... - if 'peer_group' not in asn_config['listen']['range'][prefix]: - raise ConfigError(f'Listen range for prefix "{prefix}" has no peer group configured.') - - peer_group = asn_config['listen']['range'][prefix]['peer_group'] - if 'peer_group' not in asn_config or peer_group not in asn_config['peer_group']: - raise ConfigError(f'Peer-group "{peer_group}" for listen range "{prefix}" does not exist!') - - if not verify_remote_as(asn_config['listen']['range'][prefix], asn_config): - raise ConfigError(f'Peer-group "{peer_group}" requires remote-as to be set!') + for peer, peer_config in bgp[neighbor].items(): + # Only regular "neighbor" statement can have a peer-group set + # Check if the configure peer-group exists + if 'peer_group' in peer_config: + peer_group = peer_config['peer_group'] + if 'peer_group' not in bgp or peer_group not in bgp['peer_group']: + raise ConfigError(f'Specified peer-group "{peer_group}" for '\ + f'neighbor "{neighbor}" does not exist!') + + # ttl-security and ebgp-multihop can't be used in the same configration + if 'ebgp_multihop' in peer_config and 'ttl_security' in peer_config: + raise ConfigError('You can\'t set both ebgp-multihop and ttl-security hops') + + # Check spaces in the password + if 'password' in peer_config and ' ' in peer_config['password']: + raise ConfigError('You can\'t use spaces in the password') + + # Some checks can/must only be done on a neighbor and not a peer-group + if neighbor == 'neighbor': + # remote-as must be either set explicitly for the neighbor + # or for the entire peer-group + if not verify_remote_as(peer_config, bgp): + raise ConfigError(f'Neighbor "{peer}" remote-as must be set!') + + # Only checks for ipv4 and ipv6 neighbors + # Check if neighbor address is assigned as system interface address + if is_ip(peer) and is_addr_assigned(peer): + raise ConfigError(f'Can\'t configure local address as neighbor "{peer}"') + + for afi in ['ipv4_unicast', 'ipv6_unicast', 'l2vpn_evpn']: + # Bail out early if address family is not configured + if 'address_family' not in peer_config or afi not in peer_config['address_family']: + continue + + afi_config = peer_config['address_family'][afi] + # Validate if configured Prefix list exists + if 'prefix_list' in afi_config: + for tmp in ['import', 'export']: + if tmp not in afi_config['prefix_list']: + # bail out early + continue + # get_config_dict() mangles all '-' characters to '_' this is legitimate, thus all our + # compares will run on '_' as also '_' is a valid name for a prefix-list + prefix_list = afi_config['prefix_list'][tmp].replace('-', '_') + if afi == 'ipv4_unicast': + if dict_search(f'policy.prefix_list.{prefix_list}', bgp) == None: + raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!') + elif afi == 'ipv6_unicast': + if dict_search(f'policy.prefix_list6.{prefix_list}', bgp) == None: + raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!') + + if 'route_map' in afi_config: + for tmp in ['import', 'export']: + if tmp in afi_config['route_map']: + # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our + # compares will run on '_' as also '_' is a valid name for a route-map + route_map = afi_config['route_map'][tmp].replace('-', '_') + if dict_search(f'policy.route_map.{route_map}', bgp) == None: + raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!') + + if 'route_reflector_client' in afi_config: + if 'remote_as' in peer_config and bgp['local_as'] != peer_config['remote_as']: + raise ConfigError('route-reflector-client only supported for iBGP peers') + else: + if 'peer_group' in peer_config: + peer_group_as = dict_search(f'peer_group.{peer_group}.remote_as', bgp) + if peer_group_as != None and peer_group_as != bgp['local_as']: + raise ConfigError('route-reflector-client only supported for iBGP peers') + + # Throw an error if a peer group is not configured for allow range + for prefix in dict_search('listen.range', bgp) or []: + # we can not use dict_search() here as prefix contains dots ... + if 'peer_group' not in bgp['listen']['range'][prefix]: + raise ConfigError(f'Listen range for prefix "{prefix}" has no peer group configured.') + + peer_group = bgp['listen']['range'][prefix]['peer_group'] + if 'peer_group' not in bgp or peer_group not in bgp['peer_group']: + raise ConfigError(f'Peer-group "{peer_group}" for listen range "{prefix}" does not exist!') + + if not verify_remote_as(bgp['listen']['range'][prefix], bgp): + raise ConfigError(f'Peer-group "{peer_group}" requires remote-as