diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index 23f81348b..419d0bee1 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -1,661 +1,664 @@
{### MACRO definition for recurring peer patter, this can be either fed by a ###}
{### peer-group or an individual BGP neighbor ###}
{% macro bgp_neighbor(neighbor, config, peer_group=false) %}
{% if peer_group == true %}
neighbor {{ neighbor }} peer-group
{% elif config.peer_group is vyos_defined %}
neighbor {{ neighbor }} peer-group {{ config.peer_group }}
{% endif %}
{% if config.remote_as is vyos_defined %}
neighbor {{ neighbor }} remote-as {{ config.remote_as }}
{% endif %}
{% if config.local_role is vyos_defined %}
{% for role, strict in config.local_role.items() %}
neighbor {{ neighbor }} local-role {{ role }} {{ 'strict-mode' if strict }}
{% endfor %}
{% endif %}
{% if config.interface.remote_as is vyos_defined %}
neighbor {{ neighbor }} interface remote-as {{ config.interface.remote_as }}
{% endif %}
{% if config.advertisement_interval is vyos_defined %}
neighbor {{ neighbor }} advertisement-interval {{ config.advertisement_interval }}
{% endif %}
{% if config.bfd is vyos_defined %}
neighbor {{ neighbor }} bfd
{% if config.bfd.check_control_plane_failure is vyos_defined %}
neighbor {{ neighbor }} bfd check-control-plane-failure
{% endif %}
{% if config.bfd.profile is vyos_defined %}
neighbor {{ neighbor }} bfd profile {{ config.bfd.profile }}
{% endif %}
{% endif %}
{% if config.capability.dynamic is vyos_defined %}
neighbor {{ neighbor }} capability dynamic
{% endif %}
{% if config.capability.extended_nexthop is vyos_defined %}
neighbor {{ neighbor }} capability extended-nexthop
{% endif %}
{% if config.capability.software_version is vyos_defined %}
neighbor {{ neighbor }} capability software-version
{% endif %}
{% if config.description is vyos_defined %}
neighbor {{ neighbor }} description {{ config.description }}
{% endif %}
{% if config.disable_capability_negotiation is vyos_defined %}
neighbor {{ neighbor }} dont-capability-negotiate
{% endif %}
{% if config.disable_connected_check is vyos_defined %}
neighbor {{ neighbor }} disable-connected-check
{% endif %}
{% if config.ebgp_multihop is vyos_defined %}
neighbor {{ neighbor }} ebgp-multihop {{ config.ebgp_multihop }}
{% endif %}
{% if config.graceful_restart is vyos_defined %}
{% if config.graceful_restart is vyos_defined('enable') %}
{% set graceful_restart = 'graceful-restart' %}
{% elif config.graceful_restart is vyos_defined('disable') %}
{% set graceful_restart = 'graceful-restart-disable' %}
{% elif config.graceful_restart is vyos_defined('restart-helper') %}
{% set graceful_restart = 'graceful-restart-helper' %}
{% endif %}
neighbor {{ neighbor }} {{ graceful_restart }}
{% endif %}
{% if config.local_as is vyos_defined %}
{% for local_as, local_as_config in config.local_as.items() %}
{# There can be only one local-as value, this is checked in the Python code #}
neighbor {{ neighbor }} local-as {{ local_as }} {{ 'no-prepend' if local_as_config.no_prepend is vyos_defined }} {{ 'replace-as' if local_as_config.no_prepend is vyos_defined and local_as_config.no_prepend.replace_as is vyos_defined }}
{% endfor %}
{% endif %}
{% if config.override_capability is vyos_defined %}
neighbor {{ neighbor }} override-capability
{% endif %}
{% if config.passive is vyos_defined %}
neighbor {{ neighbor }} passive
{% endif %}
{% if config.password is vyos_defined %}
neighbor {{ neighbor }} password {{ config.password }}
{% endif %}
{% if config.path_attribute.discard is vyos_defined %}
neighbor {{ neighbor }} path-attribute discard {{ config.path_attribute.discard }}
{% endif %}
{% if config.path_attribute.treat_as_withdraw is vyos_defined %}
neighbor {{ neighbor }} path-attribute treat-as-withdraw {{ config.path_attribute.treat_as_withdraw }}
{% endif %}
{% if config.port is vyos_defined %}
neighbor {{ neighbor }} port {{ config.port }}
{% endif %}
{% if config.shutdown is vyos_defined %}
neighbor {{ neighbor }} shutdown
{% endif %}
{% if config.solo is vyos_defined %}
neighbor {{ neighbor }} solo
{% endif %}
{% if config.enforce_first_as is vyos_defined %}
neighbor {{ neighbor }} enforce-first-as
{% endif %}
{% if config.strict_capability_match is vyos_defined %}
neighbor {{ neighbor }} strict-capability-match
{% endif %}
{% if config.ttl_security.hops is vyos_defined %}
neighbor {{ neighbor }} ttl-security hops {{ config.ttl_security.hops }}
{% endif %}
{% if config.timers.connect is vyos_defined %}
neighbor {{ neighbor }} timers connect {{ config.timers.connect }}
{% endif %}
{% if config.timers.keepalive is vyos_defined and config.timers.holdtime is vyos_defined %}
neighbor {{ neighbor }} timers {{ config.timers.keepalive }} {{ config.timers.holdtime }}
{% endif %}
{% if config.update_source is vyos_defined %}
neighbor {{ neighbor }} update-source {{ config.update_source }}
{% endif %}
{% if config.interface is vyos_defined %}
{% if config.interface.peer_group is vyos_defined %}
neighbor {{ neighbor }} interface peer-group {{ config.interface.peer_group }}
{% endif %}
{% if config.interface.source_interface is vyos_defined %}
neighbor {{ neighbor }} interface {{ config.interface.source_interface }}
{% endif %}
{% if config.interface.v6only is vyos_defined %}
{% if config.interface.v6only.peer_group is vyos_defined %}
neighbor {{ neighbor }} interface v6only peer-group {{ config.interface.v6only.peer_group }}
{% endif %}
{% if config.interface.v6only.remote_as is vyos_defined %}
neighbor {{ neighbor }} interface v6only remote-as {{ config.interface.v6only.remote_as }}
{% endif %}
{% endif %}
{% endif %}
!
