diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index 9cfc8b7cd..ddfba2306 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -1,577 +1,578 @@
{### MACRO definition for recurring peer patter, this can be either fed by a ###}
{### peer-group or an individual BGP neighbor ###}
{% macro bgp_neighbor(neighbor, config, peer_group=false) %}
{% if peer_group == true %}
neighbor {{ neighbor }} peer-group
{% elif config.peer_group is vyos_defined %}
neighbor {{ neighbor }} peer-group {{ config.peer_group }}
{% endif %}
{% if config.remote_as is vyos_defined %}
neighbor {{ neighbor }} remote-as {{ config.remote_as }}
{% endif %}
{% if config.local_role is vyos_defined %}
{% for role, strict in config.local_role.items() %}
neighbor {{ neighbor }} local-role {{ role }} {{ 'strict-mode' if strict }}
{% endfor %}
{% endif %}
{% if config.interface.remote_as is vyos_defined %}
neighbor {{ neighbor }} interface remote-as {{ config.interface.remote_as }}
{% endif %}
{% if config.advertisement_interval is vyos_defined %}
neighbor {{ neighbor }} advertisement-interval {{ config.advertisement_interval }}
{% endif %}
{% if config.bfd is vyos_defined %}
neighbor {{ neighbor }} bfd
{% if config.bfd.check_control_plane_failure is vyos_defined %}
neighbor {{ neighbor }} bfd check-control-plane-failure
{% endif %}
{% if config.bfd.profile is vyos_defined %}
neighbor {{ neighbor }} bfd profile {{ config.bfd.profile }}
{% endif %}
{% endif %}
{% if config.capability is vyos_defined %}
{% if config.capability.dynamic is vyos_defined %}
neighbor {{ neighbor }} capability dynamic
{% endif %}
{% if config.capability.extended_nexthop is vyos_defined %}
neighbor {{ neighbor }} capability extended-nexthop
{% endif %}
{% endif %}
{% if config.description is vyos_defined %}
neighbor {{ neighbor }} description {{ config.description }}
{% endif %}
{% if config.disable_capability_negotiation is vyos_defined %}
neighbor {{ neighbor }} dont-capability-negotiate
{% endif %}
{% if config.disable_connected_check is vyos_defined %}
neighbor {{ neighbor }} disable-connected-check
{% endif %}
{% if config.ebgp_multihop is vyos_defined %}
neighbor {{ neighbor }} ebgp-multihop {{ config.ebgp_multihop }}
{% endif %}
{% if config.graceful_restart is vyos_defined %}
{% if config.graceful_restart is vyos_defined('enable') %}
{% set graceful_restart = 'graceful-restart' %}
{% elif config.graceful_restart is vyos_defined('disable') %}
{% set graceful_restart = 'graceful-restart-disable' %}
{% elif config.graceful_restart is vyos_defined('restart-helper') %}
{% set graceful_restart = 'graceful-restart-helper' %}
{% endif %}
neighbor {{ neighbor }} {{ graceful_restart }}
{% endif %}
{% if config.local_as is vyos_defined %}
{% for local_as, local_as_config in config.local_as.items() %}
{# There can be only one local-as value, this is checked in the Python code #}
neighbor {{ neighbor }} local-as {{ local_as }} {{ 'no-prepend' if local_as_config.no_prepend is vyos_defined }} {{ 'replace-as' if local_as_config.no_prepend is vyos_defined and local_as_config.no_prepend.replace_as is vyos_defined }}
{% endfor %}
{% endif %}
{% if config.override_capability is vyos_defined %}
neighbor {{ neighbor }} override-capability
{% endif %}
{% if config.passive is vyos_defined %}
neighbor {{ neighbor }} passive
{% endif %}
{% if config.password is vyos_defined %}
neighbor {{ neighbor }} password {{ config.password }}
{% endif %}
{% if config.path_attribute.discard is vyos_defined %}
neighbor {{ neighbor }} path-attribute discard {{ config.path_attribute.discard }}
{% endif %}
{% if config.port is vyos_defined %}
neighbor {{ neighbor }} port {{ config.port }}
{% endif %}
{% if config.shutdown is vyos_defined %}
neighbor {{ neighbor }} shutdown
{% endif %}
{% if config.solo is vyos_defined %}
neighbor {{ neighbor }} solo
{% endif %}
{% if config.enforce_first_as is vyos_defined %}
neighbor {{ neighbor }} enforce-first-as
{% endif %}
{% if config.strict_capability_match is vyos_defined %}
neighbor {{ neighbor }} strict-capability-match
{% endif %}
{% if config.ttl_security.hops is vyos_defined %}
neighbor {{ neighbor }} ttl-security hops {{ config.ttl_security.hops }}
{% endif %}
{% if config.timers.connect is vyos_defined %}
neighbor {{ neighbor }} timers connect {{ config.timers.connect }}
{% endif %}
{% if config.timers.keepalive is vyos_defined and config.timers.holdtime is vyos_defined %}
neighbor {{ neighbor }} timers {{ config.timers.keepalive }} {{ config.timers.holdtime }}
{% endif %}
{% if config.update_source is vyos_defined %}
neighbor {{ neighbor }} update-source {{ config.update_source }}
{% endif %}
{% if config.interface is vyos_defined %}
{% if config.interface.peer_group is vyos_defined %}
neighbor {{ neighbor }} interface peer-group {{ config.interface.peer_group }}
{% endif %}
{% if config.interface.source_interface is vyos_defined %}
neighbor {{ neighbor }} interface {{ config.interface.source_interface }}
{% endif %}
{% if config.interface.v6only is vyos_defined %}
{% if config.interface.v6only.peer_group is vyos_defined %}
neighbor {{ neighbor }} interface v6only peer-group {{ config.interface.v6only.peer_group }}
{% endif %}
{% if config.interface.v6only.remote_as is vyos_defined %}
neighbor {{ neighbor }} interface v6only remote-as {{ config.interface.v6only.remote_as }}
{% endif %}
{% endif %}
{% endif %}
!
{% if config.address_family is vyos_defined %}
{% for afi, afi_config in config.address_family.items() %}
{% if afi == 'ipv4_unicast' %}
address-family ipv4 unicast
{% elif afi == 'ipv4_multicast' %}
address-family ipv4 multicast
{% elif afi == 'ipv4_labeled_unicast' %}
address-family ipv4 labeled-unicast
{% elif afi == 'ipv4_vpn' %}
address-family ipv4 vpn
{% elif afi == 'ipv4_flowspec' %}
address-family ipv4 flowspec
{% elif afi == 'ipv6_unicast' %}
address-family ipv6 unicast
{% elif afi == 'ipv6_multicast' %}
address-family ipv6 multicast
{% elif afi == 'ipv6_labeled_unicast' %}
address-family ipv6 labeled-unicast
{% elif afi == 'ipv6_vpn' %}
address-family ipv6 vpn
{% elif afi == 'ipv6_flowspec' %}
address-family ipv6 flowspec
{% elif afi == 'l2vpn_evpn' %}
address-family l2vpn evpn
{% endif %}
{% if afi_config.addpath_tx_all is vyos_defined %}
neighbor {{ neighbor }} addpath-tx-all-paths
{% endif %}
{% if afi_config.addpath_tx_per_as is vyos_defined %}
neighbor {{ neighbor }} addpath-tx-bestpath-per-AS
{% endif %}
{% if afi_config.allowas_in is vyos_defined %}
neighbor {{ neighbor }} allowas-in {{ afi_config.allowas_in.number if afi_config.allowas_in.number is vyos_defined }}
{% endif %}
{% if afi_config.as_override is vyos_defined %}
neighbor {{ neighbor }} as-override
{% endif %}
{% if afi_config.conditionally_advertise is vyos_defined %}
{% if afi_config.conditionally_advertise.advertise_map is vyos_defined %}
{% set exist_non_exist_map = 'exist-map' %}
{% if afi_config.conditionally_advertise.exist_map is vyos_defined %}
{% set exist_non_exist_map = 'exist-map ' ~ afi_config.conditionally_advertise.exist_map %}
{% elif afi_config.conditionally_advertise.non_exist_map is vyos_defined %}
{% set exist_non_exist_map = 'non-exist-map ' ~ afi_config.conditionally_advertise.non_exist_map %}
{% endif %}
neighbor {{ neighbor }} advertise-map {{ afi_config.conditionally_advertise.advertise_map }} {{ exist_non_exist_map }}
{% endif %}
{% endif %}
{% if afi_config.remove_private_as is vyos_defined %}
neighbor {{ neighbor }} remove-private-AS
{% endif %}
{% if afi_config.route_reflector_client is vyos_defined %}
neighbor {{ neighbor }} route-reflector-client
{% endif %}
{% if afi_config.weight is vyos_defined %}
neighbor {{ neighbor }} weight {{ afi_config.weight }}
{% endif %}
{% if afi_config.attribute_unchanged is vyos_defined %}
neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if afi_config.attribute_unchanged.as_path is vyos_defined }}{{ 'med ' if afi_config.attribute_unchanged.med is vyos_defined }}{{ 'next-hop ' if afi_config.attribute_unchanged.next_hop is vyos_defined }}
{% endif %}
{% if afi_config.capability.orf.prefix_list.send is vyos_defined %}
neighbor {{ neighbor }} capability orf prefix-list send
{% endif %}
{% if afi_config.capability.orf.prefix_list.receive is vyos_defined %}
neighbor {{ neighbor }} capability orf prefix-list receive
{% endif %}
{% if afi_config.default_originate is vyos_defined %}
neighbor {{ neighbor }} default-originate {{ 'route-map ' ~ afi_config.default_originate.route_map if afi_config.default_originate.route_map is vyos_defined }}
{% endif %}
{% if afi_config.distribute_list.export is vyos_defined %}
neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.export }} out
{% endif %}
{% if afi_config.distribute_list.import is vyos_defined %}
neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.import }} in
{% endif %}
{% if afi_config.filter_list.export is vyos_defined %}
neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.export }} out
{% endif %}
{% if afi_config.filter_list.import is vyos_defined %}
neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.import }} in
{% endif %}