to be set!') return None def generate(bgp): if not bgp or 'deleted' in bgp: bgp['new_frr_config'] = '' return None - # only one BGP AS is supported, so we can directly send the first key - # of the config dict - asn = list(bgp.keys())[0] - bgp[asn]['asn'] = asn - if 'vrf' in bgp: - bgp[asn]['vrf'] = bgp['vrf'] - - bgp['new_frr_config'] = render_to_string('frr/bgp.frr.tmpl', bgp[asn]) + bgp['new_frr_config'] = render_to_string('frr/bgp.frr.tmpl', bgp) return None def apply(bgp): # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() frr_cfg.load_configuration(frr_daemon) if 'vrf' in bgp: vrf = bgp['vrf'] frr_cfg.modify_section(f'^router bgp \d+ vrf {vrf}$', '') else: frr_cfg.modify_section('^router bgp \d+$', '') frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', bgp['new_frr_config']) frr_cfg.commit_configuration(frr_daemon) # If FRR config is blank, rerun the blank commit x times due to frr-reload # behavior/bug not properly clearing out on one commit. if bgp['new_frr_config'] == '': for a in range(5): frr_cfg.commit_configuration(frr_daemon) # Save configuration to /run/frr/{daemon}.conf frr.save_configuration(frr_daemon) return None if __name__ == '__main__': try: c = get_config() verify(c) generate(c) apply(c) except ConfigError as e: print(e) exit(1) diff --git a/src/migration-scripts/isis/0-to-1 b/src/migration-scripts/bgp/0-to-1 similarity index 74% copy from src/migration-scripts/isis/0-to-1 copy to src/migration-scripts/bgp/0-to-1 index 6773f4009..a70b52909 100755 --- a/src/migration-scripts/isis/0-to-1 +++ b/src/migration-scripts/bgp/0-to-1 @@ -1,58 +1,61 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # T3417: migrate IS-IS tagNode to node as we can only have one IS-IS process from sys import argv from sys import exit from vyos.configtree import ConfigTree if (len(argv) < 1): print("Must specify file name!") exit(1) file_name = argv[1] with open(file_name, 'r') as f: config_file = f.read() -base = ['protocols', 'isis'] +base = ['protocols', 'bgp'] config = ConfigTree(config_file) if not config.exists(base): # Nothing to do exit(0) -# Only one IS-IS process is supported, thus this operation is save -isis_base = base + config.list_nodes(base) +# Only one BGP process is supported, thus this operation is savea +asn = config.list_nodes(base) +bgp_base = base + asn +print(asn) # We need a temporary copy of the config -tmp_base = ['protocols', 'isis2'] -config.copy(isis_base, tmp_base) +tmp_base = ['protocols', 'bgp2'] +config.copy(bgp_base, tmp_base) # Now it's save to delete the old configuration config.delete(base) -# Rename temporary copy to new final config and set domain key -config.rename(tmp_base, 'isis') +# Rename temporary copy to new final config and set new "local-as" option +config.rename(tmp_base, 'bgp') +config.set(base + ['local-as'], value=asn[0]) try: with open(file_name, 'w') as f: f.write(config.to_string()) except OSError as e: - print("Failed to save the modified config: {}".format(e)) - sys.exit(1) + print(f'Failed to save the modified config: {e}') + exit(1) diff --git a/src/migration-scripts/isis/0-to-1 b/src/migration-scripts/isis/0-to-1 index 6773f4009..93cbbbed5 100755 --- a/src/migration-scripts/isis/0-to-1 +++ b/src/migration-scripts/isis/0-to-1 @@ -1,58 +1,59 @@ #!/usr/bin/env python3 # # Copyright (C) 2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # T3417: migrate IS-IS tagNode to node as we can only have one IS-IS process from sys import argv from sys import exit from vyos.configtree import ConfigTree if (len(argv) < 1): print("Must specify file name!") exit(1) file_name = argv[1] with open(file_name, 'r') as f: config_file = f.read() base = ['protocols', 'isis'] config = ConfigTree(config_file) if not config.exists(base): # Nothing to do exit(0) # Only one IS-IS process is supported, thus this operation is save isis_base = base + config.list_nodes(base) # We need a temporary copy of the config tmp_base = ['protocols', 'isis2'] config.copy(isis_base, tmp_base) # Now it's save to delete the old configuration config.delete(base) -# Rename temporary copy to new final config and set domain key +# Rename temporary copy to new final config (IS-IS domain key is static and no +# longer required to be set via CLI) config.rename(tmp_base, 'isis') try: with open(file_name, 'w') as f: f.write(config.to_string()) except OSError as e: - print("Failed to save the modified config: {}".format(e)) - sys.exit(1) + print(f'Failed to save the modified config: {e}') + exit(1)