{% if config.address_family is vyos_defined %}
{% for afi, afi_config in config.address_family.items() %}
{% if afi == 'ipv4_unicast' %}
address-family ipv4 unicast
{% elif afi == 'ipv4_multicast' %}
address-family ipv4 multicast
{% elif afi == 'ipv4_labeled_unicast' %}
address-family ipv4 labeled-unicast
{% elif afi == 'ipv4_vpn' %}
address-family ipv4 vpn
{% elif afi == 'ipv4_flowspec' %}
address-family ipv4 flowspec
{% elif afi == 'ipv6_unicast' %}
address-family ipv6 unicast
{% elif afi == 'ipv6_multicast' %}
address-family ipv6 multicast
{% elif afi == 'ipv6_labeled_unicast' %}
address-family ipv6 labeled-unicast
{% elif afi == 'ipv6_vpn' %}
address-family ipv6 vpn
{% elif afi == 'ipv6_flowspec' %}
address-family ipv6 flowspec
{% elif afi == 'l2vpn_evpn' %}
address-family l2vpn evpn
{% endif %}
{% if afi_config.addpath_tx_all is vyos_defined %}
neighbor {{ neighbor }} addpath-tx-all-paths
{% endif %}
{% if afi_config.addpath_tx_per_as is vyos_defined %}
neighbor {{ neighbor }} addpath-tx-bestpath-per-AS
{% endif %}
{% if afi_config.allowas_in is vyos_defined %}
neighbor {{ neighbor }} allowas-in {{ afi_config.allowas_in.number if afi_config.allowas_in.number is vyos_defined }}
{% endif %}
{% if afi_config.as_override is vyos_defined %}
neighbor {{ neighbor }} as-override
{% endif %}
{% if afi_config.conditionally_advertise is vyos_defined %}
{% if afi_config.conditionally_advertise.advertise_map is vyos_defined %}
{% set exist_non_exist_map = 'exist-map' %}
{% if afi_config.conditionally_advertise.exist_map is vyos_defined %}
{% set exist_non_exist_map = 'exist-map ' ~ afi_config.conditionally_advertise.exist_map %}
{% elif afi_config.conditionally_advertise.non_exist_map is vyos_defined %}
{% set exist_non_exist_map = 'non-exist-map ' ~ afi_config.conditionally_advertise.non_exist_map %}
{% endif %}
neighbor {{ neighbor }} advertise-map {{ afi_config.conditionally_advertise.advertise_map }} {{ exist_non_exist_map }}
{% endif %}
{% endif %}
{% if afi_config.remove_private_as is vyos_defined %}
neighbor {{ neighbor }} remove-private-AS {{ 'all' if afi_config.remove_private_as.all is vyos_defined }}
{% endif %}
{% if afi_config.route_reflector_client is vyos_defined %}
neighbor {{ neighbor }} route-reflector-client
{% endif %}
{% if afi_config.weight is vyos_defined %}
neighbor {{ neighbor }} weight {{ afi_config.weight }}
{% endif %}
{% if afi_config.attribute_unchanged is vyos_defined %}
neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if afi_config.attribute_unchanged.as_path is vyos_defined }}{{ 'med ' if afi_config.attribute_unchanged.med is vyos_defined }}{{ 'next-hop ' if afi_config.attribute_unchanged.next_hop is vyos_defined }}
{% endif %}
{% if afi_config.capability.orf.prefix_list.send is vyos_defined %}
neighbor {{ neighbor }} capability orf prefix-list send
{% endif %}
{% if afi_config.capability.orf.prefix_list.receive is vyos_defined %}
neighbor {{ neighbor }} capability orf prefix-list receive
{% endif %}
{% if afi_config.default_originate is vyos_defined %}
neighbor {{ neighbor }} default-originate {{ 'route-map ' ~ afi_config.default_originate.route_map if afi_config.default_originate.route_map is vyos_defined }}
{% endif %}
{% if afi_config.distribute_list.export is vyos_defined %}
neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.export }} out
{% endif %}
{% if afi_config.distribute_list.import is vyos_defined %}
neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.import }} in
{% endif %}
{% if afi_config.filter_list.export is vyos_defined %}
neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.export }} out
{% endif %}
{% if afi_config.filter_list.import is vyos_defined %}
neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.import }} in
{% endif %}
{% if afi_config.maximum_prefix is vyos_defined %}
neighbor {{ neighbor }} maximum-prefix {{ afi_config.maximum_prefix }}
{% endif %}
{% if afi_config.maximum_prefix_out is vyos_defined %}
neighbor {{ neighbor }} maximum-prefix-out {{ afi_config.maximum_prefix_out }}
{% endif %}
{% if afi_config.nexthop_self is vyos_defined %}
neighbor {{ neighbor }} next-hop-self {{ 'force' if afi_config.nexthop_self.force is vyos_defined }}
{% endif %}
{% if afi_config.route_server_client is vyos_defined %}
neighbor {{ neighbor }} route-server-client
{% endif %}
{% if afi_config.route_map.export is vyos_defined %}
neighbor {{ neighbor }} route-map {{ afi_config.route_map.export }} out
{% endif %}
{% if afi_config.route_map.import is vyos_defined %}
neighbor {{ neighbor }} route-map {{ afi_config.route_map.import }} in
{% endif %}
{% if afi_config.prefix_list.export is vyos_defined %}
neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.export }} out
{% endif %}
{% if afi_config.prefix_list.import is vyos_defined %}
neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.import }} in
{% endif %}
{% if afi_config.soft_reconfiguration.inbound is vyos_defined %}
neighbor {{ neighbor }} soft-reconfiguration inbound
{% endif %}
{% if afi_config.unsuppress_map is vyos_defined %}
neighbor {{ neighbor }} unsuppress-map {{ afi_config.unsuppress_map }}
{% endif %}
{% if afi_config.disable_send_community.extended is vyos_defined %}
no neighbor {{ neighbor }} send-community extended
{% endif %}
{% if afi_config.disable_send_community.standard is vyos_defined %}
no neighbor {{ neighbor }} send-community standard
{% endif %}
neighbor {{ neighbor }} activate
exit-address-family
!
{% endfor %}
{% endif %}
{% endmacro %}
!
router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% if parameters.ebgp_requires_policy is vyos_defined %}
bgp ebgp-requires-policy
{% else %}
no bgp ebgp-requires-policy
{% endif %}
{# Option must be set before any neighbor - see https://vyos.dev/T3463 #}
no bgp default ipv4-unicast
{# Workaround for T2100 until we have decided about a migration script #}
no bgp network import-check
{% if address_family is vyos_defined %}
{% for afi, afi_config in address_family.items() %}
!