{% if afi_config.maximum_prefix is vyos_defined %}
neighbor {{ neighbor }} maximum-prefix {{ afi_config.maximum_prefix }}
{% endif %}
{% if afi_config.maximum_prefix_out is vyos_defined %}
neighbor {{ neighbor }} maximum-prefix-out {{ afi_config.maximum_prefix_out }}
{% endif %}
{% if afi_config.nexthop_self is vyos_defined %}
neighbor {{ neighbor }} next-hop-self {{ 'force' if afi_config.nexthop_self.force is vyos_defined }}
{% endif %}
{% if afi_config.route_server_client is vyos_defined %}
neighbor {{ neighbor }} route-server-client
{% endif %}
{% if afi_config.route_map.export is vyos_defined %}
neighbor {{ neighbor }} route-map {{ afi_config.route_map.export }} out
{% endif %}
{% if afi_config.route_map.import is vyos_defined %}
neighbor {{ neighbor }} route-map {{ afi_config.route_map.import }} in
{% endif %}
{% if afi_config.prefix_list.export is vyos_defined %}
neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.export }} out
{% endif %}
{% if afi_config.prefix_list.import is vyos_defined %}
neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.import }} in
{% endif %}
{% if afi_config.soft_reconfiguration.inbound is vyos_defined %}
neighbor {{ neighbor }} soft-reconfiguration inbound
{% endif %}
{% if afi_config.unsuppress_map is vyos_defined %}
neighbor {{ neighbor }} unsuppress-map {{ afi_config.unsuppress_map }}
{% endif %}
{% if afi_config.disable_send_community.extended is vyos_defined %}
no neighbor {{ neighbor }} send-community extended
{% endif %}
{% if afi_config.disable_send_community.standard is vyos_defined %}
no neighbor {{ neighbor }} send-community standard
{% endif %}
neighbor {{ neighbor }} activate
exit-address-family
!
{% endfor %}
{% endif %}
{% endmacro %}
!
router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% if parameters.ebgp_requires_policy is vyos_defined %}
bgp ebgp-requires-policy
{% else %}
no bgp ebgp-requires-policy
{% endif %}
{# Option must be set before any neighbor - see https://vyos.dev/T3463 #}
no bgp default ipv4-unicast
{# Workaround for T2100 until we have decided about a migration script #}
no bgp network import-check
{% if address_family is vyos_defined %}
{% for afi, afi_config in address_family.items() %}
!
{% if afi == 'ipv4_unicast' %}
address-family ipv4 unicast
{% elif afi == 'ipv4_multicast' %}
address-family ipv4 multicast
{% elif afi == 'ipv4_labeled_unicast' %}
address-family ipv4 labeled-unicast
{% elif afi == 'ipv4_vpn' %}
address-family ipv4 vpn
{% elif afi == 'ipv4_flowspec' %}
address-family ipv4 flowspec
{% elif afi == 'ipv6_unicast' %}
address-family ipv6 unicast
{% elif afi == 'ipv6_multicast' %}
address-family ipv6 multicast
{% elif afi == 'ipv6_labeled_unicast' %}
address-family ipv6 labeled-unicast
{% elif afi == 'ipv6_vpn' %}
address-family ipv6 vpn
{% elif afi == 'ipv6_flowspec' %}
address-family ipv6 flowspec
{% elif afi == 'l2vpn_evpn' %}
address-family l2vpn evpn
{% if afi_config.rd is vyos_defined %}
rd {{ afi_config.rd }}
{% endif %}
{% endif %}
{% if afi_config.aggregate_address is vyos_defined %}
{% for aggregate, aggregate_config in afi_config.aggregate_address.items() %}
aggregate-address {{ aggregate }}{{ ' as-set' if aggregate_config.as_set is vyos_defined }}{{ ' summary-only' if aggregate_config.summary_only is vyos_defined }}
{% if aggregate_config.route_map is vyos_defined %}
aggregate-address {{ aggregate }} route-map {{ aggregate_config.route_map }}
{% endif %}
{% endfor %}
{% endif %}
{% if afi_config.maximum_paths.ebgp is vyos_defined %}
maximum-paths {{ afi_config.maximum_paths.ebgp }}
{% endif %}
{% if afi_config.maximum_paths.ibgp is vyos_defined %}
maximum-paths ibgp {{ afi_config.maximum_paths.ibgp }}
{% endif %}
{% if afi_config.redistribute is vyos_defined %}
{% for protocol, protocol_config in afi_config.redistribute.items() %}
{% if protocol == 'table' %}
redistribute table {{ protocol_config.table }}
{% else %}
{% set redistribution_protocol = protocol %}
{% if protocol == 'ospfv3' %}
{% set redistribution_protocol = 'ospf6' %}
{% endif %}
redistribute {{ redistribution_protocol }} {{ 'metric ' ~ protocol_config.metric if protocol_config.metric is vyos_defined }} {{ 'route-map ' ~ protocol_config.route_map if protocol_config.route_map is vyos_defined }}
{####### we need this blank line!! #######}
{% endif %}
{% endfor %}
{% endif %}
{% if afi_config.network is vyos_defined %}
{% for network, network_config in afi_config.network.items() %}
network {{ network }} {{ 'route-map ' ~ network_config.route_map if network_config.route_map is vyos_defined }} {{ 'backdoor' if network_config.backdoor is vyos_defined }} {{ 'rd ' ~ network_config.rd if network_config.rd is vyos_defined }} {{ 'label ' ~ network_config.label if network_config.label is vyos_defined }}
{####### we need this blank line!! #######}
{% endfor %}
{% endif %}
{% if afi_config.advertise is vyos_defined %}
{% for adv_afi, adv_afi_config in afi_config.advertise.items() %}
{% if adv_afi_config.unicast is vyos_defined %}
advertise {{ adv_afi }} unicast {{ 'route-map ' ~ adv_afi_config.unicast.route_map if adv_afi_config.unicast.route_map is vyos_defined }}
{% endif %}
{% endfor %}
{% endif %}
{% if afi_config.distance.external is vyos_defined and afi_config.distance.internal is vyos_defined and afi_config.distance.local is vyos_defined %}
distance bgp {{ afi_config.distance.external }} {{ afi_config.distance.internal }} {{ afi_config.distance.local }}
{% endif %}
{% if afi_config.distance.prefix is vyos_defined %}
{% for prefix in afi_config.distance.prefix %}
distance {{ afi_config.distance.prefix[prefix].distance }} {{ prefix }}
{% endfor %}
{% endif %}
{% if afi_config.export.vpn is vyos_defined %}
export vpn
{% endif %}
{% if afi_config.import.vpn is vyos_defined %}
import vpn
{% endif %}
{% if afi_config.import.vrf is vyos_defined %}
{% for vrf in afi_config.import.vrf %}
import vrf {{ vrf }}
{% endfor %}
{% endif %}
{% if afi_config.label.vpn.export is vyos_defined %}
label vpn export {{ afi_config.label.vpn.export }}
{% endif %}
{% if afi_config.local_install is vyos_defined %}
{% for interface in afi_config.local_install.interface %}
local-install {{ interface }}
{% endfor %}
{% endif %}
{% if afi_config.advertise_all_vni is vyos_defined %}
advertise-all-vni
{% endif %}
{% if afi_config.advertise_default_gw is vyos_defined %}
advertise-default-gw
{% endif %}
{% if afi_config.advertise_pip is vyos_defined %}
advertise-pip ip {{ afi_config.advertise_pip }}
{% endif %}
{% if afi_config.advertise_svi_ip is vyos_defined %}
advertise-svi-ip
{% endif %}
{% if afi_config.rt_auto_derive is vyos_defined %}
autort rfc8365-compatible
{% endif %}
{% if afi_config.flooding.disable is vyos_defined %}
flooding disable
{% endif %}
{% if afi_config.flooding.head_end_replication is vyos_defined %}
flooding head-end-replication
{% endif %}
{% if afi_config.rd.vpn.export is vyos_defined %}
rd vpn export {{ afi_config.rd.vpn.export }}
{% endif %}
{% if afi_config.route_target.vpn.both is vyos_defined %}
route-target vpn both {{ afi_config.route_target.vpn.both }}
{% else %}
{% if afi_config.route_target.vpn.export is vyos_defined %}
route-target vpn export {{ afi_config.route_target.vpn.export }}
{% endif %}
{% if afi_config.route_target.vpn.import is vyos_defined %}
route-target vpn import {{ afi_config.route_target.vpn.import }}
{% endif %}
{% endif %}
{% if afi_config.route_target.both is vyos_defined %}
{% for route_target in afi_config.route_target.both %}
route-target both {{ route_target }}
{% endfor %}
{% endif %}
{% if afi_config.route_target.export is vyos_defined %}
{% for route_target in afi_config.route_target.export %}
route-target export {{ route_target }}
{% endfor %}
{% endif %}
{% if afi_config.route_target.import is vyos_defined %}
{% for route_target in afi_config.route_target.import %}
route-target import {{ route_target }}
{% endfor %}
{% endif %}
{% if afi_config.route_map.vpn.export is vyos_defined %}
route-map vpn export {{ afi_config.route_map.vpn.export }}
{% endif %}
{% if afi_config.route_map.vpn.import is vyos_defined %}
route-map vpn import {{ afi_config.route_map.vpn.import }}
{% endif %}
{% if afi_config.vni is vyos_defined %}
{% for vni, vni_config in afi_config.vni.items() %}
vni {{ vni }}
{% if vni_config.advertise_default_gw is vyos_defined %}
advertise-default-gw
{% endif %}
{% if vni_config.advertise_svi_ip is vyos_defined %}
advertise-svi-ip
{% endif %}
{% if vni_config.rd is vyos_defined %}
rd {{ vni_config.rd }}
{% endif %}
{% if vni_config.route_target.both is vyos_defined %}
{% for route_target in vni_config.route_target.both %}
route-target both {{ route_target }}
{% endfor %}
{% endif %}
{% if vni_config.route_target.export is vyos_defined %}
{% for route_target in vni_config.route_target.export %}
route-target export {{ route_target }}
{% endfor %}
{% endif %}
{% if vni_config.route_target.import is vyos_defined %}
{% for route_target in vni_config.route_target.import %}
route-target import {{ route_target }}
{% endfor %}
{% endif %}
exit-vni
{% endfor %}
{% endif %}
exit-address-family
{% endfor %}
{% endif %}
!
