diff --git a/data/templates/frr/isisd.frr.j2 b/data/templates/frr/isisd.frr.j2
index dbb8c7305..1e1cc3c27 100644
--- a/data/templates/frr/isisd.frr.j2
+++ b/data/templates/frr/isisd.frr.j2
@@ -1,200 +1,242 @@
!
{% if interface is vyos_defined %}
{% for iface, iface_config in interface.items() %}
interface {{ iface }}
ip router isis VyOS
ipv6 router isis VyOS
{% if iface_config.bfd is vyos_defined %}
isis bfd
{% if iface_config.bfd.profile is vyos_defined %}
isis bfd profile {{ iface_config.bfd.profile }}
{% endif %}
{% endif %}
{% if iface_config.network.point_to_point is vyos_defined %}
isis network point-to-point
{% endif %}
{% if iface_config.circuit_type is vyos_defined %}
isis circuit-type {{ iface_config.circuit_type }}
{% endif %}
{% if iface_config.hello_interval is vyos_defined %}
isis hello-interval {{ iface_config.hello_interval }}
{% endif %}
{% if iface_config.hello_multiplier is vyos_defined %}
isis hello-multiplier {{ iface_config.hello_multiplier }}
{% endif %}
{% if iface_config.hello_padding is vyos_defined %}
isis hello padding
{% endif %}
{% if iface_config.ldp_sync.disable is vyos_defined %}
no isis mpls ldp-sync
{% elif iface_config.ldp_sync.holddown is vyos_defined %}
isis mpls ldp-sync
isis mpls ldp-sync holddown {{ iface_config.ldp_sync.holddown }}
{% endif %}
{% if iface_config.metric is vyos_defined %}
isis metric {{ iface_config.metric }}
{% endif %}
{% if iface_config.passive is vyos_defined %}
isis passive
{% endif %}
{% if iface_config.password.md5 is vyos_defined %}
isis password md5 {{ iface_config.password.md5 }}
{% elif iface_config.password.plaintext_password is vyos_defined %}
isis password clear {{ iface_config.password.plaintext_password }}
{% endif %}
{% if iface_config.priority is vyos_defined %}
isis priority {{ iface_config.priority }}
{% endif %}
{% if iface_config.psnp_interval is vyos_defined %}
isis psnp-interval {{ iface_config.psnp_interval }}
{% endif %}
{% if iface_config.no_three_way_handshake is vyos_defined %}
no isis three-way-handshake
{% endif %}
exit
!
{% endfor %}
{% endif %}
!
router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }}
net {{ net }}
{% if advertise_high_metrics is vyos_defined %}
advertise-high-metrics
{% endif %}
{% if advertise_passive_only is vyos_defined %}
advertise-passive-only
{% endif %}
{% if dynamic_hostname is vyos_defined %}
hostname dynamic
{% endif %}
{% if purge_originator is vyos_defined %}
purge-originator
{% endif %}
{% if set_attached_bit is vyos_defined %}
set-attached-bit
{% endif %}
{% if set_overload_bit is vyos_defined %}
set-overload-bit
{% endif %}
{% if domain_password.md5 is vyos_defined %}
domain-password md5 {{ domain_password.plaintext_password }}
{% elif domain_password.plaintext_password is vyos_defined %}
domain-password clear {{ domain_password.plaintext_password }}
{% endif %}
{% if log_adjacency_changes is vyos_defined %}
log-adjacency-changes
{% endif %}
{% if lsp_gen_interval is vyos_defined %}
lsp-gen-interval {{ lsp_gen_interval }}
{% endif %}
{% if lsp_mtu is vyos_defined %}
lsp-mtu {{ lsp_mtu }}
{% endif %}
{% if lsp_refresh_interval is vyos_defined %}
lsp-refresh-interval {{ lsp_refresh_interval }}
{% endif %}
{% if max_lsp_lifetime is vyos_defined %}
max-lsp-lifetime {{ max_lsp_lifetime }}
{% endif %}
{% if ldp_sync.holddown is vyos_defined %}
mpls ldp-sync holddown {{ ldp_sync.holddown }}
{% elif ldp_sync is vyos_defined %}
mpls ldp-sync
{% endif %}
{% if spf_interval is vyos_defined %}
spf-interval {{ spf_interval }}
{% endif %}
{% if traffic_engineering.enable is vyos_defined %}
mpls-te on
{% endif %}
{% if traffic_engineering.address is vyos_defined %}
mpls-te router-address {{ traffic_engineering.address }}
{% endif %}
{% if traffic_engineering.inter_as is vyos_defined %}
{% set level = '' %}
{% if traffic_engineering.inter_as.level_1 is vyos_defined %}
{% set level = ' level-1' %}
{% endif %}
{% if traffic_engineering.inter_as.level_1_2 is vyos_defined %}
{% set level = ' level-1-2' %}
{% endif %}
{% if traffic_engineering.inter_as.level_2 is vyos_defined %}
{% set level = ' level-2-only' %}
{% endif %}
mpls-te inter-as{{ level }}
{% endif %}
{% if segment_routing is vyos_defined %}
{% if segment_routing.maximum_label_depth is vyos_defined %}
segment-routing node-msd {{ segment_routing.maximum_label_depth }}
{% endif %}
{% if segment_routing.global_block is vyos_defined %}
{% if segment_routing.local_block is vyos_defined %}
segment-routing global-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.global_block.high_label_value }} local-block {{ segment_routing.local_block.low_label_value }} {{ segment_routing.local_block.high_label_value }}
{% else %}
segment-routing global-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.global_block.high_label_value }}
{% endif %}
{% endif %}
{% if segment_routing.prefix is vyos_defined %}
{% for prefix, prefix_config in segment_routing.prefix.items() %}
{% if prefix_config.absolute is vyos_defined %}
{% if prefix_config.absolute.value is vyos_defined %}
segment-routing prefix {{ prefix }} absolute {{ prefix_config.absolute.value }} {{ 'explicit-null' if prefix_config.absolute.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.absolute.no_php_flag is vyos_defined }}
{% endif %}
{% endif %}
{% if prefix_config.index is vyos_defined %}
{% if prefix_config.index.value is vyos_defined %}
segment-routing prefix {{ prefix }} index {{ prefix_config.index.value }} {{ 'explicit-null' if prefix_config.index.explicit_null is vyos_defined }} {{ 'no-php-flag' if prefix_config.index.no_php_flag is vyos_defined }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
segment-routing on
{% endif %}
{% if spf_delay_ietf.init_delay is vyos_defined %}
spf-delay-ietf init-delay {{ spf_delay_ietf.init_delay }} short-delay {{ spf_delay_ietf.short_delay }} long-delay {{ spf_delay_ietf.long_delay }} holddown {{ spf_delay_ietf.holddown }} time-to-learn {{ spf_delay_ietf.time_to_learn }}
{% endif %}
{% if area_password.md5 is vyos_defined %}
area-password md5 {{ area_password.md5 }}
{% elif area_password.plaintext_password is vyos_defined %}
area-password clear {{ area_password.plaintext_password }}
{% endif %}
{% if default_information.originate is vyos_defined %}
{% for afi, afi_config in default_information.originate.items() %}
{% for level, level_config in afi_config.items() %}
default-information originate {{ afi }} {{ level | replace('_', '-') }} {{ 'always' if level_config.always is vyos_defined }} {{ 'route-map ' ~ level_config.route_map if level_config.route_map is vyos_defined }} {{ 'metric ' ~ level_config.metric if level_config.metric is vyos_defined }}
{% endfor %}
{% endfor %}
{% endif %}
+{% if fast_reroute.lfa is vyos_defined %}
+{% if fast_reroute.lfa.local is vyos_defined %}
+{% if fast_reroute.lfa.local.load_sharing.disable.level_1 is vyos_defined %}
+ fast-reroute load-sharing disable level-1
+{% elif fast_reroute.lfa.local.load_sharing.disable.level_2 is vyos_defined %}
+ fast-reroute load-sharing disable level-2
+{% elif fast_reroute.lfa.local.load_sharing.disable is vyos_defined %}
+ fast-reroute load-sharing disable
+{% endif %}
+{% if fast_reroute.lfa.local.priority_limit is vyos_defined %}
+{% for priority, priority_limit_options in fast_reroute.lfa.local.priority_limit.items() %}
+{% for level in priority_limit_options %}
+ fast-reroute priority-limit {{ priority }} {{ level | replace('_', '-') }}
+{% endfor %}
+{% endfor %}
+{% endif %}