{% if afi == 'ipv4_unicast' %}
address-family ipv4 unicast
{% elif afi == 'ipv4_multicast' %}
address-family ipv4 multicast
{% elif afi == 'ipv4_labeled_unicast' %}
address-family ipv4 labeled-unicast
{% elif afi == 'ipv4_vpn' %}
address-family ipv4 vpn
{% elif afi == 'ipv4_flowspec' %}
address-family ipv4 flowspec
{% elif afi == 'ipv6_unicast' %}
address-family ipv6 unicast
{% elif afi == 'ipv6_multicast' %}
address-family ipv6 multicast
{% elif afi == 'ipv6_labeled_unicast' %}
address-family ipv6 labeled-unicast
{% elif afi == 'ipv6_vpn' %}
address-family ipv6 vpn
{% elif afi == 'ipv6_flowspec' %}
address-family ipv6 flowspec
{% elif afi == 'l2vpn_evpn' %}
address-family l2vpn evpn
{% if afi_config.rd is vyos_defined %}
rd {{ afi_config.rd }}
{% endif %}
{% endif %}
{% if afi_config.aggregate_address is vyos_defined %}
{% for aggregate, aggregate_config in afi_config.aggregate_address.items() %}
aggregate-address {{ aggregate }}{{ ' as-set' if aggregate_config.as_set is vyos_defined }}{{ ' summary-only' if aggregate_config.summary_only is vyos_defined }}
{% if aggregate_config.route_map is vyos_defined %}
aggregate-address {{ aggregate }} route-map {{ aggregate_config.route_map }}
{% endif %}
{% endfor %}
{% endif %}
{% if afi_config.maximum_paths.ebgp is vyos_defined %}
maximum-paths {{ afi_config.maximum_paths.ebgp }}
{% endif %}
{% if afi_config.maximum_paths.ibgp is vyos_defined %}
maximum-paths ibgp {{ afi_config.maximum_paths.ibgp }}
{% endif %}
{% if afi_config.redistribute is vyos_defined %}
{% for protocol, protocol_config in afi_config.redistribute.items() %}
{% if protocol == 'table' %}
redistribute table {{ protocol_config.table }}
{% else %}
{% set redistribution_protocol = protocol %}
{% if protocol == 'ospfv3' %}
{% set redistribution_protocol = 'ospf6' %}
{% endif %}
redistribute {{ redistribution_protocol }} {{ 'metric ' ~ protocol_config.metric if protocol_config.metric is vyos_defined }} {{ 'route-map ' ~ protocol_config.route_map if protocol_config.route_map is vyos_defined }}
{####### we need this blank line!! #######}
{% endif %}
{% endfor %}
{% endif %}
{% if afi_config.network is vyos_defined %}
{% for network, network_config in afi_config.network.items() %}
network {{ network }} {{ 'route-map ' ~ network_config.route_map if network_config.route_map is vyos_defined }} {{ 'backdoor' if network_config.backdoor is vyos_defined }} {{ 'rd ' ~ network_config.rd if network_config.rd is vyos_defined }} {{ 'label ' ~ network_config.label if network_config.label is vyos_defined }}
{####### we need this blank line!! #######}
{% endfor %}
{% endif %}
{% if afi_config.advertise is vyos_defined %}
{% for adv_afi, adv_afi_config in afi_config.advertise.items() %}
{% if adv_afi_config.unicast is vyos_defined %}
advertise {{ adv_afi }} unicast {{ 'route-map ' ~ adv_afi_config.unicast.route_map if adv_afi_config.unicast.route_map is vyos_defined }}
{% endif %}
{% endfor %}
{% endif %}
{% if afi_config.distance.external is vyos_defined and afi_config.distance.internal is vyos_defined and afi_config.distance.local is vyos_defined %}
distance bgp {{ afi_config.distance.external }} {{ afi_config.distance.internal }} {{ afi_config.distance.local }}
{% endif %}
{% if afi_config.distance.prefix is vyos_defined %}
{% for prefix in afi_config.distance.prefix %}
distance {{ afi_config.distance.prefix[prefix].distance }} {{ prefix }}
{% endfor %}
{% endif %}
{% if afi_config.export.vpn is vyos_defined %}
export vpn
{% endif %}
{% if afi_config.import.vpn is vyos_defined %}
import vpn
{% endif %}
{% if afi_config.import.vrf is vyos_defined %}
{% for vrf in afi_config.import.vrf %}
import vrf {{ vrf }}
{% endfor %}
{% endif %}
{% if afi_config.label.vpn.export is vyos_defined %}
label vpn export {{ afi_config.label.vpn.export }}
{% endif %}
{% if afi_config.label.vpn.allocation_mode.per_nexthop is vyos_defined %}
label vpn export allocation-mode per-nexthop
{% endif %}
{% if afi_config.local_install is vyos_defined %}
{% for interface in afi_config.local_install.interface %}
local-install {{ interface }}
{% endfor %}
{% endif %}
{% if afi_config.advertise_all_vni is vyos_defined %}
advertise-all-vni
{% endif %}
{% if afi_config.advertise_default_gw is vyos_defined %}
advertise-default-gw
{% endif %}
{% if afi_config.advertise_pip is vyos_defined %}
advertise-pip ip {{ afi_config.advertise_pip }}
{% endif %}
{% if afi_config.advertise_svi_ip is vyos_defined %}
advertise-svi-ip
{% endif %}
{% if afi_config.default_originate.ipv4 is vyos_defined %}
default-originate ipv4
{% endif %}
{% if afi_config.default_originate.ipv6 is vyos_defined %}
default-originate ipv6
{% endif %}
{% if afi_config.disable_ead_evi_rx is vyos_defined %}
disable-ead-evi-rx
{% endif %}
{% if afi_config.disable_ead_evi_tx is vyos_defined %}
disable-ead-evi-tx
{% endif %}
{% if afi_config.ead_es_frag.evi_limit is vyos_defined %}
ead-es-frag evi-limit {{ afi_config.ead_es_frag.evi_limit }}
{% endif %}
{% if afi_config.ead_es_route_target.export is vyos_defined %}
{% for route_target in afi_config.ead_es_route_target.export %}
- ead-es-route-target export {{ route_target }}
+ ead-es-route-target export {{ route_target }}
{% endfor %}
{% endif %}
{% if afi_config.rt_auto_derive is vyos_defined %}
autort rfc8365-compatible
{% endif %}
{% if afi_config.flooding.disable is vyos_defined %}
flooding disable
{% endif %}
{% if afi_config.flooding.head_end_replication is vyos_defined %}
flooding head-end-replication
{% endif %}
+{% if afi_config.mac_vrf.soo is vyos_defined %}
+ mac-vrf soo {{ afi_config.mac_vrf.soo }}
+{% endif %}
{% if afi_config.nexthop.vpn.export is vyos_defined %}
nexthop vpn export {{ afi_config.nexthop.vpn.export }}
{% endif %}
{% if afi_config.rd.vpn.export is vyos_defined %}
rd vpn export {{ afi_config.rd.vpn.export }}
{% endif %}
{% if afi_config.route_target.vpn.both is vyos_defined %}
route-target vpn both {{ afi_config.route_target.vpn.both }}
{% else %}
{% if afi_config.route_target.vpn.export is vyos_defined %}
route-target vpn export {{ afi_config.route_target.vpn.export }}
{% endif %}
{% if afi_config.route_target.vpn.import is vyos_defined %}
route-target vpn import {{ afi_config.route_target.vpn.import }}
{% endif %}
{% endif %}
{% if afi_config.route_target.both is vyos_defined %}
{% for route_target in afi_config.route_target.both %}
route-target both {{ route_target }}
{% endfor %}
{% endif %}
{% if afi_config.route_target.export is vyos_defined %}
{% for route_target in afi_config.route_target.export %}
route-target export {{ route_target }}
{% endfor %}
{% endif %}
{% if afi_config.route_target.import is vyos_defined %}
{% for route_target in afi_config.route_target.import %}
route-target import {{ route_target }}
{% endfor %}
{% endif %}
{% if afi_config.route_map.vpn.export is vyos_defined %}
route-map vpn export {{ afi_config.route_map.vpn.export }}
{% endif %}
{% if afi_config.route_map.vpn.import is vyos_defined %}
route-map vpn import {{ afi_config.route_map.vpn.import }}
{% endif %}
{% if afi_config.sid.vpn.export is vyos_defined %}
sid vpn export {{ afi_config.sid.vpn.export }}
{% endif %}
{% if afi_config.vni is vyos_defined %}
{% for vni, vni_config in afi_config.vni.items() %}
vni {{ vni }}
{% if vni_config.advertise_default_gw is vyos_defined %}
advertise-default-gw
{% endif %}
{% if vni_config.advertise_svi_ip is vyos_defined %}
advertise-svi-ip
{% endif %}
{% if vni_config.rd is vyos_defined %}
rd {{ vni_config.rd }}
{% endif %}
{% if vni_config.route_target.both is vyos_defined %}
{% for route_target in vni_config.route_target.both %}
route-target both {{ route_target }}
{% endfor %}
{% endif %}
{% if vni_config.route_target.export is vyos_defined %}
{% for route_target in vni_config.route_target.export %}
route-target export {{ route_target }}
{% endfor %}
{% endif %}
{% if vni_config.route_target.import is vyos_defined %}
{% for route_target in vni_config.route_target.import %}
route-target import {{ route_target }}
{% endfor %}
{% endif %}
exit-vni
{% endfor %}
{% endif %}
exit-address-family
!