{% if peer_group is vyos_defined %}
{% for peer, config in peer_group.items() %}
{{ bgp_neighbor(peer, config, true) }}
{% endfor %}
{% endif %}
!
{% if neighbor is vyos_defined %}
{% for peer, config in neighbor.items() %}
{{ bgp_neighbor(peer, config) }}
{% endfor %}
{% endif %}
!
{% if listen.limit is vyos_defined %}
bgp listen limit {{ listen.limit }}
{% endif %}
{% if listen.range is vyos_defined %}
{% for prefix, options in listen.range.items() %}
{% if options.peer_group is vyos_defined %}
bgp listen range {{ prefix }} peer-group {{ options.peer_group }}
{% endif %}
{% endfor %}
{% endif %}
{% if parameters.always_compare_med is vyos_defined %}
bgp always-compare-med
{% endif %}
{% if parameters.bestpath.as_path is vyos_defined %}
{% for option in parameters.bestpath.as_path %}
{# replace is required for multipath-relax option #}
bgp bestpath as-path {{ option | replace('_', '-') }}
{% endfor %}
{% endif %}
{% if parameters.bestpath.bandwidth is vyos_defined %}
bgp bestpath bandwidth {{ parameters.bestpath.bandwidth }}
{% endif %}
{% if parameters.bestpath.compare_routerid is vyos_defined %}
bgp bestpath compare-routerid
{% endif %}
{% if parameters.bestpath.med is vyos_defined %}
bgp bestpath med {{ 'confed' if parameters.bestpath.med.confed is vyos_defined }} {{ 'missing-as-worst' if parameters.bestpath.med.missing_as_worst is vyos_defined }}
{% endif %}
{% if parameters.bestpath.peer_type is vyos_defined %}
bgp bestpath peer-type {{ 'multipath-relax' if parameters.bestpath.peer_type.multipath_relax is vyos_defined }}
{% endif %}
{% if parameters.cluster_id is vyos_defined %}
bgp cluster-id {{ parameters.cluster_id }}
{% endif %}
{% if parameters.conditional_advertisement.timer is vyos_defined %}
bgp conditional-advertisement timer {{ parameters.conditional_advertisement.timer }}
{% endif %}
{% if parameters.confederation.identifier is vyos_defined %}
bgp confederation identifier {{ parameters.confederation.identifier }}
{% endif %}
{% if parameters.confederation.peers is vyos_defined %}
bgp confederation peers {{ parameters.confederation.peers | join(' ') }}
{% endif %}
{% if parameters.dampening.half_life is vyos_defined %}
{# Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #}
bgp dampening {{ parameters.dampening.half_life }} {{ parameters.dampening.re_use if parameters.dampening.re_use is vyos_defined }} {{ parameters.dampening.start_suppress_time if parameters.dampening.start_suppress_time is vyos_defined }} {{ parameters.dampening.max_suppress_time if parameters.dampening.max_suppress_time is vyos_defined }}
{% endif %}
{% if parameters.default.local_pref is vyos_defined %}
bgp default local-preference {{ parameters.default.local_pref }}
{% endif %}
{% if parameters.deterministic_med is vyos_defined %}
bgp deterministic-med
{% endif %}
{% if parameters.distance.global.external is vyos_defined and parameters.distance.global.internal is vyos_defined and parameters.distance.global.local is vyos_defined %}
distance bgp {{ parameters.distance.global.external }} {{ parameters.distance.global.internal }} {{ parameters.distance.global.local }}
{% endif %}
{% if parameters.distance.prefix is vyos_defined %}
{% for prefix in parameters.distance.prefix %}
distance {{ parameters.distance.prefix[prefix].distance }} {{ prefix }}
{% endfor %}
{% endif %}
{% if parameters.fast_convergence is vyos_defined %}
bgp fast-convergence
{% endif %}
{% if parameters.graceful_restart is vyos_defined %}
bgp graceful-restart {{ 'stalepath-time ' ~ parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is vyos_defined }}
{% endif %}
{% if parameters.graceful_shutdown is vyos_defined %}
bgp graceful-shutdown
{% endif %}
{% if parameters.log_neighbor_changes is vyos_defined %}
bgp log-neighbor-changes
{% endif %}
{% if parameters.minimum_holdtime is vyos_defined %}
bgp minimum-holdtime {{ parameters.minimum_holdtime }}
{% endif %}
{% if parameters.network_import_check is vyos_defined %}
bgp network import-check
{% endif %}
{% if parameters.route_reflector_allow_outbound_policy is vyos_defined %}
bgp route-reflector allow-outbound-policy
{% endif %}
{% if parameters.no_client_to_client_reflection is vyos_defined %}
no bgp client-to-client reflection
{% endif %}
{% if parameters.no_fast_external_failover is vyos_defined %}
no bgp fast-external-failover
{% endif %}
{% if parameters.no_suppress_duplicates is vyos_defined %}
no bgp suppress-duplicates
{% endif %}
{% if parameters.reject_as_sets is vyos_defined %}
bgp reject-as-sets
{% endif %}
{% if parameters.router_id is vyos_defined and parameters.router_id is not none %}
bgp router-id {{ parameters.router_id }}
{% endif %}
{% if parameters.shutdown is vyos_defined %}
bgp shutdown
{% endif %}
{% if parameters.suppress_fib_pending is vyos_defined %}
bgp suppress-fib-pending
{% endif %}
{% if parameters.tcp_keepalive.idle is vyos_defined and parameters.tcp_keepalive.interval is vyos_defined and parameters.tcp_keepalive.probes is vyos_defined %}
bgp tcp-keepalive {{ parameters.tcp_keepalive.idle }} {{ parameters.tcp_keepalive.interval }} {{ parameters.tcp_keepalive.probes }}
{% endif %}
{% if timers.keepalive is vyos_defined and timers.holdtime is vyos_defined %}
timers bgp {{ timers.keepalive }} {{ timers.holdtime }}
{% endif %}
exit
+!
{% if interface is vyos_defined %}
{% for iface, iface_config in interface.items() %}
- interface {{ iface }}
+interface {{ iface }}
{% if iface_config.mpls.forwarding is vyos_defined %}
mpls bgp forwarding
{% endif %}
- exit
- !
+exit
+!