+{% if fast_reroute.lfa.local.tiebreaker is vyos_defined %}
+{% for tiebreaker, tiebreaker_options in fast_reroute.lfa.local.tiebreaker.items() %}
+{% for index, index_options in tiebreaker_options.items() %}
+{% for index_value, index_value_options in index_options.items() %}
+{% for level in index_value_options %}
+ fast-reroute lfa tiebreaker {{ tiebreaker | replace('_', '-') }} index {{ index_value }} {{ level | replace('_', '-') }}
+{% endfor %}
+{% endfor %}
+{% endfor %}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% if fast_reroute.lfa.remote.prefix_list is vyos_defined %}
+{% for prefix_list, prefix_list_options in fast_reroute.lfa.remote.prefix_list.items() %}
+{% if prefix_list_options.level_1 is vyos_defined %}
+fast-reroute remote-lfa prefix-list {{ prefix_list }} level-1
+{% endif %}
+{% if prefix_list_options.level_2 is vyos_defined %}
+fast-reroute remote-lfa prefix-list {{ prefix_list }} level-2
+{% endif %}
+{% if prefix_list is vyos_defined and prefix_list_options.level_1 is not vyos_defined and prefix_list_options.level_2 is not vyos_defined %}
+fast-reroute remote-lfa prefix-list {{ prefix_list }}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% endif %}
{% if redistribute.ipv4 is vyos_defined %}
{% for protocol, protocol_options in redistribute.ipv4.items() %}
{% for level, level_config in protocol_options.items() %}
{% if level_config.metric is vyos_defined %}
redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} metric {{ level_config.metric }}
{% elif level_config.route_map is vyos_defined %}
redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} route-map {{ level_config.route_map }}
{% else %}
redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }}
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}
{% if redistribute.ipv6 is vyos_defined %}
{% for protocol, protocol_options in redistribute.ipv6.items() %}
{% for level, level_config in protocol_options.items() %}
{% if level_config.metric is vyos_defined %}
redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} metric {{ level_config.metric }}
{% elif level_config.route_map is vyos_defined %}
redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} route-map {{ level_config.route_map }}
{% else %}
redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }}
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}
{% if level is vyos_defined('level-2') %}
is-type level-2-only
{% elif level is vyos_defined %}
is-type {{ level }}
{% endif %}
exit
!
diff --git a/interface-definitions/include/isis/level-1-2-leaf.xml.i b/interface-definitions/include/isis/level-1-2-leaf.xml.i
new file mode 100644
index 000000000..3703da1ed
--- /dev/null
+++ b/interface-definitions/include/isis/level-1-2-leaf.xml.i
@@ -0,0 +1,13 @@
+<!-- include start from isis/level-1-2-leaf.xml.i -->
+<leafNode name="level-1">
+ <properties>
+ <help>Match on IS-IS level-1 routes</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<leafNode name="level-2">
+ <properties>
+ <help>Match on IS-IS level-2 routes</help>
+ <valueless/>
+ </properties>
+</leafNode>
\ No newline at end of file
diff --git a/interface-definitions/include/isis/lfa-local.xml.i b/interface-definitions/include/isis/lfa-local.xml.i
new file mode 100644
index 000000000..c5bf6a3eb
--- /dev/null
+++ b/interface-definitions/include/isis/lfa-local.xml.i
@@ -0,0 +1,128 @@
+<!-- include start from isis/lfa-local.xml.i -->
+<node name="local">
+ <properties>
+ <help>Local loop free alternate options</help>
+ </properties>
+ <children>
+ <node name="load-sharing">
+ <properties>
+ <help>Load share prefixes across multiple backups</help>
+ </properties>
+ <children>
+ <node name="disable">
+ <properties>
+ <help>Disable load sharing</help>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="priority-limit">
+ <properties>
+ <help>Limit backup computation up to the prefix priority</help>
+ </properties>
+ <children>
+ <node name="medium">
+ <properties>
+ <help>Compute for critical, high, and medium priority prefixes</help>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </node>
+ <node name="high">
+ <properties>
+ <help>Compute for critical, and high priority prefixes</help>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </node>
+ <node name="critical">
+ <properties>
+ <help>Compute for critical priority prefixes only</help>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="tiebreaker">
+ <properties>
+ <help>Configure tiebreaker for multiple backups</help>
+ </properties>
+ <children>
+ <node name="downstream">
+ <properties>
+ <help>Prefer backup path via downstream node</help>
+ </properties>
+ <children>
+ <tagNode name="index">
+ <properties>
+ <help>Set preference order among tiebreakers</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>The index integer value</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <node name="lowest-backup-metric">
+ <properties>
+ <help>Prefer backup path with lowest total metric</help>
+ </properties>
+ <children>
+ <tagNode name="index">
+ <properties>
+ <help>Set preference order among tiebreakers</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>The index integer value</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <node name="node-protecting">
+ <properties>
+ <help>Prefer node protecting backup path</help>
+ </properties>
+ <children>
+ <tagNode name="index">
+ <properties>
+ <help>Set preference order among tiebreakers</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>The index integer value</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+</node>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/isis/lfa-protocol.xml.i b/interface-definitions/include/isis/lfa-protocol.xml.i
new file mode 100644
index 000000000..cfb1a6dc1
--- /dev/null
+++ b/interface-definitions/include/isis/lfa-protocol.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from isis/lfa-protocol.xml.i -->
+<node name="lfa">
+ <properties>
+ <help>Loop free alternate functionality</help>
+ </properties>
+ <children>
+ #include <include/isis/lfa-remote.xml.i>
+ #include <include/isis/lfa-local.xml.i>
+ </children>
+</node>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/isis/lfa-remote.xml.i b/interface-definitions/include/isis/lfa-remote.xml.i
new file mode 100644
index 000000000..8434e35bf
--- /dev/null
+++ b/interface-definitions/include/isis/lfa-remote.xml.i
@@ -0,0 +1,28 @@
+<!-- include start from isis/lfa-remote.xml.i -->
+<node name="remote">
+ <properties>
+ <help>Remote loop free alternate options</help>
+ </properties>
+ <children>
+ <tagNode name="prefix-list">
+ <properties>
+ <help>Filter PQ node router ID based on prefix list</help>
+ <completionHelp>
+ <path>policy prefix-list</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Name of IPv4/IPv6 prefix-list</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+ </constraint>
+ <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ #include <include/isis/level-1-2-leaf.xml.i>
+ </children>
+ </tagNode>
+ </children>
+</node>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i
index 648f2b319..404f03cb5 100644
--- a/interface-definitions/include/isis/protocol-common-config.xml.i
+++ b/interface-definitions/include/isis/protocol-common-config.xml.i
@@ -1,702 +1,710 @@
<!-- include start from isis/protocol-common-config.xml.i -->
<leafNode name="advertise-high-metrics">
<properties>