{% endfor %}
{% endif %}
!
{% if bmp is vyos_defined %}
{% if bmp.mirror_buffer_limit is vyos_defined %}
bmp mirror buffer-limit {{ bmp.mirror_buffer_limit }}
!
{% endif %}
{% if bmp.target is vyos_defined %}
{% for bmp, bmp_config in bmp.target.items() %}
bmp targets {{ bmp }}
{% if bmp_config.mirror is vyos_defined %}
bmp mirror
{% endif %}
{% if bmp_config.monitor is vyos_defined %}
{% if bmp_config.monitor.ipv4_unicast.pre_policy is vyos_defined %}
bmp monitor ipv4 unicast pre-policy
{% endif %}
{% if bmp_config.monitor.ipv4_unicast.post_policy is vyos_defined %}
bmp monitor ipv4 unicast post-policy
{% endif %}
{% if bmp_config.monitor.ipv6_unicast.pre_policy is vyos_defined %}
bmp monitor ipv6 unicast pre-policy
{% endif %}
{% if bmp_config.monitor.ipv6_unicast.post_policy is vyos_defined %}
bmp monitor ipv6 unicast post-policy
{% endif %}
{% endif %}
{% if bmp_config.address is vyos_defined %}
bmp connect {{ bmp_config.address }} port {{ bmp_config.port }} min-retry {{ bmp_config.min_retry }} max-retry {{ bmp_config.max_retry }}
{% endif %}
{% endfor %}
exit
{% endif %}
{% endif %}
{% if peer_group is vyos_defined %}
{% for peer, config in peer_group.items() %}
{{ bgp_neighbor(peer, config, true) }}
{% endfor %}
{% endif %}
!
{% if neighbor is vyos_defined %}
{% for peer, config in neighbor.items() %}
{{ bgp_neighbor(peer, config) }}
{% endfor %}
{% endif %}
!
{% if listen.limit is vyos_defined %}
bgp listen limit {{ listen.limit }}
{% endif %}
{% if listen.range is vyos_defined %}
{% for prefix, options in listen.range.items() %}
{% if options.peer_group is vyos_defined %}
bgp listen range {{ prefix }} peer-group {{ options.peer_group }}
{% endif %}
{% endfor %}
{% endif %}
{% if parameters.allow_martian_nexthop is vyos_defined %}
bgp allow-martian-nexthop
{% endif %}
{% if parameters.always_compare_med is vyos_defined %}
bgp always-compare-med
{% endif %}
{% if parameters.bestpath.as_path is vyos_defined %}
{% for option in parameters.bestpath.as_path %}
{# replace is required for multipath-relax option #}
bgp bestpath as-path {{ option | replace('_', '-') }}
{% endfor %}
{% endif %}
{% if parameters.bestpath.bandwidth is vyos_defined %}
bgp bestpath bandwidth {{ parameters.bestpath.bandwidth }}
{% endif %}
{% if parameters.bestpath.compare_routerid is vyos_defined %}
bgp bestpath compare-routerid
{% endif %}
{% if parameters.bestpath.med is vyos_defined %}
bgp bestpath med {{ parameters.bestpath.med | join(' ') | replace('_', '-') }}
{% endif %}
{% if parameters.bestpath.peer_type is vyos_defined %}
bgp bestpath peer-type {{ 'multipath-relax' if parameters.bestpath.peer_type.multipath_relax is vyos_defined }}
{% endif %}
{% if parameters.cluster_id is vyos_defined %}
bgp cluster-id {{ parameters.cluster_id }}
{% endif %}
{% if parameters.conditional_advertisement.timer is vyos_defined %}
bgp conditional-advertisement timer {{ parameters.conditional_advertisement.timer }}
{% endif %}
{% if parameters.confederation.identifier is vyos_defined %}
bgp confederation identifier {{ parameters.confederation.identifier }}
{% endif %}
{% if parameters.confederation.peers is vyos_defined %}
bgp confederation peers {{ parameters.confederation.peers | join(' ') }}
{% endif %}
{% if parameters.dampening.half_life is vyos_defined %}
{# Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #}
bgp dampening {{ parameters.dampening.half_life }} {{ parameters.dampening.re_use if parameters.dampening.re_use is vyos_defined }} {{ parameters.dampening.start_suppress_time if parameters.dampening.start_suppress_time is vyos_defined }} {{ parameters.dampening.max_suppress_time if parameters.dampening.max_suppress_time is vyos_defined }}
{% endif %}
{% if parameters.default.local_pref is vyos_defined %}
bgp default local-preference {{ parameters.default.local_pref }}
{% endif %}
{% if parameters.deterministic_med is vyos_defined %}
bgp deterministic-med
{% endif %}
{% if parameters.distance.global.external is vyos_defined and parameters.distance.global.internal is vyos_defined and parameters.distance.global.local is vyos_defined %}
distance bgp {{ parameters.distance.global.external }} {{ parameters.distance.global.internal }} {{ parameters.distance.global.local }}
{% endif %}
{% if parameters.distance.prefix is vyos_defined %}
{% for prefix in parameters.distance.prefix %}
distance {{ parameters.distance.prefix[prefix].distance }} {{ prefix }}
{% endfor %}
{% endif %}
{% if parameters.fast_convergence is vyos_defined %}
bgp fast-convergence
{% endif %}
{% if parameters.graceful_restart is vyos_defined %}
bgp graceful-restart {{ 'stalepath-time ' ~ parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is vyos_defined }}
{% endif %}
{% if parameters.graceful_shutdown is vyos_defined %}
bgp graceful-shutdown
{% endif %}
{% if parameters.no_hard_administrative_reset is vyos_defined %}
no bgp hard-administrative-reset
{% endif %}
{% if parameters.labeled_unicast is vyos_defined %}
bgp labeled-unicast {{ parameters.labeled_unicast }}
{% endif %}
{% if parameters.log_neighbor_changes is vyos_defined %}
bgp log-neighbor-changes
{% endif %}
{% if parameters.minimum_holdtime is vyos_defined %}
bgp minimum-holdtime {{ parameters.minimum_holdtime }}
{% endif %}
{% if parameters.network_import_check is vyos_defined %}
bgp network import-check
{% endif %}
{% if parameters.route_reflector_allow_outbound_policy is vyos_defined %}
bgp route-reflector allow-outbound-policy
{% endif %}
{% if parameters.no_client_to_client_reflection is vyos_defined %}
no bgp client-to-client reflection
{% endif %}
{% if parameters.no_fast_external_failover is vyos_defined %}
no bgp fast-external-failover
{% endif %}
{% if parameters.no_suppress_duplicates is vyos_defined %}
no bgp suppress-duplicates
{% endif %}
{% if parameters.reject_as_sets is vyos_defined %}
bgp reject-as-sets
{% endif %}
{% if parameters.router_id is vyos_defined and parameters.router_id is not none %}
bgp router-id {{ parameters.router_id }}
{% endif %}
{% if parameters.shutdown is vyos_defined %}
bgp shutdown
{% endif %}
{% if parameters.suppress_fib_pending is vyos_defined %}
bgp suppress-fib-pending
{% endif %}
{% if parameters.tcp_keepalive.idle is vyos_defined and parameters.tcp_keepalive.interval is vyos_defined and parameters.tcp_keepalive.probes is vyos_defined %}
bgp tcp-keepalive {{ parameters.tcp_keepalive.idle }} {{ parameters.tcp_keepalive.interval }} {{ parameters.tcp_keepalive.probes }}
{% endif %}
{% if srv6.locator is vyos_defined %}
segment-routing srv6
locator {{ srv6.locator }}
exit
{% endif %}
{% if sid.vpn.per_vrf.export is vyos_defined %}
sid vpn per-vrf export {{ sid.vpn.per_vrf.export }}
{% endif %}
{% if timers.keepalive is vyos_defined and timers.holdtime is vyos_defined %}
timers bgp {{ timers.keepalive }} {{ timers.holdtime }}
{% endif %}
exit
!
{% if interface is vyos_defined %}
{% for iface, iface_config in interface.items() %}
interface {{ iface }}
{% if iface_config.mpls.forwarding is vyos_defined %}
mpls bgp forwarding
{% endif %}
exit
!
{% endfor %}
{% endif %}
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index ea6e75bbd..ca67eaf3c 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -1,1838 +1,1862 @@
<!-- include start from bgp/protocol-common-config.xml.i -->
<node name="address-family">
<properties>
<help>BGP address-family parameters</help>
</properties>
<children>
<node name="ipv4-unicast">
<properties>