{% endfor %}
{% endif %}
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index dde7fc8c7..12024ed8b 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -1,1579 +1,1579 @@
<!-- include start from bgp/protocol-common-config.xml.i -->
<node name="address-family">
<properties>
<help>BGP address-family parameters</help>
</properties>
<children>
<node name="ipv4-unicast">
<properties>
<help>IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP aggregate network</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
#include <include/bgp/afi-export-import.xml.i>
#include <include/bgp/afi-label.xml.i>
#include <include/bgp/afi-maximum-paths.xml.i>
<tagNode name="network">
<properties>
<help>BGP network</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP network</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Network as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
#include <include/bgp/afi-rd.xml.i>
#include <include/bgp/afi-route-map-vpn.xml.i>
#include <include/bgp/afi-route-target-vpn.xml.i>
<node name="redistribute">
<properties>
<help>Redistribute routes from other protocols into BGP</help>
</properties>
<children>
<node name="connected">
<properties>
<help>Redistribute connected routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="isis">
<properties>
<help>Redistribute IS-IS routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="kernel">
<properties>
<help>Redistribute kernel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="ospf">
<properties>
<help>Redistribute OSPF routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="rip">
<properties>
<help>Redistribute RIP routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="babel">
<properties>
<help>Redistribute Babel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="static">
<properties>
<help>Redistribute static routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<leafNode name="table">
<properties>
<help>Redistribute non-main Kernel Routing Table</help>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<node name="ipv4-multicast">
<properties>
<help>Multicast IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into multicast IPv4 RIB</help>
<valueHelp>
<format>ipv4net</format>
<description>Multicast IPv4 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Use BGP network/prefix as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv4-labeled-unicast">
<properties>
<help>Labeled Unicast IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into labeled unicast IPv4 RIB</help>
<valueHelp>
<format>ipv4net</format>
<description>Labeled Unicast IPv4 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Use BGP network/prefix as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv4-flowspec">
<properties>
<help>Flowspec IPv4 BGP settings</help>
</properties>
<children>
<node name="local-install">
<properties>
<help>Apply local policy routing to interface</help>
</properties>
<children>
#include <include/generic-interface-multi.xml.i>
</children>
</node>
</children>
</node>
<node name="ipv4-vpn">
<properties>
<help>Unicast VPN IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into unicast VPN IPv4 RIB</help>
<valueHelp>
<format>ipv4net</format>
<description>Unicast VPN IPv4 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/route-distinguisher.xml.i>
#include <include/bgp/afi-vpn-label.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv6-unicast">
<properties>
<help>IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network</help>
<valueHelp>
<format>ipv6net</format>
<description>Aggregate network</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
#include <include/bgp/afi-export-import.xml.i>
#include <include/bgp/afi-label.xml.i>
#include <include/bgp/afi-maximum-paths.xml.i>
<tagNode name="network">
<properties>
<help>BGP network</help>
<valueHelp>
<format>ipv6net</format>
<description>Aggregate network</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-path-limit.xml.i>
#include <include/route-map.xml.i>
</children>
</tagNode>
#include <include/bgp/afi-rd.xml.i>
#include <include/bgp/afi-route-map-vpn.xml.i>
#include <include/bgp/afi-route-target-vpn.xml.i>
<node name="redistribute">
<properties>
<help>Redistribute routes from other protocols into BGP</help>
</properties>
<children>
<node name="connected">
<properties>
<help>Redistribute connected routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="kernel">
<properties>
<help>Redistribute kernel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="ospfv3">
<properties>
<help>Redistribute OSPFv3 routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="ripng">
<properties>
<help>Redistribute RIPng routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="babel">
<properties>
<help>Redistribute Babel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="static">
<properties>
<help>Redistribute static routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<leafNode name="table">
<properties>
<help>Redistribute non-main Kernel Routing Table</help>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<node name="ipv6-multicast">
<properties>
<help>Multicast IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into multicast IPv6 RIB</help>
<valueHelp>
<format>ipv6net</format>
<description>Multicast IPv6 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-path-limit.xml.i>
#include <include/route-map.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv6-labeled-unicast">
<properties>
<help>Labeled Unicast IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into labeled unicast IPv6 RIB</help>
<valueHelp>
<format>ipv6net</format>
<description>Labeled Unicast IPv6 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Use BGP network/prefix as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv6-flowspec">
<properties>
<help>Flowspec IPv6 BGP settings</help>
</properties>
<children>
<node name="local-install">
<properties>
<help>Apply local policy routing to interface</help>
</properties>
<children>
<leafNode name="interface">
<properties>
<help>Interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
<multi/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<node name="ipv6-vpn">
<properties>
<help>Unicast VPN IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into unicast VPN IPv6 RIB</help>
<valueHelp>
<format>ipv6net</format>
<description>Unicast VPN IPv6 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/route-distinguisher.xml.i>
#include <include/bgp/afi-vpn-label.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="l2vpn-evpn">
<properties>
<help>L2VPN EVPN BGP settings</help>
</properties>
<children>
<node name="advertise">
<properties>
<help>Advertise prefix routes</help>
</properties>
<children>
<node name="ipv4">
<properties>
<help>IPv4 address family</help>
</properties>
<children>
#include <include/bgp/afi-l2vpn-advertise.xml.i>
</children>
</node>
<node name="ipv6">
<properties>
<help>IPv6 address family</help>
</properties>
<children>
#include <include/bgp/afi-l2vpn-advertise.xml.i>
</children>
</node>
</children>
</node>
<leafNode name="advertise-all-vni">
<properties>
<help>Advertise All local VNIs</help>
<valueless/>
</properties>
</leafNode>
#include <include/bgp/afi-l2vpn-common.xml.i>
<leafNode name="advertise-pip">
<properties>
<help>EVPN system primary IP</help>
<valueHelp>
<format>ipv4</format>
<description>IP address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="rt-auto-derive">
<properties>
<help>Auto derivation of Route Target (RFC8365)</help>
<valueless/>
</properties>
</leafNode>
<node name="flooding">
<properties>
<help>Specify handling for BUM packets</help>
</properties>
<children>
#include <include/generic-disable-node.xml.i>
<leafNode name="head-end-replication">
<properties>
<help>Flood BUM packets using head-end replication</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<tagNode name="vni">
<properties>
<help>VXLAN Network Identifier</help>
<valueHelp>
<format>u32:1-16777215</format>
<description>VNI number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-16777215"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-l2vpn-common.xml.i>
</children>
</tagNode>
</children>
</node>
</children>
</node>
<tagNode name="interface">
<properties>
- <help>Enable MPLS on Interface</help>
+ <help>Configure interface related parameters, e.g. MPLS</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
<valueHelp>
<format>txt</format>
<description>Interface name</description>
</valueHelp>
<constraint>
#include <include/constraint/interface-name.xml.i>
</constraint>
</properties>
<children>
<node name="mpls">
<properties>
- <help> MPLS options</help>
+ <help>MPLS options</help>
</properties>
<children>
<leafNode name="forwarding">
<properties>
- <help> Enable MPLS forwarding for eBGP directly connected peers</help>
+ <help>Enable MPLS forwarding for eBGP directly connected peers</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</tagNode>
<node name="listen">
<properties>
<help>Listen for and accept BGP dynamic neighbors from range</help>
</properties>
<children>
<leafNode name="limit">
<properties>
<help>Maximum number of dynamic neighbors that can be created</help>
<valueHelp>
<format>u32:1-5000</format>
<description>BGP neighbor limit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-5000"/>
</constraint>
</properties>
</leafNode>
<tagNode name="range">
<properties>
<help>BGP dynamic neighbors listen range</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 dynamic neighbors listen range</description>
</valueHelp>
<valueHelp>
<format>ipv6net</format>
<description>IPv6 dynamic neighbors listen range</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/peer-group.xml.i>
</children>
</tagNode>
</children>
</node>
<leafNode name="system-as">
<properties>
<help>Autonomous System Number (ASN)</help>
<valueHelp>
<format>u32:1-4294967294</format>
<description>Autonomous System Number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4294967294"/>
</constraint>
</properties>
</leafNode>
<tagNode name="neighbor">
<properties>
<help>BGP neighbor</help>
<valueHelp>
<format>ipv4</format>
<description>BGP neighbor IP address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>BGP neighbor IPv6 address</description>
</valueHelp>
<valueHelp>
<format>txt</format>
<description>Interface name</description>
</valueHelp>
<constraint>
<validator name="ip-address"/>
#include <include/constraint/interface-name.xml.i>
</constraint>
</properties>
<children>
<node name="address-family">
<properties>
<help>Address-family parameters</help>
</properties>
<children>
#include <include/bgp/neighbor-afi-ipv4-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-vpn.xml.i>
#include <include/bgp/neighbor-afi-ipv6-vpn.xml.i>
#include <include/bgp/neighbor-afi-ipv4-flowspec.xml.i>
#include <include/bgp/neighbor-afi-ipv6-flowspec.xml.i>
#include <include/bgp/neighbor-afi-ipv4-multicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-multicast.xml.i>
#include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i>
</children>
</node>
<leafNode name="advertisement-interval">
<properties>
<help>Minimum interval for sending routing updates</help>
<valueHelp>
<format>u32:0-600</format>
<description>Advertisement interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-600"/>
</constraint>
</properties>
</leafNode>
#include <include/generic-description.xml.i>
#include <include/bgp/neighbor-bfd.xml.i>
#include <include/bgp/neighbor-capability.xml.i>
#include <include/bgp/neighbor-disable-capability-negotiation.xml.i>
#include <include/bgp/neighbor-disable-connected-check.xml.i>
#include <include/bgp/neighbor-ebgp-multihop.xml.i>
#include <include/bgp/neighbor-graceful-restart.xml.i>
<node name="interface">
<properties>
<help>Interface parameters</help>
</properties>
<children>
#include <include/bgp/peer-group.xml.i>
#include <include/bgp/remote-as.xml.i>
#include <include/source-interface.xml.i>
<node name="v6only">
<properties>
<help>Enable BGP with v6 link-local only</help>
</properties>
<children>
#include <include/bgp/peer-group.xml.i>
#include <include/bgp/remote-as.xml.i>
</children>
</node>
</children>
</node>
#include <include/bgp/neighbor-local-as.xml.i>
#include <include/bgp/neighbor-local-role.xml.i>
#include <include/bgp/neighbor-override-capability.xml.i>
#include <include/bgp/neighbor-path-attribute.xml.i>
#include <include/bgp/neighbor-passive.xml.i>