<help>Advertise high metric value on all interfaces</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="advertise-passive-only">
<properties>
<help>Advertise prefixes of passive interfaces only</help>
<valueless/>
</properties>
</leafNode>
<node name="area-password">
<properties>
<help>Configure the authentication password for an area</help>
</properties>
<children>
#include <include/isis/password.xml.i>
</children>
</node>
<node name="default-information">
<properties>
<help>Control distribution of default information</help>
</properties>
<children>
<node name="originate">
<properties>
<help>Distribute a default route</help>
</properties>
<children>
<node name="ipv4">
<properties>
<help>Distribute default route for IPv4</help>
</properties>
<children>
#include <include/isis/default-information-level.xml.i>
</children>
</node>
<node name="ipv6">
<properties>
<help>Distribute default route for IPv6</help>
</properties>
<children>
#include <include/isis/default-information-level.xml.i>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="domain-password">
<properties>
<help>Set the authentication password for a routing domain</help>
</properties>
<children>
#include <include/isis/password.xml.i>
</children>
</node>
<leafNode name="dynamic-hostname">
<properties>
<help>Dynamic hostname for IS-IS</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="level">
<properties>
<help>IS-IS level number</help>
<completionHelp>
<list>level-1 level-1-2 level-2</list>
</completionHelp>
<valueHelp>
<format>level-1</format>
<description>Act as a station router</description>
</valueHelp>
<valueHelp>
<format>level-1-2</format>
<description>Act as both a station and an area router</description>
</valueHelp>
<valueHelp>
<format>level-2</format>
<description>Act as an area router</description>
</valueHelp>
<constraint>
<regex>(level-1|level-1-2|level-2)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="log-adjacency-changes">
<properties>
<help>Log adjacency state changes</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="lsp-gen-interval">
<properties>
<help>Minimum interval between regenerating same LSP</help>
<valueHelp>
<format>u32:1-120</format>
<description>Minimum interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-120"/>
</constraint>
</properties>
</leafNode>
<leafNode name="lsp-mtu">
<properties>
<help>Configure the maximum size of generated LSPs</help>
<valueHelp>
<format>u32:128-4352</format>
<description>Maximum size of generated LSPs</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 128-4352"/>
</constraint>
</properties>
<defaultValue>1497</defaultValue>
</leafNode>
<leafNode name="lsp-refresh-interval">
<properties>
<help>LSP refresh interval</help>
<valueHelp>
<format>u32:1-65235</format>
<description>LSP refresh interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65235"/>
</constraint>
</properties>
</leafNode>
<leafNode name="max-lsp-lifetime">
<properties>
<help>Maximum LSP lifetime</help>
<valueHelp>
<format>u32:350-65535</format>
<description>LSP lifetime in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="metric-style">
<properties>
<help>Use old-style (ISO 10589) or new-style packet formats</help>
<completionHelp>
<list>narrow transition wide</list>
</completionHelp>
<valueHelp>
<format>narrow</format>
<description>Use old style of TLVs with narrow metric</description>
</valueHelp>
<valueHelp>
<format>transition</format>
<description>Send and accept both styles of TLVs during transition</description>
</valueHelp>
<valueHelp>
<format>wide</format>
<description>Use new style of TLVs to carry wider metric</description>
</valueHelp>
<constraint>
<regex>(narrow|transition|wide)</regex>
</constraint>
</properties>
</leafNode>
#include <include/isis/ldp-sync-protocol.xml.i>
+<node name="fast-reroute">
+ <properties>
+ <help>IS-IS fast reroute configuration</help>
+ </properties>
+ <children>
+ #include <include/isis/lfa-protocol.xml.i>
+ </children>
+</node>
<leafNode name="net">
<properties>
<help>A Network Entity Title for this process (ISO only)</help>
<valueHelp>
<format>XX.XXXX. ... .XXX.XX</format>
<description>Network entity title (NET)</description>
</valueHelp>
<constraint>
<regex>[a-fA-F0-9]{2}(\.[a-fA-F0-9]{4}){3,9}\.[a-fA-F0-9]{2}</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="purge-originator">
<properties>
<help>Use the RFC 6232 purge-originator</help>
<valueless/>
</properties>
</leafNode>
<node name="traffic-engineering">
<properties>
<help>IS-IS traffic engineering extensions</help>
</properties>
<children>
<leafNode name="enable">
<properties>
<help>Enable MPLS traffic engineering extensions</help>
<valueless/>
</properties>
</leafNode>
<!--
<node name="inter-as">
<properties>
<help>MPLS traffic engineering inter-AS support</help>
</properties>
<children>
<leafNode name="level-1">
<properties>
<help>Area native mode self originate inter-AS LSP with L1 only flooding scope</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="level-1-2">
<properties>
<help>Area native mode self originate inter-AS LSP with L1 and L2 flooding scope</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="level-2">
<properties>
<help>Area native mode self originate inter-AS LSP with L2 only flooding scope</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="inter-as">
<properties>
<help>MPLS traffic engineering inter-AS support</help>
<valueless/>
</properties>
</leafNode>
-->
<leafNode name="address">
<properties>
<help>MPLS traffic engineering router ID</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<node name="segment-routing">
<properties>
<help>Segment-Routing (SPRING) settings</help>
</properties>
<children>
<node name="global-block">
<properties>
<help>Segment Routing Global Block label range</help>
</properties>
<children>
#include <include/segment-routing-label-value.xml.i>
</children>
</node>
<node name="local-block">
<properties>
<help>Segment Routing Local Block label range</help>
</properties>
<children>
#include <include/segment-routing-label-value.xml.i>
</children>
</node>
<leafNode name="maximum-label-depth">
<properties>
<help>Maximum MPLS labels allowed for this router</help>
<valueHelp>
<format>u32:1-16</format>
<description>MPLS label depth</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-16"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Static IPv4/IPv6 prefix segment/label mapping</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 prefix segment</description>
</valueHelp>
<valueHelp>
<format>ipv6net</format>
<description>IPv6 prefix segment</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
<node name="absolute">
<properties>
<help>Specify the absolute value of prefix segment/label ID</help>
</properties>
<children>
<leafNode name="value">
<properties>
<help>Specify the absolute value of prefix segment/label ID</help>
<valueHelp>
<format>u32:16-1048575</format>
<description>The absolute segment/label ID value</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 16-1048575"/>
</constraint>
</properties>
</leafNode>
<leafNode name="explicit-null">
<properties>
<help>Request upstream neighbor to replace segment/label with explicit null label</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-php-flag">
<properties>
<help>Do not request penultimate hop popping for segment/label</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<node name="index">
<properties>
<help>Specify the index value of prefix segment/label ID</help>
</properties>
<children>
<leafNode name="value">