<help>IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP aggregate network</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
#include <include/bgp/afi-export-import.xml.i>
#include <include/bgp/afi-label.xml.i>
#include <include/bgp/afi-maximum-paths.xml.i>
<tagNode name="network">
<properties>
<help>BGP network</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP network</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Network as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
#include <include/bgp/afi-rd.xml.i>
#include <include/bgp/afi-route-map-vpn.xml.i>
#include <include/bgp/afi-route-target-vpn.xml.i>
#include <include/bgp/afi-nexthop-vpn-export.xml.i>
<node name="redistribute">
<properties>
<help>Redistribute routes from other protocols into BGP</help>
</properties>
<children>
<node name="connected">
<properties>
<help>Redistribute connected routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="isis">
<properties>
<help>Redistribute IS-IS routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="kernel">
<properties>
<help>Redistribute kernel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="ospf">
<properties>
<help>Redistribute OSPF routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="rip">
<properties>
<help>Redistribute RIP routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="babel">
<properties>
<help>Redistribute Babel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="static">
<properties>
<help>Redistribute static routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<leafNode name="table">
<properties>
<help>Redistribute non-main Kernel Routing Table</help>
</properties>
</leafNode>
</children>
</node>
#include <include/bgp/afi-sid.xml.i>
</children>
</node>
<node name="ipv4-multicast">
<properties>
<help>Multicast IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into multicast IPv4 RIB</help>
<valueHelp>
<format>ipv4net</format>
<description>Multicast IPv4 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Use BGP network/prefix as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv4-labeled-unicast">
<properties>
<help>Labeled Unicast IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into labeled unicast IPv4 RIB</help>
<valueHelp>
<format>ipv4net</format>
<description>Labeled Unicast IPv4 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Use BGP network/prefix as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
#include <include/bgp/afi-maximum-paths.xml.i>
</children>
</node>
<node name="ipv4-flowspec">
<properties>
<help>Flowspec IPv4 BGP settings</help>
</properties>
<children>
<node name="local-install">
<properties>
<help>Apply local policy routing to interface</help>
</properties>
<children>
#include <include/generic-interface-multi.xml.i>
</children>
</node>
</children>
</node>
<node name="ipv4-vpn">
<properties>
<help>Unicast VPN IPv4 BGP settings</help>
</properties>
<children>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into unicast VPN IPv4 RIB</help>
<valueHelp>
<format>ipv4net</format>
<description>Unicast VPN IPv4 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/route-distinguisher.xml.i>
#include <include/bgp/afi-vpn-label.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv6-unicast">
<properties>
<help>IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network</help>
<valueHelp>
<format>ipv6net</format>
<description>Aggregate network</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
#include <include/bgp/afi-export-import.xml.i>
#include <include/bgp/afi-label.xml.i>
#include <include/bgp/afi-maximum-paths.xml.i>
<tagNode name="network">
<properties>
<help>BGP network</help>
<valueHelp>
<format>ipv6net</format>
<description>Aggregate network</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-path-limit.xml.i>
#include <include/route-map.xml.i>
</children>
</tagNode>
#include <include/bgp/afi-rd.xml.i>
#include <include/bgp/afi-route-map-vpn.xml.i>
#include <include/bgp/afi-route-target-vpn.xml.i>
#include <include/bgp/afi-nexthop-vpn-export.xml.i>
<node name="redistribute">
<properties>
<help>Redistribute routes from other protocols into BGP</help>
</properties>
<children>
<node name="connected">
<properties>
<help>Redistribute connected routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="kernel">
<properties>
<help>Redistribute kernel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="ospfv3">
<properties>
<help>Redistribute OSPFv3 routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="ripng">
<properties>
<help>Redistribute RIPng routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="babel">
<properties>
<help>Redistribute Babel routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<node name="static">
<properties>
<help>Redistribute static routes into BGP</help>
</properties>
<children>
#include <include/bgp/afi-redistribute-metric-route-map.xml.i>
</children>
</node>
<leafNode name="table">
<properties>
<help>Redistribute non-main Kernel Routing Table</help>
</properties>
</leafNode>
</children>
</node>
#include <include/bgp/afi-sid.xml.i>
</children>
</node>
<node name="ipv6-multicast">
<properties>
<help>Multicast IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<node name="distance">
<properties>
<help>Administrative distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>eBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>eBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>iBGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>iBGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Locally originated BGP routes administrative distance</help>
<valueHelp>
<format>u32:1-255</format>
<description>Locally originated BGP routes administrative distance</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into multicast IPv6 RIB</help>
<valueHelp>
<format>ipv6net</format>
<description>Multicast IPv6 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-path-limit.xml.i>
#include <include/route-map.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv6-labeled-unicast">
<properties>
<help>Labeled Unicast IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="aggregate-address">
<properties>
<help>BGP aggregate network/prefix</help>
<valueHelp>
<format>ipv6net</format>
<description>BGP aggregate network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-aggregate-address.xml.i>
</children>
</tagNode>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into labeled unicast IPv6 RIB</help>
<valueHelp>
<format>ipv6net</format>
<description>Labeled Unicast IPv6 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="backdoor">
<properties>
<help>Use BGP network/prefix as a backdoor route</help>
<valueless/>
</properties>
</leafNode>
#include <include/route-map.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="ipv6-flowspec">
<properties>
<help>Flowspec IPv6 BGP settings</help>
</properties>
<children>
<node name="local-install">
<properties>
<help>Apply local policy routing to interface</help>
</properties>
<children>
<leafNode name="interface">
<properties>
<help>Interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
<multi/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<node name="ipv6-vpn">
<properties>
<help>Unicast VPN IPv6 BGP settings</help>
</properties>
<children>
<tagNode name="network">
<properties>
<help>Import BGP network/prefix into unicast VPN IPv6 RIB</help>
<valueHelp>
<format>ipv6net</format>
<description>Unicast VPN IPv6 BGP network/prefix</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/route-distinguisher.xml.i>