#include <include/bgp/neighbor-password.xml.i>
#include <include/bgp/peer-group.xml.i>
#include <include/bgp/remote-as.xml.i>
#include <include/bgp/neighbor-shutdown.xml.i>
<leafNode name="solo">
<properties>
<help>Do not send back prefixes learned from the neighbor</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="enforce-first-as">
<properties>
<help>Ensure the first AS in the AS path matches the peer AS</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="strict-capability-match">
<properties>
<help>Enable strict capability negotiation</help>
<valueless/>
</properties>
</leafNode>
<node name="timers">
<properties>
<help>Neighbor timers</help>
</properties>
<children>
<leafNode name="connect">
<properties>
<help>BGP connect timer for this neighbor</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Connect timer in seconds</description>
</valueHelp>
<valueHelp>
<format>0</format>
<description>Disable connect timer</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
</leafNode>
#include <include/bgp/timers-holdtime.xml.i>
#include <include/bgp/timers-keepalive.xml.i>
</children>
</node>
#include <include/bgp/neighbor-ttl-security.xml.i>
#include <include/bgp/neighbor-update-source.xml.i>
#include <include/port-number.xml.i>
</children>
</tagNode>
<node name="parameters">
<properties>
<help>BGP parameters</help>
</properties>
<children>
<leafNode name="always-compare-med">
<properties>
<help>Always compare MEDs from different neighbors</help>
<valueless/>
</properties>
</leafNode>
<node name="bestpath">
<properties>
<help>Default bestpath selection mechanism</help>
</properties>
<children>
<node name="as-path">
<properties>
<help>AS-path attribute comparison parameters</help>
</properties>
<children>
<leafNode name="confed">
<properties>
<help>Compare AS-path lengths including confederation sets and sequences</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ignore">
<properties>
<help>Ignore AS-path length in selecting a route</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="multipath-relax">
<properties>
<help>Allow load sharing across routes that have different AS paths (but same length)</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="bandwidth">
<properties>
<help>Link Bandwidth attribute</help>
<completionHelp>
<list>default-weight-for-missing ignore skip-missing</list>
</completionHelp>
<valueHelp>
<format>default-weight-for-missing</format>
<description>Assign low default weight (1) to paths not having link bandwidth</description>
</valueHelp>
<valueHelp>
<format>ignore</format>
<description>Ignore link bandwidth (do regular ECMP, not weighted)</description>
</valueHelp>
<valueHelp>
<format>skip-missing</format>
<description>Ignore paths without link bandwidth for ECMP (if other paths have it)</description>
</valueHelp>
<constraint>
<regex>(default-weight-for-missing|ignore|skip-missing)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="compare-routerid">
<properties>
<help>Compare the router-id for identical EBGP paths</help>
<valueless/>
</properties>
</leafNode>
<node name="med">
<properties>
<help>MED attribute comparison parameters</help>
</properties>
<children>
<leafNode name="confed">
<properties>
<help>Compare MEDs among confederation paths</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="missing-as-worst">
<properties>
<help>Treat missing route as a MED as the least preferred one</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<node name="peer-type">
<properties>
<help>Peer type</help>
</properties>
<children>
<leafNode name="multipath-relax">
<properties>
<help>Allow load sharing across routes learned from different peer types</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<leafNode name="cluster-id">
<properties>
<help>Route-reflector cluster-id</help>
<valueHelp>
<format>ipv4</format>
<description>Route-reflector cluster-id</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<node name="confederation">
<properties>
<help>AS confederation parameters</help>
</properties>
<children>
<leafNode name="identifier">
<properties>
<help>Confederation AS identifier</help>
<valueHelp>
<format>u32:1-4294967294</format>
<description>Confederation AS id</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4294967294"/>
</constraint>
</properties>
</leafNode>
<leafNode name="peers">
<properties>
<help>Peer ASs in the BGP confederation</help>
<valueHelp>
<format>u32:1-4294967294</format>
<description>Peer AS number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4294967294"/>
</constraint>
<multi/>
</properties>
</leafNode>
</children>
</node>
<node name="conditional-advertisement">
<properties>
<help>Conditional advertisement settings</help>
</properties>
<children>
<leafNode name="timer">
<properties>
<help>Set period to rescan BGP table to check if condition is met</help>
<valueHelp>
<format>u32:5-240</format>
<description>Period to rerun the conditional advertisement scanner process</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 5-240"/>
</constraint>
</properties>
<defaultValue>60</defaultValue>
</leafNode>
</children>
</node>
<node name="dampening">
<properties>
<help>Enable route-flap dampening</help>
</properties>
<children>
<leafNode name="half-life">
<properties>
<help>Half-life time for dampening</help>
<valueHelp>
<format>u32:1-45</format>
<description>Half-life penalty in minutes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-45"/>
</constraint>
</properties>
</leafNode>
<leafNode name="max-suppress-time">
<properties>
<help>Maximum duration to suppress a stable route</help>
<valueHelp>
<format>u32:1-255</format>
<description>Maximum suppress duration in minutes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="re-use">
<properties>
<help>Threshold to start reusing a route</help>
<valueHelp>
<format>u32:1-20000</format>
<description>Re-use penalty points</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-20000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="start-suppress-time">
<properties>
<help>When to start suppressing a route</help>
<valueHelp>
<format>u32:1-20000</format>
<description>Start-suppress penalty points</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-20000"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<node name="default">
<properties>
<help>BGP defaults</help>
</properties>
<children>
<leafNode name="local-pref">
<properties>
<help>Default local preference</help>
<valueHelp>
<format>u32</format>
<description>Local preference</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="deterministic-med">
<properties>
<help>Compare MEDs between different peers in the same AS</help>
<valueless/>
</properties>
</leafNode>
<node name="distance">
<properties>
<help>Administratives distances for BGP routes</help>
</properties>
<children>
<node name="global">
<properties>
<help>Global administratives distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>Administrative distance for external BGP routes</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>Administrative distance for internal BGP routes</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for internal BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Administrative distance for local BGP routes</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for internal BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
<leafNode name="ebgp-requires-policy">
<properties>
<help>Require in and out policy for eBGP peers (RFC8212)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="fast-convergence">
<properties>
<help>Teardown sessions immediately whenever peer becomes unreachable</help>
<valueless/>
</properties>
</leafNode>
<node name="graceful-restart">
<properties>
<help>Graceful restart capability parameters</help>
</properties>
<children>
<leafNode name="stalepath-time">
<properties>
<help>Maximum time to hold onto restarting neighbors stale paths</help>
<valueHelp>
<format>u32:1-3600</format>
<description>Hold time in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-3600"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="graceful-shutdown">
<properties>
<help>Graceful shutdown</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="log-neighbor-changes">
<properties>
<help>Log neighbor up/down changes and reset reason</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="minimum-holdtime">
<properties>
<help>BGP minimum holdtime</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Minimum holdtime in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="network-import-check">
<properties>
<help>Enable IGP route check for network statements</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="route-reflector-allow-outbound-policy">
<properties>
<help>Route reflector client allow policy outbound</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-client-to-client-reflection">
<properties>
<help>Disable client to client route reflection</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-fast-external-failover">
<properties>
<help>Disable immediate session reset on peer link down event</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-suppress-duplicates">
<properties>
<help>Disable suppress duplicate updates if the route actually not changed</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="reject-as-sets">
<properties>
<help>Reject routes with AS_SET or AS_CONFED_SET flag</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="shutdown">
<properties>
<help>Administrative shutdown of the BGP instance</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="suppress-fib-pending">
<properties>
<help>Advertise only routes that are programmed in kernel to peers</help>
<valueless/>
</properties>
</leafNode>
#include <include/router-id.xml.i>
<node name="tcp-keepalive">
<properties>
<help>TCP keepalive parameters</help>
</properties>
<children>
<leafNode name="idle">
<properties>
<help>TCP keepalive idle time</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Idle time in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="interval">
<properties>
<help>TCP keepalive interval</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="probes">
<properties>
<help>TCP keepalive maximum probes</help>
<valueHelp>
<format>u32:1-30</format>
<description>Maximum probes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-30"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<tagNode name="peer-group">
<properties>
<help>Name of peer-group</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
</properties>
<children>
<node name="address-family">
<properties>
<help>Address-family parameters</help>
</properties>
<children>
#include <include/bgp/neighbor-afi-ipv4-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-vpn.xml.i>
#include <include/bgp/neighbor-afi-ipv6-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-vpn.xml.i>
#include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i>
</children>
</node>
#include <include/generic-description.xml.i>
#include <include/bgp/neighbor-bfd.xml.i>
#include <include/bgp/neighbor-capability.xml.i>
#include <include/bgp/neighbor-disable-capability-negotiation.xml.i>
#include <include/bgp/neighbor-disable-connected-check.xml.i>
#include <include/bgp/neighbor-ebgp-multihop.xml.i>
#include <include/bgp/neighbor-graceful-restart.xml.i>
#include <include/bgp/neighbor-graceful-restart.xml.i>
#include <include/bgp/neighbor-local-as.xml.i>
#include <include/bgp/neighbor-local-role.xml.i>
#include <include/bgp/neighbor-override-capability.xml.i>
#include <include/bgp/neighbor-path-attribute.xml.i>
#include <include/bgp/neighbor-passive.xml.i>
#include <include/bgp/neighbor-password.xml.i>
#include <include/bgp/neighbor-shutdown.xml.i>
#include <include/bgp/neighbor-ttl-security.xml.i>
#include <include/bgp/neighbor-update-source.xml.i>
#include <include/bgp/remote-as.xml.i>
#include <include/port-number.xml.i>
</children>
</tagNode>
<node name="timers">
<properties>
<help>BGP protocol timers</help>
</properties>
<children>
#include <include/bgp/timers-holdtime.xml.i>
#include <include/bgp/timers-keepalive.xml.i>
</children>
</node>
<!-- include end -->
diff --git a/python/vyos/utils/__init__.py b/python/vyos/utils/__init__.py
index 0d3998053..5c7a9ecb8 100644
--- a/python/vyos/utils/__init__.py
+++ b/python/vyos/utils/__init__.py
@@ -1,16 +1,17 @@
# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see <http://www.gnu.org/licenses/>.