<properties>
<help>Specify the index value of prefix segment/label ID</help>
<valueHelp>
<format>u32:0-65535</format>
<description>The index segment/label ID value</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="explicit-null">
<properties>
<help>Request upstream neighbor to replace segment/label with explicit null label</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-php-flag">
<properties>
<help>Do not request penultimate hop popping for segment/label</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</tagNode>
</children>
</node>
<node name="redistribute">
<properties>
<help>Redistribute information from another routing protocol</help>
</properties>
<children>
<node name="ipv4">
<properties>
<help>Redistribute IPv4 routes</help>
</properties>
<children>
<node name="bgp">
<properties>
<help>Border Gateway Protocol (BGP)</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="connected">
<properties>
<help>Redistribute connected routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="kernel">
<properties>
<help>Redistribute kernel routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="ospf">
<properties>
<help>Redistribute OSPF routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="rip">
<properties>
<help>Redistribute RIP routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="babel">
<properties>
<help>Redistribute Babel routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="static">
<properties>
<help>Redistribute static routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
</children>
</node>
<node name="ipv6">
<properties>
<help>Redistribute IPv6 routes</help>
</properties>
<children>
<node name="bgp">
<properties>
<help>Redistribute BGP routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="connected">
<properties>
<help>Redistribute connected routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="kernel">
<properties>
<help>Redistribute kernel routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="ospf6">
<properties>
<help>Redistribute OSPFv3 routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="ripng">
<properties>
<help>Redistribute RIPng routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="babel">
<properties>
<help>Redistribute Babel routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
<node name="static">
<properties>
<help>Redistribute static routes into IS-IS</help>
</properties>
<children>
#include <include/isis/redistribute-level-1-2.xml.i>
</children>
</node>
</children>
</node>
</children>
</node>
<leafNode name="set-attached-bit">
<properties>
<help>Set attached bit to identify as L1/L2 router for inter-area traffic</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="set-overload-bit">
<properties>
<help>Set overload bit to avoid any transit traffic</help>
<valueless/>
</properties>
</leafNode>
<node name="spf-delay-ietf">
<properties>
<help>IETF SPF delay algorithm</help>
</properties>
<children>
<leafNode name="init-delay">
<properties>
<help>Delay used while in QUIET state</help>
<valueHelp>
<format>u32:0-60000</format>
<description>Delay used while in QUIET state (in ms)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-60000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="short-delay">
<properties>
<help>Delay used while in SHORT_WAIT state</help>
<valueHelp>
<format>u32:0-60000</format>
<description>Delay used while in SHORT_WAIT state (in ms)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-60000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="long-delay">
<properties>
<help>Delay used while in LONG_WAIT</help>
<valueHelp>
<format>u32:0-60000</format>
<description>Delay used while in LONG_WAIT state in ms</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-60000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="holddown">
<properties>
<help>Time with no received IGP events before considering IGP stable</help>
<valueHelp>
<format>u32:0-60000</format>
<description>Time with no received IGP events before considering IGP stable in ms</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-60000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="time-to-learn">
<properties>
<help>Maximum duration needed to learn all the events related to a single failure</help>
<valueHelp>
<format>u32:0-60000</format>
<description>Maximum duration needed to learn all the events related to a single failure in ms</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-60000"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="spf-interval">
<properties>
<help>Minimum interval between SPF calculations</help>
<valueHelp>
<format>u32:1-120</format>
<description>Interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-120"/>
</constraint>
</properties>
</leafNode>
<tagNode name="interface">
<properties>
<help>Interface params</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
<children>
#include <include/bfd/bfd.xml.i>
<leafNode name="circuit-type">
<properties>
<help>Configure circuit type for interface</help>
<completionHelp>
<list>level-1 level-1-2 level-2-only</list>
</completionHelp>
<valueHelp>
<format>level-1</format>
<description>Level-1 only adjacencies are formed</description>
</valueHelp>
<valueHelp>
<format>level-1-2</format>
<description>Level-1-2 adjacencies are formed</description>
</valueHelp>
<valueHelp>
<format>level-2-only</format>
<description>Level-2 only adjacencies are formed</description>
</valueHelp>
<constraint>
<regex>(level-1|level-1-2|level-2-only)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="hello-padding">
<properties>
<help>Add padding to IS-IS hello packets</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="hello-interval">
<properties>
<help>Set Hello interval</help>
<valueHelp>
<format>u32:1-600</format>
<description>Set Hello interval</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-600"/>
</constraint>
</properties>
</leafNode>
<leafNode name="hello-multiplier">
<properties>
<help>Set Hello interval</help>
<valueHelp>
<format>u32:2-100</format>
<description>Set multiplier for Hello holding time</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 2-100"/>
</constraint>
</properties>
</leafNode>
#include <include/isis/metric.xml.i>
#include <include/isis/ldp-sync-interface.xml.i>
<node name="network">
<properties>
<help>Set network type</help>
</properties>
<children>
<leafNode name="point-to-point">
<properties>
<help>point-to-point network type</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
#include <include/isis/passive.xml.i>
<node name="password">
<properties>
<help>Configure the authentication password for a circuit</help>
</properties>
<children>
#include <include/isis/password.xml.i>
</children>
</node>
<leafNode name="priority">
<properties>
<help>Set priority for Designated Router election</help>
<valueHelp>
<format>u32:0-127</format>
<description>Priority value</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-127"/>
</constraint>
</properties>
</leafNode>
<leafNode name="psnp-interval">
<properties>
<help>Set PSNP interval</help>
<valueHelp>
<format>u32:0-127</format>
<description>PSNP interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-127"/>
</constraint>
</properties>
</leafNode>
<leafNode name="no-three-way-handshake">
<properties>
<help>Disable three-way handshake</help>
<valueless/>
</properties>
</leafNode>
</children>
</tagNode>
<!-- include end -->