#include <include/bgp/afi-vpn-label.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="l2vpn-evpn">
<properties>
<help>L2VPN EVPN BGP settings</help>
</properties>
<children>
<node name="advertise">
<properties>
<help>Advertise prefix routes</help>
</properties>
<children>
<node name="ipv4">
<properties>
<help>IPv4 address family</help>
</properties>
<children>
#include <include/bgp/afi-l2vpn-advertise.xml.i>
</children>
</node>
<node name="ipv6">
<properties>
<help>IPv6 address family</help>
</properties>
<children>
#include <include/bgp/afi-l2vpn-advertise.xml.i>
</children>
</node>
</children>
</node>
<leafNode name="advertise-all-vni">
<properties>
<help>Advertise All local VNIs</help>
<valueless/>
</properties>
</leafNode>
#include <include/bgp/afi-l2vpn-common.xml.i>
<leafNode name="advertise-pip">
<properties>
<help>EVPN system primary IP</help>
<valueHelp>
<format>ipv4</format>
<description>IP address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="rt-auto-derive">
<properties>
<help>Auto derivation of Route Target (RFC8365)</help>
<valueless/>
</properties>
</leafNode>
<node name="default-originate">
<properties>
<help>Originate a default route</help>
</properties>
<children>
<leafNode name="ipv4">
<properties>
<help>IPv4 address family</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ipv6">
<properties>
<help>IPv6 address family</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="disable-ead-evi-rx">
<properties>
<help>Activate PE on EAD-ES even if EAD-EVI is not received</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="disable-ead-evi-tx">
<properties>
<help>Do not advertise EAD-EVI for local ESs</help>
<valueless/>
</properties>
</leafNode>
<node name="ead-es-frag">
<properties>
<help>EAD ES fragment config</help>
</properties>
<children>
<leafNode name="evi-limit">
<properties>
<help>EVIs per-fragment</help>
<valueHelp>
<format>u32:1-1000</format>
<description>limit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-1000"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<node name="ead-es-route-target">
<properties>
<help>EAD ES Route Target</help>
</properties>
<children>
<leafNode name="export">
<properties>
<help>Route Target export</help>
<valueHelp>
<format>txt</format>
<description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description>
</valueHelp>
<constraint>
<validator name="bgp-rd-rt" argument="--route-target-multi"/>
</constraint>
<multi/>
</properties>
</leafNode>
</children>
</node>
<node name="flooding">
<properties>
<help>Specify handling for BUM packets</help>
</properties>
<children>
#include <include/generic-disable-node.xml.i>
<leafNode name="head-end-replication">
<properties>
<help>Flood BUM packets using head-end replication</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
+ <node name="mac-vrf">
+ <properties>
+ <help>EVPN MAC-VRF</help>
+ </properties>
+ <children>
+ <leafNode name="soo">
+ <properties>
+ <help>Site-of-Origin extended community</help>
+ <valueHelp>
+ <format>ASN:NN</format>
+ <description>based on autonomous system number in format <0-65535:0-4294967295></description>
+ </valueHelp>
+ <valueHelp>
+ <format>IP:NN</format>
+ <description>Based on a router-id IP address in format <IP:0-65535></description>
+ </valueHelp>
+ <constraint>
+ <validator name="bgp-extended-community"/>
+ </constraint>
+ <constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<tagNode name="vni">
<properties>
<help>VXLAN Network Identifier</help>
<valueHelp>
<format>u32:1-16777215</format>
<description>VNI number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-16777215"/>
</constraint>
</properties>
<children>
#include <include/bgp/afi-l2vpn-common.xml.i>
</children>
</tagNode>
</children>
</node>
</children>
</node>
<node name="bmp">
<properties>
<help>BGP Monitoring Protocol (BMP)</help>
</properties>
<children>
<leafNode name="mirror-buffer-limit">
<properties>
<help>Maximum memory used for buffered mirroring messages (in bytes)</help>
<valueHelp>
<format>u32:0-4294967294</format>
<description>Limit in bytes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967294"/>
</constraint>
</properties>
</leafNode>
<tagNode name="target">
<properties>
<help>BMP target</help>
</properties>
<children>
#include <include/address-ipv4-ipv6-single.xml.i>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>5000</defaultValue>
</leafNode>
<leafNode name="min-retry">
<properties>
<help>Minimum connection retry interval (in milliseconds)</help>
<valueHelp>
<format>u32:100-86400000</format>
<description>Minimum connection retry interval</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 100-86400000"/>
</constraint>
</properties>
<defaultValue>1000</defaultValue>
</leafNode>
<leafNode name="max-retry">
<properties>
<help>Maximum connection retry interval</help>
<valueHelp>
<format>u32:100-4294967295</format>
<description>Maximum connection retry interval</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 100-86400000"/>
</constraint>
</properties>
<defaultValue>2000</defaultValue>
</leafNode>
<leafNode name="mirror">
<properties>
<help>Send BMP route mirroring messages</help>
<valueless/>
</properties>
</leafNode>
<node name="monitor">
<properties>
<help>Send BMP route monitoring messages</help>
</properties>
<children>
<node name="ipv4-unicast">
<properties>
<help>Address family IPv4 unicast</help>
</properties>
<children>
#include <include/bgp/bmp-monitor-afi-policy.xml.i>
</children>
</node>
<node name="ipv6-unicast">
<properties>
<help>Address family IPv6 unicast</help>
</properties>
<children>
#include <include/bgp/bmp-monitor-afi-policy.xml.i>
</children>
</node>
</children>
</node>
</children>
</tagNode>
</children>
</node>
<tagNode name="interface">
<properties>
<help>Configure interface related parameters, e.g. MPLS</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
<valueHelp>
<format>txt</format>
<description>Interface name</description>
</valueHelp>
<constraint>
#include <include/constraint/interface-name.xml.i>
</constraint>
</properties>
<children>
<node name="mpls">
<properties>
<help>MPLS options</help>
</properties>
<children>
<leafNode name="forwarding">
<properties>
<help>Enable MPLS forwarding for eBGP directly connected peers</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</tagNode>
<node name="listen">
<properties>
<help>Listen for and accept BGP dynamic neighbors from range</help>
</properties>
<children>
<leafNode name="limit">
<properties>
<help>Maximum number of dynamic neighbors that can be created</help>
<valueHelp>
<format>u32:1-5000</format>
<description>BGP neighbor limit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-5000"/>
</constraint>
</properties>
</leafNode>
<tagNode name="range">
<properties>
<help>BGP dynamic neighbors listen range</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 dynamic neighbors listen range</description>
</valueHelp>
<valueHelp>
<format>ipv6net</format>
<description>IPv6 dynamic neighbors listen range</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
<children>
#include <include/bgp/peer-group.xml.i>
</children>
</tagNode>
</children>
</node>
<leafNode name="system-as">
<properties>
<help>Autonomous System Number (ASN)</help>
<valueHelp>
<format>u32:1-4294967294</format>
<description>Autonomous System Number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4294967294"/>
</constraint>
</properties>
</leafNode>
<tagNode name="neighbor">