from vyos.utils import network
+from vyos.utils import boot
diff --git a/python/vyos/utils/network.py b/python/vyos/utils/network.py
index 7386d44f0..209bc9ecc 100644
--- a/python/vyos/utils/network.py
+++ b/python/vyos/utils/network.py
@@ -1,36 +1,43 @@
# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see <http://www.gnu.org/licenses/>.
-import os
-
def get_protocol_by_name(protocol_name):
"""Get protocol number by protocol name
% get_protocol_by_name('tcp')
% 6
"""
import socket
try:
protocol_number = socket.getprotobyname(protocol_name)
return protocol_number
except socket.error:
return protocol_name
def interface_exists_in_netns(interface_name, netns):
from vyos.util import rc_cmd
rc, out = rc_cmd(f'ip netns exec {netns} ip link show dev {interface_name}')
if rc == 0:
return True
return False
+
+def get_interface_vrf(interface):
+ """ Returns VRF of given interface """
+ from vyos.util import dict_search
+ from vyos.util import get_interface_config
+ tmp = get_interface_config(interface)
+ if dict_search('linkinfo.info_slave_kind', tmp) == 'vrf':
+ return tmp['master']
+ return 'default'
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 532970735..79d97860b 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -1,579 +1,561 @@
#!/usr/bin/env python3
#
# Copyright (C) 2020-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from sys import exit
from sys import argv
from vyos.base import Warning
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
from vyos.configverify import verify_prefix_list
from vyos.configverify import verify_route_map
from vyos.configverify import verify_vrf
from vyos.template import is_ip
from vyos.template import is_interface
from vyos.template import render_to_string
from vyos.util import dict_search
-from vyos.util import get_interface_config
+from vyos.utils.network import get_interface_vrf
from vyos.validate import is_addr_assigned
from vyos import ConfigError
from vyos import frr
from vyos import airbag
airbag.enable()
def get_config(config=None):
if config:
conf = config
else:
conf = Config()
vrf = None
if len(argv) > 1:
vrf = argv[1]
base_path = ['protocols', 'bgp']
# eqivalent of the C foo ? 'a' : 'b' statement
base = vrf and ['vrf', 'name', vrf, 'protocols', 'bgp'] or base_path
bgp = conf.get_config_dict(base, key_mangling=('-', '_'),
get_first_key=True, no_tag_node_value_mangle=True)
bgp['dependent_vrfs'] = conf.get_config_dict(['vrf', 'name'],
key_mangling=('-', '_'),
get_first_key=True,
no_tag_node_value_mangle=True)
- # if config removed
+
+ # Remove per interface MPLS configuration - get a list if changed
+ # nodes under the interface tagNode
interfaces_removed = node_changed(conf, base + ['interface'])
if interfaces_removed:
bgp['interface_removed'] = list(interfaces_removed)
- # Add vrf mapping in <bgp interface ifname>
- if 'interface' in bgp:
- for interface in bgp['interface']:
- tmp = get_interface_config(interface)
- if dict_search('linkinfo.info_slave_kind', tmp) and \
- tmp['linkinfo']['info_slave_kind'] == 'vrf':
- if 'master' in tmp:
- bgp['interface'][interface]['applied_vrf'] = tmp['master']
- else:
- bgp['interface'][interface]['applied_vrf'] = 'default'
# Assign the name of our VRF context. This MUST be done before the return
# statement below, else on deletion we will delete the default instance
# instead of the VRF instance.
if vrf:
bgp.update({'vrf' : vrf})
# We can not delete the BGP VRF instance if there is a L3VNI configured
tmp = ['vrf', 'name', vrf, 'vni']
if conf.exists(tmp):
bgp.update({'vni' : conf.return_value(tmp)})
# We can safely delete ourself from the dependent vrf list
if vrf in bgp['dependent_vrfs']:
del bgp['dependent_vrfs'][vrf]
bgp['dependent_vrfs'].update({'default': {'protocols': {
'bgp': conf.get_config_dict(base_path, key_mangling=('-', '_'),
get_first_key=True,
no_tag_node_value_mangle=True)}}})
if not conf.exists(base):
# If bgp instance is deleted then mark it
bgp.update({'deleted' : ''})
return bgp
# We also need some additional information from the config, prefix-lists
# and route-maps for instance. They will be used in verify().
#
# XXX: one MUST always call this without the key_mangling() option! See
# vyos.configverify.verify_common_route_maps() for more information.
tmp = conf.get_config_dict(['policy'])
# Merge policy dict into "regular" config dict
bgp = dict_merge(tmp, bgp)
return bgp
def verify_vrf_as_import(search_vrf_name: str, afi_name: str, vrfs_config: dict) -> bool:
"""
:param search_vrf_name: search vrf name in import list
:type search_vrf_name: str
:param afi_name: afi/safi name
:type afi_name: str
:param vrfs_config: configuration dependents vrfs
:type vrfs_config: dict
:return: if vrf in import list retrun true else false
:rtype: bool
"""
for vrf_name, vrf_config in vrfs_config.items():
import_list = dict_search(
f'protocols.bgp.address_family.{afi_name}.import.vrf',
vrf_config)
if import_list:
if search_vrf_name in import_list:
return True
return False
def verify_vrf_import_options(afi_config: dict) -> bool:
"""
Search if afi contains one of options
:param afi_config: afi/safi
:type afi_config: dict
:return: if vrf contains rd and route-target options return true else false
:rtype: bool
"""
options = [
f'rd.vpn.export',
f'route_target.vpn.import',
f'route_target.vpn.export',
f'route_target.vpn.both'
]
for option in options:
if dict_search(option, afi_config):
return True
return False
def verify_vrf_import(vrf_name: str, vrfs_config: dict, afi_name: str) -> bool:
"""
Verify if vrf exists and contain options
:param vrf_name: name of VRF
:type vrf_name: str
:param vrfs_config: dependent vrfs config
:type vrfs_config: dict
:param afi_name: afi/safi name
:type afi_name: str
:return: if vrf contains rd and route-target options return true else false
:rtype: bool
"""
if vrf_name != 'default':
verify_vrf({'vrf': vrf_name})
if dict_search(f'{vrf_name}.protocols.bgp.address_family.{afi_name}',
vrfs_config):
afi_config = \
vrfs_config[vrf_name]['protocols']['bgp']['address_family'][
afi_name]
if verify_vrf_import_options(afi_config):
return True
return False
def verify_vrflist_import(afi_name: str, afi_config: dict, vrfs_config: dict) -> bool:
"""
Call function to verify
if scpecific vrf contains rd and route-target
options return true else false
:param afi_name: afi/safi name
:type afi_name: str
:param afi_config: afi/safi configuration
:type afi_config: dict
:param vrfs_config: dependent vrfs config
:type vrfs_config:dict
:return: if vrf contains rd and route-target options return true else false
:rtype: bool
"""
for vrf_name in afi_config['import']['vrf']:
if verify_vrf_import(vrf_name, vrfs_config, afi_name):
return True
return False
def verify_remote_as(peer_config, bgp_config):
if 'remote_as' in peer_config:
return peer_config['remote_as']
if 'peer_group' in peer_config:
peer_group_name = peer_config['peer_group']
tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', bgp_config)
if tmp: return tmp
if 'interface' in peer_config:
if 'remote_as' in peer_config['interface']:
return peer_config['interface']['remote_as']
if 'peer_group' in peer_config['interface']:
peer_group_name = peer_config['interface']['peer_group']
tmp = dict_search(f'peer_group.{peer_group_name}.remote_as', bgp_config)
if tmp: return tmp
if 'v6only' in peer_config['interface']:
if 'remote_as' in peer_config['interface']['v6only']:
return peer_config['interface']['v6only']['remote_as']
return None
def verify_afi(peer_config, bgp_config):
if 'address_family' in peer_config:
return True
if 'peer_group' in peer_config:
peer_group_name = peer_config['peer_group']
tmp = dict_search(f'peer_group.{peer_group_name}.address_family', bgp_config)
if tmp: return True
return False
def verify(bgp):
if 'deleted' in bgp:
if 'vrf' in bgp:
# Cannot delete vrf if it exists in import vrf list in other vrfs
for tmp_afi in ['ipv4_unicast', 'ipv6_unicast']:
if verify_vrf_as_import(bgp['vrf'], tmp_afi, bgp['dependent_vrfs']):
raise ConfigError(f'Cannot delete VRF instance "{bgp["vrf"]}", ' \
'unconfigure "import vrf" commands!')