diff --git a/op-mode-definitions/include/isis-common.xml.i b/op-mode-definitions/include/isis-common.xml.i
index e94d868e8..493a56633 100644
--- a/op-mode-definitions/include/isis-common.xml.i
+++ b/op-mode-definitions/include/isis-common.xml.i
@@ -1,156 +1,183 @@
<!-- included start from isis-common.xml.i -->
<node name="database">
<properties>
<help>Show IS-IS link state database</help>
</properties>
<children>
#include <include/vtysh-generic-detail.xml.i>
</children>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</node>
<tagNode name="database">
<properties>
<help>Show IS-IS link state database PDU</help>
<completionHelp>
<list>lsp-id detail</list>
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</tagNode>
+<node name="fast-reroute">
+ <properties>
+ <help>Show IS-IS fast reroute/loop free alternate (lfa) information</help>
+ </properties>
+ <children>
+ <node name="summary">
+ <properties>
+ <help>Show summary of fast reroute/loop free alternate (lfa) information</help>
+ </properties>
+ <children>
+ <leafNode name="level-1">
+ <properties>
+ <help>Show level-1 specific fast reroute/loop free alternate (lfa) information</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ </leafNode>
+ <leafNode name="level-2">
+ <properties>
+ <help>Show level-2 specific fast reroute/loop free alternate (lfa) information</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ </leafNode>
+ </children>
+ <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+ </node>
+ </children>
+</node>
<leafNode name="hostname">
<properties>
<help>Show IS-IS dynamic hostname mapping</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
<node name="interface">
<properties>
<help>Show IS-IS interfaces</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
<children>
#include <include/vtysh-generic-detail.xml.i>
</children>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</node>
#include <include/vtysh-generic-interface-tagNode.xml.i>
<node name="mpls">
<properties>
<help>Show MPLS information</help>
</properties>
<children>
#include <include/ldp-sync.xml.i>
</children>
</node>
<node name="mpls-te">
<properties>
<help>Show MPLS traffic engineering information</help>
</properties>
<children>
<leafNode name="router">
<properties>
<help>Show router information</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
<leafNode name="interface">
<properties>
<help>Show interface information</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
#include <include/vtysh-generic-interface-tagNode.xml.i>
</children>
</node>
<node name="neighbor">
<properties>
<help>Show IS-IS neighbor adjacencies</help>
</properties>
<children>
#include <include/vtysh-generic-detail.xml.i>
</children>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</node>
<tagNode name="neighbor">
<properties>
<help>Show specific IS-IS neighbor adjacency </help>
<completionHelp>
<list>system-id</list>
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</tagNode>
<node name="route">
<properties>
<help>Show IS-IS routing table</help>
</properties>
<children>
<leafNode name="level-1">
<properties>
<help>Show level-1 routes</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
<leafNode name="level-2">
<properties>
<help>Show level-2 routes</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
<leafNode name="prefix-sid">
<properties>
<help>Show Prefix-SID information</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
</children>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</node>
<node name="segment-routing">
<properties>
<help>Show IS-IS Segment-Routing (SPRING) information</help>
</properties>
<children>
<leafNode name="node">
<properties>
<help>Show node information</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
</children>
</node>
<leafNode name="spf-delay-ietf">
<properties>
<help>Show IS-IS SPF delay parameters</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
<leafNode name="summary">
<properties>
<help>Show IS-IS information summary</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
<node name="topology">
<properties>
<help>Show IS-IS paths to Intermediate Systems</help>
</properties>
<children>
<leafNode name="level-1">
<properties>
<help>Show level-1 routes</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
<leafNode name="level-2">
<properties>
<help>Show level-2 routes</help>
</properties>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</leafNode>
</children>
<command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
</node>
<!-- included end -->
\ No newline at end of file
diff --git a/smoketest/scripts/cli/test_protocols_isis.py b/smoketest/scripts/cli/test_protocols_isis.py
index c82836b72..94f4ec5c9 100755
--- a/smoketest/scripts/cli/test_protocols_isis.py
+++ b/smoketest/scripts/cli/test_protocols_isis.py
@@ -1,333 +1,393 @@
#!/usr/bin/env python3
#
# Copyright (C) 2021-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.configsession import ConfigSessionError
from vyos.ifconfig import Section
from vyos.utils.process import process_named_running
PROCESS_NAME = 'isisd'
base_path = ['protocols', 'isis']
domain = 'VyOS'
net = '49.0001.1921.6800.1002.00'
class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
cls._interfaces = Section.interfaces('ethernet')
# call base-classes classmethod
super(TestProtocolsISIS, cls).setUpClass()
# Retrieve FRR daemon PID - it is not allowed to crash, thus PID must remain the same
cls.daemon_pid = process_named_running(PROCESS_NAME)
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
cls.cli_delete(cls, base_path)
cls.cli_delete(cls, ['vrf'])
def tearDown(self):
# cleanup any possible VRF mess
self.cli_delete(['vrf'])
# always destrox the entire isisd configuration to make the processes
# life as hard as possible
self.cli_delete(base_path)
self.cli_commit()
# check process health and continuity
self.assertEqual(self.daemon_pid, process_named_running(PROCESS_NAME))
def isis_base_config(self):
self.cli_set(base_path + ['net', net])
for interface in self._interfaces:
self.cli_set(base_path + ['interface', interface])
def test_isis_01_redistribute(self):
prefix_list = 'EXPORT-ISIS'
route_map = 'EXPORT-ISIS'
rule = '10'
self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', rule, 'action', 'permit'])
self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', rule, 'prefix', '203.0.113.0/24'])
self.cli_set(['policy', 'route-map', route_map, 'rule', rule, 'action', 'permit'])
self.cli_set(['policy', 'route-map', route_map, 'rule', rule, 'match', 'ip', 'address', 'prefix-list', prefix_list])
self.cli_set(base_path)
# verify() - net id and interface are mandatory
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.isis_base_config()
self.cli_set(base_path + ['redistribute', 'ipv4', 'connected', 'level-2', 'route-map', route_map])
self.cli_set(base_path + ['log-adjacency-changes'])
# Commit all changes
self.cli_commit()
# Verify all changes
tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
self.assertIn(f' net {net}', tmp)
self.assertIn(f' log-adjacency-changes', tmp)
self.assertIn(f' redistribute ipv4 connected level-2 route-map {route_map}', tmp)
for interface in self._interfaces:
tmp = self.getFRRconfig(f'interface {interface}', daemon='isisd')
self.assertIn(f' ip router isis {domain}', tmp)
self.assertIn(f' ipv6 router isis {domain}', tmp)
self.cli_delete(['policy', 'route-map', route_map])
self.cli_delete(['policy', 'prefix-list', prefix_list])
def test_isis_02_vrfs(self):
vrfs = ['red', 'green', 'blue']