<properties>
<help>BGP neighbor</help>
<valueHelp>
<format>ipv4</format>
<description>BGP neighbor IP address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>BGP neighbor IPv6 address</description>
</valueHelp>
<valueHelp>
<format>txt</format>
<description>Interface name</description>
</valueHelp>
<constraint>
<validator name="ip-address"/>
#include <include/constraint/interface-name.xml.i>
</constraint>
</properties>
<children>
<node name="address-family">
<properties>
<help>Address-family parameters</help>
</properties>
<children>
#include <include/bgp/neighbor-afi-ipv4-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-vpn.xml.i>
#include <include/bgp/neighbor-afi-ipv6-vpn.xml.i>
#include <include/bgp/neighbor-afi-ipv4-flowspec.xml.i>
#include <include/bgp/neighbor-afi-ipv6-flowspec.xml.i>
#include <include/bgp/neighbor-afi-ipv4-multicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-multicast.xml.i>
#include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i>
</children>
</node>
<leafNode name="advertisement-interval">
<properties>
<help>Minimum interval for sending routing updates</help>
<valueHelp>
<format>u32:0-600</format>
<description>Advertisement interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-600"/>
</constraint>
</properties>
</leafNode>
#include <include/generic-description.xml.i>
#include <include/bgp/neighbor-bfd.xml.i>
#include <include/bgp/neighbor-capability.xml.i>
#include <include/bgp/neighbor-disable-capability-negotiation.xml.i>
#include <include/bgp/neighbor-disable-connected-check.xml.i>
#include <include/bgp/neighbor-ebgp-multihop.xml.i>
#include <include/bgp/neighbor-graceful-restart.xml.i>
<node name="interface">
<properties>
<help>Interface parameters</help>
</properties>
<children>
#include <include/bgp/peer-group.xml.i>
#include <include/bgp/remote-as.xml.i>
#include <include/source-interface.xml.i>
<node name="v6only">
<properties>
<help>Enable BGP with v6 link-local only</help>
</properties>
<children>
#include <include/bgp/peer-group.xml.i>
#include <include/bgp/remote-as.xml.i>
</children>
</node>
</children>
</node>
#include <include/bgp/neighbor-local-as.xml.i>
#include <include/bgp/neighbor-local-role.xml.i>
#include <include/bgp/neighbor-override-capability.xml.i>
#include <include/bgp/neighbor-path-attribute.xml.i>
#include <include/bgp/neighbor-passive.xml.i>
#include <include/bgp/neighbor-password.xml.i>
#include <include/bgp/peer-group.xml.i>
#include <include/bgp/remote-as.xml.i>
#include <include/bgp/neighbor-shutdown.xml.i>
<leafNode name="solo">
<properties>
<help>Do not send back prefixes learned from the neighbor</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="enforce-first-as">
<properties>
<help>Ensure the first AS in the AS path matches the peer AS</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="strict-capability-match">
<properties>
<help>Enable strict capability negotiation</help>
<valueless/>
</properties>
</leafNode>
<node name="timers">
<properties>
<help>Neighbor timers</help>
</properties>
<children>
<leafNode name="connect">
<properties>
<help>BGP connect timer for this neighbor</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Connect timer in seconds</description>
</valueHelp>
<valueHelp>
<format>0</format>
<description>Disable connect timer</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
</leafNode>
#include <include/bgp/timers-holdtime.xml.i>
#include <include/bgp/timers-keepalive.xml.i>
</children>
</node>
#include <include/bgp/neighbor-ttl-security.xml.i>
#include <include/bgp/neighbor-update-source.xml.i>
#include <include/port-number.xml.i>
</children>
</tagNode>
<node name="parameters">
<properties>
<help>BGP parameters</help>
</properties>
<children>
<leafNode name="allow-martian-nexthop">
<properties>
<help>Allow Martian nexthops to be received in the NLRI from a peer</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="always-compare-med">
<properties>
<help>Always compare MEDs from different neighbors</help>
<valueless/>
</properties>
</leafNode>
<node name="bestpath">
<properties>
<help>Default bestpath selection mechanism</help>
</properties>
<children>
<node name="as-path">
<properties>
<help>AS-path attribute comparison parameters</help>
</properties>
<children>
<leafNode name="confed">
<properties>
<help>Compare AS-path lengths including confederation sets and sequences</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ignore">
<properties>
<help>Ignore AS-path length in selecting a route</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="multipath-relax">
<properties>
<help>Allow load sharing across routes that have different AS paths (but same length)</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="bandwidth">
<properties>
<help>Link Bandwidth attribute</help>
<completionHelp>
<list>default-weight-for-missing ignore skip-missing</list>
</completionHelp>
<valueHelp>
<format>default-weight-for-missing</format>
<description>Assign low default weight (1) to paths not having link bandwidth</description>
</valueHelp>
<valueHelp>
<format>ignore</format>
<description>Ignore link bandwidth (do regular ECMP, not weighted)</description>
</valueHelp>
<valueHelp>
<format>skip-missing</format>
<description>Ignore paths without link bandwidth for ECMP (if other paths have it)</description>
</valueHelp>
<constraint>
<regex>(default-weight-for-missing|ignore|skip-missing)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="compare-routerid">
<properties>
<help>Compare the router-id for identical EBGP paths</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="med">
<properties>
<help>MED attribute comparison parameters</help>
<completionHelp>
<list>confed missing-as-worst</list>
</completionHelp>
<valueHelp>
<format>confed</format>
<description>Compare MEDs among confederation paths</description>
</valueHelp>
<valueHelp>
<format>missing-as-worst</format>
<description>Treat missing route as a MED as the least preferred one</description>
</valueHelp>
<constraint>
<regex>(confed|missing-as-worst)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<node name="peer-type">
<properties>
<help>Peer type</help>
</properties>
<children>
<leafNode name="multipath-relax">
<properties>
<help>Allow load sharing across routes learned from different peer types</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<leafNode name="cluster-id">
<properties>
<help>Route-reflector cluster-id</help>
<valueHelp>
<format>ipv4</format>
<description>Route-reflector cluster-id</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<node name="confederation">
<properties>
<help>AS confederation parameters</help>
</properties>
<children>
<leafNode name="identifier">
<properties>
<help>Confederation AS identifier</help>
<valueHelp>
<format>u32:1-4294967294</format>
<description>Confederation AS id</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4294967294"/>
</constraint>
</properties>
</leafNode>
<leafNode name="peers">
<properties>
<help>Peer ASs in the BGP confederation</help>
<valueHelp>
<format>u32:1-4294967294</format>
<description>Peer AS number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4294967294"/>
</constraint>
<multi/>
</properties>
</leafNode>
</children>
</node>
<node name="conditional-advertisement">
<properties>
<help>Conditional advertisement settings</help>
</properties>
<children>
<leafNode name="timer">
<properties>
<help>Set period to rescan BGP table to check if condition is met</help>