# We can not delete the BGP instance if a L3VNI instance exists
if 'vni' in bgp:
raise ConfigError(f'Cannot delete VRF instance "{bgp["vrf"]}", ' \
f'unconfigure VNI "{bgp["vni"]}" first!')
else:
# We are running in the default VRF context, thus we can not delete
# our main BGP instance if there are dependent BGP VRF instances.
if 'dependent_vrfs' in bgp:
for vrf, vrf_options in bgp['dependent_vrfs'].items():
if vrf != 'default':
if dict_search('protocols.bgp', vrf_options):
raise ConfigError('Cannot delete default BGP instance, ' \
'dependent VRF instance(s) exist!')
return None
if 'system_as' not in bgp:
raise ConfigError('BGP system-as number must be defined!')
# Verify vrf on interface and bgp section
if 'interface' in bgp:
- for interface in dict_search('interface', bgp):
- if dict_search(f'interface.{interface}.mpls', bgp):
- if 'forwarding' in bgp['interface'][interface]['mpls']:
- if 'vrf' in bgp:
- if bgp['interface'][interface]['applied_vrf'] != bgp['vrf']:
- raise ConfigError(
- f'Can not set mpls forwarding. Interface {interface} in different vrf')
- else:
- if bgp['interface'][interface]['applied_vrf'] != 'default':
- raise ConfigError(
- f'Can not set mpls forwarding. Interface {interface} in different vrf')
- else:
- raise ConfigError(
- f'<protocols bgp interface {interface}> command should have options')
+ for interface in bgp['interface']:
+ tmp = get_interface_vrf(interface)
+ if ('vrf' in bgp and bgp['vrf'] != tmp) or tmp != 'default':
+ raise ConfigError(f'Interface "{interface}" belongs to different VRF instance!')
# Common verification for both peer-group and neighbor statements
for neighbor in ['neighbor', 'peer_group']:
# bail out early if there is no neighbor or peer-group statement
# this also saves one indention level
if neighbor not in bgp:
continue
for peer, peer_config in bgp[neighbor].items():
# Only regular "neighbor" statement can have a peer-group set
# Check if the configure peer-group exists
if 'peer_group' in peer_config:
peer_group = peer_config['peer_group']
if 'peer_group' not in bgp or peer_group not in bgp['peer_group']:
raise ConfigError(f'Specified peer-group "{peer_group}" for '\
f'neighbor "{neighbor}" does not exist!')
if 'local_role' in peer_config:
#Ensure Local Role has only one value.
if len(peer_config['local_role']) > 1:
raise ConfigError(f'Only one local role can be specified for peer "{peer}"!')
if 'local_as' in peer_config:
if len(peer_config['local_as']) > 1:
raise ConfigError(f'Only one local-as number can be specified for peer "{peer}"!')
# Neighbor local-as override can not be the same as the local-as
# we use for this BGP instane!
asn = list(peer_config['local_as'].keys())[0]
if asn == bgp['system_as']:
raise ConfigError('Cannot have local-as same as system-as number')
# Neighbor AS specified for local-as and remote-as can not be the same
if dict_search('remote_as', peer_config) == asn:
raise ConfigError(f'Neighbor "{peer}" has local-as specified which is '\
'the same as remote-as, this is not allowed!')
# ttl-security and ebgp-multihop can't be used in the same configration
if 'ebgp_multihop' in peer_config and 'ttl_security' in peer_config:
raise ConfigError('You can not set both ebgp-multihop and ttl-security hops')
# interface and ebgp-multihop can't be used in the same configration
if 'ebgp_multihop' in peer_config and 'interface' in peer_config:
raise ConfigError(f'Ebgp-multihop can not be used with directly connected '\
f'neighbor "{peer}"')
# Check if neighbor has both override capability and strict capability match
# configured at the same time.
if 'override_capability' in peer_config and 'strict_capability_match' in peer_config:
raise ConfigError(f'Neighbor "{peer}" cannot have both override-capability and '\
'strict-capability-match configured at the same time!')
# Check spaces in the password
if 'password' in peer_config and ' ' in peer_config['password']:
raise ConfigError('Whitespace is not allowed in passwords!')
# Some checks can/must only be done on a neighbor and not a peer-group
if neighbor == 'neighbor':
# remote-as must be either set explicitly for the neighbor
# or for the entire peer-group
if not verify_remote_as(peer_config, bgp):
raise ConfigError(f'Neighbor "{peer}" remote-as must be set!')
if not verify_afi(peer_config, bgp):
Warning(f'BGP neighbor "{peer}" requires address-family!')
# Peer-group member cannot override remote-as of peer-group
if 'peer_group' in peer_config:
peer_group = peer_config['peer_group']
if 'remote_as' in peer_config and 'remote_as' in bgp['peer_group'][peer_group]:
raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!')
if 'interface' in peer_config:
if 'peer_group' in peer_config['interface']:
peer_group = peer_config['interface']['peer_group']
if 'remote_as' in peer_config['interface'] and 'remote_as' in bgp['peer_group'][peer_group]:
raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!')
if 'v6only' in peer_config['interface']:
if 'peer_group' in peer_config['interface']['v6only']:
peer_group = peer_config['interface']['v6only']['peer_group']
if 'remote_as' in peer_config['interface']['v6only'] and 'remote_as' in bgp['peer_group'][peer_group]:
raise ConfigError(f'Peer-group member "{peer}" cannot override remote-as of peer-group "{peer_group}"!')
# Only checks for ipv4 and ipv6 neighbors
# Check if neighbor address is assigned as system interface address
vrf = None
vrf_error_msg = f' in default VRF!'
if 'vrf' in bgp:
vrf = bgp['vrf']
vrf_error_msg = f' in VRF "{vrf}"!'
if is_ip(peer) and is_addr_assigned(peer, vrf):
raise ConfigError(f'Can not configure local address as neighbor "{peer}"{vrf_error_msg}')
elif is_interface(peer):
if 'peer_group' in peer_config:
raise ConfigError(f'peer-group must be set under the interface node of "{peer}"')
if 'remote_as' in peer_config:
raise ConfigError(f'remote-as must be set under the interface node of "{peer}"')
if 'source_interface' in peer_config['interface']:
raise ConfigError(f'"source-interface" option not allowed for neighbor "{peer}"')
# Local-AS allowed only for EBGP peers
if 'local_as' in peer_config:
remote_as = verify_remote_as(peer_config, bgp)
if remote_as == bgp['system_as']:
raise ConfigError(f'local-as configured for "{peer}", allowed only for eBGP peers!')
for afi in ['ipv4_unicast', 'ipv4_multicast', 'ipv4_labeled_unicast', 'ipv4_flowspec',
'ipv6_unicast', 'ipv6_multicast', 'ipv6_labeled_unicast', 'ipv6_flowspec',
'l2vpn_evpn']:
# Bail out early if address family is not configured
if 'address_family' not in peer_config or afi not in peer_config['address_family']:
continue
# Check if neighbor has both ipv4 unicast and ipv4 labeled unicast configured at the same time.
if 'ipv4_unicast' in peer_config['address_family'] and 'ipv4_labeled_unicast' in peer_config['address_family']:
raise ConfigError(f'Neighbor "{peer}" cannot have both ipv4-unicast and ipv4-labeled-unicast configured at the same time!')