# It is safe to assume that when the basic VRF test works, all other
# IS-IS related features work, as we entirely inherit the CLI templates
# and Jinja2 FRR template.
table = '1000'
vrf = 'red'
vrf_base = ['vrf', 'name', vrf]
vrf_iface = 'eth1'
self.cli_set(vrf_base + ['table', table])
self.cli_set(vrf_base + ['protocols', 'isis', 'net', net])
self.cli_set(vrf_base + ['protocols', 'isis', 'interface', vrf_iface])
self.cli_set(vrf_base + ['protocols', 'isis', 'advertise-high-metrics'])
self.cli_set(vrf_base + ['protocols', 'isis', 'advertise-passive-only'])
self.cli_set(['interfaces', 'ethernet', vrf_iface, 'vrf', vrf])
# Also set a default VRF IS-IS config
self.cli_set(base_path + ['net', net])
self.cli_set(base_path + ['interface', 'eth0'])
self.cli_commit()
# Verify FRR isisd configuration
tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
self.assertIn(f'router isis {domain}', tmp)
self.assertIn(f' net {net}', tmp)
tmp = self.getFRRconfig(f'router isis {domain} vrf {vrf}', daemon='isisd')
self.assertIn(f'router isis {domain} vrf {vrf}', tmp)
self.assertIn(f' net {net}', tmp)
self.assertIn(f' advertise-high-metrics', tmp)
self.assertIn(f' advertise-passive-only', tmp)
self.cli_delete(['vrf', 'name', vrf])
self.cli_delete(['interfaces', 'ethernet', vrf_iface, 'vrf'])
def test_isis_04_default_information(self):
metric = '50'
route_map = 'default-foo-'
self.isis_base_config()
for afi in ['ipv4', 'ipv6']:
for level in ['level-1', 'level-2']:
self.cli_set(base_path + ['default-information', 'originate', afi, level, 'always'])
self.cli_set(base_path + ['default-information', 'originate', afi, level, 'metric', metric])
self.cli_set(base_path + ['default-information', 'originate', afi, level, 'route-map', route_map + level + afi])
# Commit all changes
self.cli_commit()
# Verify all changes
tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
self.assertIn(f' net {net}', tmp)
for afi in ['ipv4', 'ipv6']:
for level in ['level-1', 'level-2']:
route_map_name = route_map + level + afi
self.assertIn(f' default-information originate {afi} {level} always route-map {route_map_name} metric {metric}', tmp)
def test_isis_05_password(self):
password = 'foo'
self.isis_base_config()
for interface in self._interfaces:
self.cli_set(base_path + ['interface', interface, 'password', 'plaintext-password', f'{password}-{interface}'])
self.cli_set(base_path + ['area-password', 'plaintext-password', password])
self.cli_set(base_path + ['area-password', 'md5', password])
self.cli_set(base_path + ['domain-password', 'plaintext-password', password])
self.cli_set(base_path + ['domain-password', 'md5', password])
# verify() - can not use both md5 and plaintext-password for area-password
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_delete(base_path + ['area-password', 'md5', password])
# verify() - can not use both md5 and plaintext-password for domain-password
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_delete(base_path + ['domain-password', 'md5', password])
# Commit all changes
self.cli_commit()
# Verify all changes
tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
self.assertIn(f' net {net}', tmp)
self.assertIn(f' domain-password clear {password}', tmp)
self.assertIn(f' area-password clear {password}', tmp)
for interface in self._interfaces:
tmp = self.getFRRconfig(f'interface {interface}', daemon='isisd')
self.assertIn(f' isis password clear {password}-{interface}', tmp)
def test_isis_06_spf_delay_bfd(self):
network = 'point-to-point'
holddown = '10'
init_delay = '50'
long_delay = '200'
short_delay = '100'
time_to_learn = '75'
bfd_profile = 'isis-bfd'
self.cli_set(base_path + ['net', net])
for interface in self._interfaces:
self.cli_set(base_path + ['interface', interface, 'network', network])
self.cli_set(base_path + ['interface', interface, 'bfd', 'profile', bfd_profile])
self.cli_set(base_path + ['spf-delay-ietf', 'holddown', holddown])
# verify() - All types of spf-delay must be configured
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['spf-delay-ietf', 'init-delay', init_delay])
# verify() - All types of spf-delay must be configured
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['spf-delay-ietf', 'long-delay', long_delay])
# verify() - All types of spf-delay must be configured
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['spf-delay-ietf', 'short-delay', short_delay])
# verify() - All types of spf-delay must be configured
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['spf-delay-ietf', 'time-to-learn', time_to_learn])
# Commit all changes
self.cli_commit()
# Verify all changes
tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
self.assertIn(f' net {net}', tmp)
self.assertIn(f' spf-delay-ietf init-delay {init_delay} short-delay {short_delay} long-delay {long_delay} holddown {holddown} time-to-learn {time_to_learn}', tmp)
for interface in self._interfaces:
tmp = self.getFRRconfig(f'interface {interface}', daemon='isisd')
self.assertIn(f' ip router isis {domain}', tmp)
self.assertIn(f' ipv6 router isis {domain}', tmp)
self.assertIn(f' isis network {network}', tmp)
self.assertIn(f' isis bfd', tmp)
self.assertIn(f' isis bfd profile {bfd_profile}', tmp)
def test_isis_07_segment_routing_configuration(self):
global_block_low = "300"
global_block_high = "399"
local_block_low = "400"
local_block_high = "499"
interface = 'lo'
maximum_stack_size = '5'
prefix_one = '192.168.0.1/32'
prefix_two = '192.168.0.2/32'
prefix_three = '192.168.0.3/32'
prefix_four = '192.168.0.4/32'
prefix_one_value = '1'
prefix_two_value = '2'
prefix_three_value = '60000'
prefix_four_value = '65000'
self.cli_set(base_path + ['net', net])
self.cli_set(base_path + ['interface', interface])
self.cli_set(base_path + ['segment-routing', 'maximum-label-depth', maximum_stack_size])
self.cli_set(base_path + ['segment-routing', 'global-block', 'low-label-value', global_block_low])
self.cli_set(base_path + ['segment-routing', 'global-block', 'high-label-value', global_block_high])
self.cli_set(base_path + ['segment-routing', 'local-block', 'low-label-value', local_block_low])
self.cli_set(base_path + ['segment-routing', 'local-block', 'high-label-value', local_block_high])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_one, 'index', 'value', prefix_one_value])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_one, 'index', 'explicit-null'])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_two, 'index', 'value', prefix_two_value])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_two, 'index', 'no-php-flag'])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_three, 'absolute', 'value', prefix_three_value])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_three, 'absolute', 'explicit-null'])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_four, 'absolute', 'value', prefix_four_value])
self.cli_set(base_path + ['segment-routing', 'prefix', prefix_four, 'absolute', 'no-php-flag'])
# Commit all changes
self.cli_commit()
# Verify all changes
tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
self.assertIn(f' net {net}', tmp)
self.assertIn(f' segment-routing on', tmp)
self.assertIn(f' segment-routing global-block {global_block_low} {global_block_high} local-block {local_block_low} {local_block_high}', tmp)
self.assertIn(f' segment-routing node-msd {maximum_stack_size}', tmp)
self.assertIn(f' segment-routing prefix {prefix_one} index {prefix_one_value} explicit-null', tmp)
self.assertIn(f' segment-routing prefix {prefix_two} index {prefix_two_value} no-php-flag', tmp)
self.assertIn(f' segment-routing prefix {prefix_three} absolute {prefix_three_value} explicit-null', tmp)
self.assertIn(f' segment-routing prefix {prefix_four} absolute {prefix_four_value} no-php-flag', tmp)
def test_isis_08_ldp_sync(self):
holddown = "500"
interface = 'lo'
self.cli_set(base_path + ['net', net])
self.cli_set(base_path + ['interface', interface])
self.cli_set(base_path + ['ldp-sync', 'holddown', holddown])
# Commit main ISIS changes
self.cli_commit()
# Verify main ISIS changes
tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