# Check if neighbor has both ipv6 unicast and ipv6 labeled unicast configured at the same time.
if 'ipv6_unicast' in peer_config['address_family'] and 'ipv6_labeled_unicast' in peer_config['address_family']:
raise ConfigError(f'Neighbor "{peer}" cannot have both ipv6-unicast and ipv6-labeled-unicast configured at the same time!')
afi_config = peer_config['address_family'][afi]
if 'conditionally_advertise' in afi_config:
if 'advertise_map' not in afi_config['conditionally_advertise']:
raise ConfigError('Must speficy advertise-map when conditionally-advertise is in use!')
# Verify advertise-map (which is a route-map) exists
verify_route_map(afi_config['conditionally_advertise']['advertise_map'], bgp)
if ('exist_map' not in afi_config['conditionally_advertise'] and
'non_exist_map' not in afi_config['conditionally_advertise']):
raise ConfigError('Must either speficy exist-map or non-exist-map when ' \
'conditionally-advertise is in use!')
if {'exist_map', 'non_exist_map'} <= set(afi_config['conditionally_advertise']):
raise ConfigError('Can not specify both exist-map and non-exist-map for ' \
'conditionally-advertise!')
if 'exist_map' in afi_config['conditionally_advertise']:
verify_route_map(afi_config['conditionally_advertise']['exist_map'], bgp)
if 'non_exist_map' in afi_config['conditionally_advertise']:
verify_route_map(afi_config['conditionally_advertise']['non_exist_map'], bgp)
# T4332: bgp deterministic-med cannot be disabled while addpath-tx-bestpath-per-AS is in use
if 'addpath_tx_per_as' in afi_config:
if dict_search('parameters.deterministic_med', bgp) == None:
raise ConfigError('addpath-tx-per-as requires BGP deterministic-med paramtere to be set!')
# Validate if configured Prefix list exists
if 'prefix_list' in afi_config:
for tmp in ['import', 'export']:
if tmp not in afi_config['prefix_list']:
# bail out early
continue
if afi == 'ipv4_unicast':
verify_prefix_list(afi_config['prefix_list'][tmp], bgp)
elif afi == 'ipv6_unicast':
verify_prefix_list(afi_config['prefix_list'][tmp], bgp, version='6')
if 'route_map' in afi_config:
for tmp in ['import', 'export']:
if tmp in afi_config['route_map']:
verify_route_map(afi_config['route_map'][tmp], bgp)
if 'route_reflector_client' in afi_config:
if 'remote_as' in peer_config and peer_config['remote_as'] != 'internal' and peer_config['remote_as'] != bgp['system_as']:
raise ConfigError('route-reflector-client only supported for iBGP peers')
else:
if 'peer_group' in peer_config:
peer_group_as = dict_search(f'peer_group.{peer_group}.remote_as', bgp)
if peer_group_as != None and peer_group_as != 'internal' and peer_group_as != bgp['system_as']:
raise ConfigError('route-reflector-client only supported for iBGP peers')
# Throw an error if a peer group is not configured for allow range
for prefix in dict_search('listen.range', bgp) or []:
# we can not use dict_search() here as prefix contains dots ...
if 'peer_group' not in bgp['listen']['range'][prefix]:
raise ConfigError(f'Listen range for prefix "{prefix}" has no peer group configured.')
peer_group = bgp['listen']['range'][prefix]['peer_group']
if 'peer_group' not in bgp or peer_group not in bgp['peer_group']:
raise ConfigError(f'Peer-group "{peer_group}" for listen range "{prefix}" does not exist!')
if not verify_remote_as(bgp['listen']['range'][prefix], bgp):
raise ConfigError(f'Peer-group "{peer_group}" requires remote-as to be set!')
# Throw an error if the global administrative distance parameters aren't all filled out.
if dict_search('parameters.distance.global', bgp) != None:
for key in ['external', 'internal', 'local']:
if dict_search(f'parameters.distance.global.{key}', bgp) == None:
raise ConfigError('Missing mandatory configuration option for '\
f'global administrative distance {key}!')
# TCP keepalive requires all three parameters to be set
if dict_search('parameters.tcp_keepalive', bgp) != None:
if not {'idle', 'interval', 'probes'} <= set(bgp['parameters']['tcp_keepalive']):
raise ConfigError('TCP keepalive incomplete - idle, keepalive and probes must be set')
# Address Family specific validation
if 'address_family' in bgp:
for afi, afi_config in bgp['address_family'].items():
if 'distance' in afi_config:
# Throw an error if the address family specific administrative
# distance parameters aren't all filled out.
for key in ['external', 'internal', 'local']:
if key not in afi_config['distance']:
raise ConfigError('Missing mandatory configuration option for '\
f'{afi} administrative distance {key}!')
if afi in ['ipv4_unicast', 'ipv6_unicast']:
vrf_name = bgp['vrf'] if dict_search('vrf', bgp) else 'default'
# Verify if currant VRF contains rd and route-target options
# and does not exist in import list in other VRFs
if dict_search(f'rd.vpn.export', afi_config):
if verify_vrf_as_import(vrf_name, afi, bgp['dependent_vrfs']):
raise ConfigError(
'Command "import vrf" conflicts with "rd vpn export" command!')
if dict_search('route_target.vpn.both', afi_config):
if verify_vrf_as_import(vrf_name, afi, bgp['dependent_vrfs']):
raise ConfigError(
'Command "import vrf" conflicts with "route-target vpn both" command!')
if dict_search('route_target.vpn.import', afi_config):
if verify_vrf_as_import(vrf_name, afi, bgp['dependent_vrfs']):
raise ConfigError(
'Command "import vrf conflicts" with "route-target vpn import" command!')
if dict_search('route_target.vpn.export', afi_config):
if verify_vrf_as_import(vrf_name, afi, bgp['dependent_vrfs']):
raise ConfigError(
'Command "import vrf" conflicts with "route-target vpn export" command!')
# Verify if VRFs in import do not contain rd
# and route-target options
if dict_search('import.vrf', afi_config) is not None:
# Verify if VRF with import does not contain rd
# and route-target options
if verify_vrf_import_options(afi_config):
raise ConfigError(
'Please unconfigure "import vrf" commands before using vpn commands in the same VRF!')
# Verify if VRFs in import list do not contain rd
# and route-target options
if verify_vrflist_import(afi, afi_config, bgp['dependent_vrfs']):
raise ConfigError(
'Please unconfigure import vrf commands before using vpn commands in dependent VRFs!')
# FRR error: please unconfigure vpn to vrf commands before
# using import vrf commands
if 'vpn' in afi_config['import'] or dict_search('export.vpn', afi_config) != None:
raise ConfigError('Please unconfigure VPN to VRF commands before '\
'using "import vrf" commands!')
# Verify that the export/import route-maps do exist
for export_import in ['export', 'import']:
tmp = dict_search(f'route_map.vpn.{export_import}', afi_config)
if tmp: verify_route_map(tmp, bgp)
# Checks only required for L2VPN EVPN
if afi in ['l2vpn_evpn']:
if 'vni' in afi_config:
for vni, vni_config in afi_config['vni'].items():
if 'rd' in vni_config and 'advertise_all_vni' not in afi_config:
raise ConfigError('BGP EVPN "rd" requires "advertise-all-vni" to be set!')
if 'route_target' in vni_config and 'advertise_all_vni' not in afi_config:
raise ConfigError('BGP EVPN "route-target" requires "advertise-all-vni" to be set!')
return None
def generate(bgp):
if not bgp or 'deleted' in bgp:
return None
bgp['frr_bgpd_config'] = render_to_string('frr/bgpd.frr.j2', bgp)
return None
def apply(bgp):
bgp_daemon = 'bgpd'
# Save original configuration prior to starting any commit actions
frr_cfg = frr.FRRConfig()
# Generate empty helper string which can be ammended to FRR commands, it
# will be either empty (default VRF) or contain the "vrf <name" statement
vrf = ''
if 'vrf' in bgp:
vrf = ' vrf ' + bgp['vrf']
frr_cfg.load_configuration(bgp_daemon)
- #If bgp interface config removed
+ # Remove interface specific config
for key in ['interface', 'interface_removed']:
if key not in bgp:
continue
for interface in bgp[key]:
frr_cfg.modify_section(f'^interface {interface}', stop_pattern='^exit', remove_stop_mark=True)
frr_cfg.modify_section(f'^router bgp \d+{vrf}', stop_pattern='^exit', remove_stop_mark=True)
if 'frr_bgpd_config' in bgp:
frr_cfg.add_before(frr.default_add_before, bgp['frr_bgpd_config'])
frr_cfg.commit_configuration(bgp_daemon)
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
exit(1)