self.assertIn(f' net {net}', tmp)
self.assertIn(f' mpls ldp-sync', tmp)
self.assertIn(f' mpls ldp-sync holddown {holddown}', tmp)
for interface in self._interfaces:
self.cli_set(base_path + ['interface', interface, 'ldp-sync', 'holddown', holddown])
# Commit interface changes for holddown
self.cli_commit()
for interface in self._interfaces:
# Verify interface changes for holddown
tmp = self.getFRRconfig(f'interface {interface}', daemon='isisd')
self.assertIn(f'interface {interface}', tmp)
self.assertIn(f' ip router isis {domain}', tmp)
self.assertIn(f' ipv6 router isis {domain}', tmp)
self.assertIn(f' isis mpls ldp-sync holddown {holddown}', tmp)
for interface in self._interfaces:
self.cli_set(base_path + ['interface', interface, 'ldp-sync', 'disable'])
# Commit interface changes for disable
self.cli_commit()
for interface in self._interfaces:
# Verify interface changes for disable
tmp = self.getFRRconfig(f'interface {interface}', daemon='isisd')
self.assertIn(f'interface {interface}', tmp)
self.assertIn(f' ip router isis {domain}', tmp)
self.assertIn(f' ipv6 router isis {domain}', tmp)
self.assertIn(f' no isis mpls ldp-sync', tmp)
+ def test_isis_09_lfa(self):
+ prefix_list = 'lfa-prefix-list-test-1'
+ prefix_list_address = '192.168.255.255/32'
+ interface = 'lo'
+
+ self.cli_set(base_path + ['net', net])
+ self.cli_set(base_path + ['interface', interface])
+ self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', '1', 'action', 'permit'])
+ self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', '1', 'prefix', prefix_list_address])
+
+ # Commit main ISIS changes
+ self.cli_commit()
+
+ # Add remote portion of LFA with prefix list with validation
+ for level in ['level-1', 'level-2']:
+ self.cli_set(base_path + ['fast-reroute', 'lfa', 'remote', 'prefix-list', prefix_list, level])
+ self.cli_commit()
+ tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
+ self.assertIn(f' net {net}', tmp)
+ self.assertIn(f' fast-reroute remote-lfa prefix-list {prefix_list} {level}', tmp)
+ self.cli_delete(base_path + ['fast-reroute'])
+ self.cli_commit()
+
+ # Add local portion of LFA load-sharing portion with validation
+ for level in ['level-1', 'level-2']:
+ self.cli_set(base_path + ['fast-reroute', 'lfa', 'local', 'load-sharing', 'disable', level])
+ self.cli_commit()
+ tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
+ self.assertIn(f' net {net}', tmp)
+ self.assertIn(f' fast-reroute load-sharing disable {level}', tmp)
+ self.cli_delete(base_path + ['fast-reroute'])
+ self.cli_commit()
+
+ # Add local portion of LFA priority-limit portion with validation
+ for priority in ['critical', 'high', 'medium']:
+ for level in ['level-1', 'level-2']:
+ self.cli_set(base_path + ['fast-reroute', 'lfa', 'local', 'priority-limit', priority, level])
+ self.cli_commit()
+ tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
+ self.assertIn(f' net {net}', tmp)
+ self.assertIn(f' fast-reroute priority-limit {priority} {level}', tmp)
+ self.cli_delete(base_path + ['fast-reroute'])
+ self.cli_commit()
+
+ # Add local portion of LFA tiebreaker portion with validation
+ index = '100'
+ for tiebreaker in ['downstream','lowest-backup-metric','node-protecting']:
+ for level in ['level-1', 'level-2']:
+ self.cli_set(base_path + ['fast-reroute', 'lfa', 'local', 'tiebreaker', tiebreaker, 'index', index, level])
+ self.cli_commit()
+ tmp = self.getFRRconfig(f'router isis {domain}', daemon='isisd')
+ self.assertIn(f' net {net}', tmp)
+ self.assertIn(f' fast-reroute lfa tiebreaker {tiebreaker} index {index} {level}', tmp)
+ self.cli_delete(base_path + ['fast-reroute'])
+ self.cli_commit()
+
+ # Clean up and remove prefix list
+ self.cli_delete(['policy', 'prefix-list', prefix_list])
+ self.cli_commit()
+
if __name__ == '__main__':
- unittest.main(verbosity=2)
+ unittest.main(verbosity=2)
\ No newline at end of file
diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py
index e00c58ee4..ce67ccff7 100755
--- a/src/conf_mode/protocols_isis.py
+++ b/src/conf_mode/protocols_isis.py
@@ -1,268 +1,301 @@
#!/usr/bin/env python3
#
# Copyright (C) 2020-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
from sys import exit
from sys import argv
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
from vyos.configverify import verify_common_route_maps
from vyos.configverify import verify_interface_exists
from vyos.ifconfig import Interface
from vyos.utils.dict import dict_search
from vyos.utils.network import get_interface_config
from vyos.template import render_to_string
from vyos import ConfigError
from vyos import frr
from vyos import airbag
airbag.enable()
def get_config(config=None):
if config:
conf = config
else:
conf = Config()
vrf = None
if len(argv) > 1:
vrf = argv[1]
base_path = ['protocols', 'isis']
# eqivalent of the C foo ? 'a' : 'b' statement
base = vrf and ['vrf', 'name', vrf, 'protocols', 'isis'] or base_path
isis = conf.get_config_dict(base, key_mangling=('-', '_'),
- get_first_key=True)
+ get_first_key=True,
+ no_tag_node_value_mangle=True)
# Assign the name of our VRF context. This MUST be done before the return
# statement below, else on deletion we will delete the default instance
# instead of the VRF instance.
if vrf: isis['vrf'] = vrf
# FRR has VRF support for different routing daemons. As interfaces belong
# to VRFs - or the global VRF, we need to check for changed interfaces so
# that they will be properly rendered for the FRR config. Also this eases
# removal of interfaces from the running configuration.
interfaces_removed = node_changed(conf, base + ['interface'])
if interfaces_removed:
isis['interface_removed'] = list(interfaces_removed)
# Bail out early if configuration tree does no longer exist. this must
# be done after retrieving the list of interfaces to be removed.
if not conf.exists(base):
isis.update({'deleted' : ''})
return isis
# merge in default values
isis = conf.merge_defaults(isis, recursive=True)
# We also need some additional information from the config, prefix-lists
# and route-maps for instance. They will be used in verify().
#
# XXX: one MUST always call this without the key_mangling() option! See
# vyos.configverify.verify_common_route_maps() for more information.
tmp = conf.get_config_dict(['policy'])
# Merge policy dict into "regular" config dict
isis = dict_merge(tmp, isis)
return isis
def verify(isis):
# bail out early - looks like removal from running config
if not isis or 'deleted' in isis:
return None
if 'net' not in isis:
raise ConfigError('Network entity is mandatory!')
# last byte in IS-IS area address must be 0
tmp = isis['net'].split('.')
if int(tmp[-1]) != 0:
raise ConfigError('Last byte of IS-IS network entity title must always be 0!')
verify_common_route_maps(isis)
# If interface not set
if 'interface' not in isis:
raise ConfigError('Interface used for routing updates is mandatory!')
for interface in isis['interface']:
verify_interface_exists(interface)
# Interface MTU must be >= configured lsp-mtu
mtu = Interface(interface).get_mtu()
area_mtu = isis['lsp_mtu']
# Recommended maximum PDU size = interface MTU - 3 bytes
recom_area_mtu = mtu - 3
if mtu < int(area_mtu) or int(area_mtu) > recom_area_mtu:
raise ConfigError(f'Interface {interface} has MTU {mtu}, ' \
f'current area MTU is {area_mtu}! \n' \
f'Recommended area lsp-mtu {recom_area_mtu} or less ' \
'(calculated on MTU size).')
if 'vrf' in isis:
# If interface specific options are set, we must ensure that the
# interface is bound to our requesting VRF. Due to the VyOS
# priorities the interface is bound to the VRF after creation of
# the VRF itself, and before any routing protocol is configured.
vrf = isis['vrf']
tmp = get_interface_config(interface)
if 'master' not in tmp or tmp['master'] != vrf:
raise ConfigError(f'Interface "{interface}" is not a member of VRF "{vrf}"!')
# If md5 and plaintext-password set at the same time
for password in ['area_password', 'domain_password']:
if password in isis:
if {'md5', 'plaintext_password'} <= set(isis[password]):
tmp = password.replace('_', '-')
raise ConfigError(f'Can use either md5 or plaintext-password for {tmp}!')
# If one param from delay set, but not set others
if 'spf_delay_ietf' in isis:
required_timers = ['holddown', 'init_delay', 'long_delay', 'short_delay', 'time_to_learn']
exist_timers = []
for elm_timer in required_timers:
if elm_timer in isis['spf_delay_ietf']:
exist_timers.append(elm_timer)
exist_timers = set(required_timers).difference(set(exist_timers))
if len(exist_timers) > 0:
raise ConfigError('All types of spf-delay must be configured. Missing: ' + ', '.join(exist_timers).replace('_', '-'))
# If Redistribute set, but level don't set
if 'redistribute' in isis:
proc_level = isis.get('level','').replace('-','_')
for afi in ['ipv4', 'ipv6']:
if afi not in isis['redistribute']:
continue
for proto, proto_config in isis['redistribute'][afi].items():
if 'level_1' not in proto_config and 'level_2' not in proto_config:
raise ConfigError(f'Redistribute level-1 or level-2 should be specified in ' \
f'"protocols isis {process} redistribute {afi} {proto}"!')
for redistr_level, redistr_config in proto_config.items():
if proc_level and proc_level != 'level_1_2' and proc_level != redistr_level:
raise ConfigError(f'"protocols isis {process} redistribute {afi} {proto} {redistr_level}" ' \
f'can not be used with \"protocols isis {process} level {proc_level}\"')
# Segment routing checks
if dict_search('segment_routing.global_block', isis):
g_high_label_value = dict_search('segment_routing.global_block.high_label_value', isis)
g_low_label_value = dict_search('segment_routing.global_block.low_label_value', isis)
# If segment routing global block high or low value is blank, throw error
if not (g_low_label_value or g_high_label_value):
raise ConfigError('Segment routing global-block requires both low and high value!')
# If segment routing global block low value is higher than the high value, throw error
if int(g_low_label_value) > int(g_high_label_value):
raise ConfigError('Segment routing global-block low value must be lower than high value')
if dict_search('segment_routing.local_block', isis):
if dict_search('segment_routing.global_block', isis) == None:
raise ConfigError('Segment routing local-block requires global-block to be configured!')
l_high_label_value = dict_search('segment_routing.local_block.high_label_value', isis)
l_low_label_value = dict_search('segment_routing.local_block.low_label_value', isis)
# If segment routing local-block high or low value is blank, throw error
if not (l_low_label_value or l_high_label_value):
raise ConfigError('Segment routing local-block requires both high and low value!')
# If segment routing local-block low value is higher than the high value, throw error
if int(l_low_label_value) > int(l_high_label_value):
raise ConfigError('Segment routing local-block low value must be lower than high value')
# local-block most live outside global block
global_range = range(int(g_low_label_value), int(g_high_label_value) +1)
local_range = range(int(l_low_label_value), int(l_high_label_value) +1)
# Check for overlapping ranges
if list(set(global_range) & set(local_range)):
raise ConfigError(f'Segment-Routing Global Block ({g_low_label_value}/{g_high_label_value}) '\
f'conflicts with Local Block ({l_low_label_value}/{l_high_label_value})!')
# Check for a blank or invalid value per prefix
if dict_search('segment_routing.prefix', isis):
for prefix, prefix_config in isis['segment_routing']['prefix'].items():
if 'absolute' in prefix_config:
if prefix_config['absolute'].get('value') is None:
raise ConfigError(f'Segment routing prefix {prefix} absolute value cannot be blank.')
elif 'index' in prefix_config:
if prefix_config['index'].get('value') is None:
raise ConfigError(f'Segment routing prefix {prefix} index value cannot be blank.')
# Check for explicit-null and no-php-flag configured at the same time per prefix
if dict_search('segment_routing.prefix', isis):
for prefix, prefix_config in isis['segment_routing']['prefix'].items():
if 'absolute' in prefix_config:
if ("explicit_null" in prefix_config['absolute']) and ("no_php_flag" in prefix_config['absolute']):
raise ConfigError(f'Segment routing prefix {prefix} cannot have both explicit-null '\
f'and no-php-flag configured at the same time.')
elif 'index' in prefix_config:
if ("explicit_null" in prefix_config['index']) and ("no_php_flag" in prefix_config['index']):
raise ConfigError(f'Segment routing prefix {prefix} cannot have both explicit-null '\
f'and no-php-flag configured at the same time.')
+
+ # Check for LFA tiebreaker index duplication
+ if dict_search('fast_reroute.lfa.local.tiebreaker', isis):
+ comparison_dictionary = {}
+ for item, item_options in isis['fast_reroute']['lfa']['local']['tiebreaker'].items():
+ for index, index_options in item_options.items():
+ for index_value, index_value_options in index_options.items():
+ if index_value not in comparison_dictionary.keys():
+ comparison_dictionary[index_value] = [item]
+ else:
+ comparison_dictionary[index_value].append(item)
+ for index, index_length in comparison_dictionary.items():
+ if int(len(index_length)) > 1:
+ raise ConfigError(f'LFA index {index} cannot have more than one tiebreaker configured.')
+
+ # Check for LFA priority-limit configured multiple times per level
+ if dict_search('fast_reroute.lfa.local.priority_limit', isis):
+ comparison_dictionary = {}
+ for priority, priority_options in isis['fast_reroute']['lfa']['local']['priority_limit'].items():
+ for level, level_options in priority_options.items():
+ if level not in comparison_dictionary.keys():
+ comparison_dictionary[level] = [priority]
+ else:
+ comparison_dictionary[level].append(priority)
+ for level, level_length in comparison_dictionary.items():
+ if int(len(level_length)) > 1:
+ raise ConfigError(f'LFA priority-limit on {level.replace("_", "-")} cannot have more than one priority configured.')
+
+ # Check for LFA remote prefix list configured with more than one list
+ if dict_search('fast_reroute.lfa.remote.prefix_list', isis):
+ if int(len(isis['fast_reroute']['lfa']['remote']['prefix_list'].items())) > 1:
+ raise ConfigError(f'LFA remote prefix-list has more than one configured. Cannot have more than one configured.')
return None
def generate(isis):
if not isis or 'deleted' in isis:
return None
isis['frr_isisd_config'] = render_to_string('frr/isisd.frr.j2', isis)
return None
def apply(isis):
isis_daemon = 'isisd'
# Save original configuration prior to starting any commit actions
frr_cfg = frr.FRRConfig()
# Generate empty helper string which can be ammended to FRR commands, it
# will be either empty (default VRF) or contain the "vrf <name" statement
vrf = ''
if 'vrf' in isis:
vrf = ' vrf ' + isis['vrf']
frr_cfg.load_configuration(isis_daemon)
frr_cfg.modify_section(f'^router isis VyOS{vrf}', stop_pattern='^exit', remove_stop_mark=True)
for key in ['interface', 'interface_removed']:
if key not in isis:
continue
for interface in isis[key]:
frr_cfg.modify_section(f'^interface {interface}', stop_pattern='^exit', remove_stop_mark=True)
if 'frr_isisd_config' in isis:
frr_cfg.add_before(frr.default_add_before, isis['frr_isisd_config'])
frr_cfg.commit_configuration(isis_daemon)
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
- exit(1)
+ exit(1)
\ No newline at end of file