<valueHelp>
<format>u32:5-240</format>
<description>Period to rerun the conditional advertisement scanner process</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 5-240"/>
</constraint>
</properties>
<defaultValue>60</defaultValue>
</leafNode>
</children>
</node>
<node name="dampening">
<properties>
<help>Enable route-flap dampening</help>
</properties>
<children>
<leafNode name="half-life">
<properties>
<help>Half-life time for dampening</help>
<valueHelp>
<format>u32:1-45</format>
<description>Half-life penalty in minutes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-45"/>
</constraint>
</properties>
</leafNode>
<leafNode name="max-suppress-time">
<properties>
<help>Maximum duration to suppress a stable route</help>
<valueHelp>
<format>u32:1-255</format>
<description>Maximum suppress duration in minutes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="re-use">
<properties>
<help>Threshold to start reusing a route</help>
<valueHelp>
<format>u32:1-20000</format>
<description>Re-use penalty points</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-20000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="start-suppress-time">
<properties>
<help>When to start suppressing a route</help>
<valueHelp>
<format>u32:1-20000</format>
<description>Start-suppress penalty points</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-20000"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<node name="default">
<properties>
<help>BGP defaults</help>
</properties>
<children>
<leafNode name="local-pref">
<properties>
<help>Default local preference</help>
<valueHelp>
<format>u32</format>
<description>Local preference</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="deterministic-med">
<properties>
<help>Compare MEDs between different peers in the same AS</help>
<valueless/>
</properties>
</leafNode>
<node name="distance">
<properties>
<help>Administratives distances for BGP routes</help>
</properties>
<children>
<node name="global">
<properties>
<help>Global administratives distances for BGP routes</help>
</properties>
<children>
<leafNode name="external">
<properties>
<help>Administrative distance for external BGP routes</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="internal">
<properties>
<help>Administrative distance for internal BGP routes</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for internal BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local">
<properties>
<help>Administrative distance for local BGP routes</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for internal BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<tagNode name="prefix">
<properties>
<help>Administrative distance for a specific BGP prefix</help>
<valueHelp>
<format>ipv4net</format>
<description>Administrative distance for a specific BGP prefix</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Administrative distance for prefix</help>
<valueHelp>
<format>u32:1-255</format>
<description>Administrative distance for external BGP routes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
<leafNode name="ebgp-requires-policy">
<properties>
<help>Require in and out policy for eBGP peers (RFC8212)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="fast-convergence">
<properties>
<help>Teardown sessions immediately whenever peer becomes unreachable</help>
<valueless/>
</properties>
</leafNode>
<node name="graceful-restart">
<properties>
<help>Graceful restart capability parameters</help>
</properties>
<children>
<leafNode name="stalepath-time">
<properties>
<help>Maximum time to hold onto restarting neighbors stale paths</help>
<valueHelp>
<format>u32:1-3600</format>
<description>Hold time in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-3600"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="graceful-shutdown">
<properties>
<help>Graceful shutdown</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-hard-administrative-reset">
<properties>
<help>Do not send hard reset CEASE Notification for 'Administrative Reset'</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="labeled-unicast">
<properties>
<help>BGP Labeled-unicast options</help>
<completionHelp>
<list>explicit-null ipv4-explicit-null ipv6-explicit-null</list>
</completionHelp>
<valueHelp>
<format>explicit-null</format>
<description>Use explicit-null label values for all local prefixes</description>
</valueHelp>
<valueHelp>
<format>ipv4-explicit-null</format>
<description>Use IPv4 explicit-null label value for IPv4 local prefixes</description>
</valueHelp>
<valueHelp>
<format>ipv6-explicit-null</format>
<description>Use IPv6 explicit-null label value for IPv4 local prefixes</description>
</valueHelp>
<constraint>
<regex>(explicit-null|ipv4-explicit-null|ipv6-explicit-null)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="log-neighbor-changes">
<properties>
<help>Log neighbor up/down changes and reset reason</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="minimum-holdtime">
<properties>
<help>BGP minimum holdtime</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Minimum holdtime in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="network-import-check">
<properties>
<help>Enable IGP route check for network statements</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="route-reflector-allow-outbound-policy">
<properties>
<help>Route reflector client allow policy outbound</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-client-to-client-reflection">
<properties>
<help>Disable client to client route reflection</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-fast-external-failover">
<properties>
<help>Disable immediate session reset on peer link down event</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-suppress-duplicates">
<properties>
<help>Disable suppress duplicate updates if the route actually not changed</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="reject-as-sets">
<properties>
<help>Reject routes with AS_SET or AS_CONFED_SET flag</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="shutdown">
<properties>
<help>Administrative shutdown of the BGP instance</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="suppress-fib-pending">
<properties>
<help>Advertise only routes that are programmed in kernel to peers</help>
<valueless/>
</properties>
</leafNode>
#include <include/router-id.xml.i>
<node name="tcp-keepalive">
<properties>
<help>TCP keepalive parameters</help>
</properties>
<children>
<leafNode name="idle">
<properties>
<help>TCP keepalive idle time</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Idle time in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="interval">
<properties>
<help>TCP keepalive interval</help>
<valueHelp>
<format>u32:1-65535</format>
<description>Interval in seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="probes">
<properties>
<help>TCP keepalive maximum probes</help>
<valueHelp>
<format>u32:1-30</format>
<description>Maximum probes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-30"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<tagNode name="peer-group">
<properties>
<help>Name of peer-group</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
</properties>
<children>
<node name="address-family">
<properties>
<help>Address-family parameters</help>
</properties>
<children>
#include <include/bgp/neighbor-afi-ipv4-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-vpn.xml.i>
#include <include/bgp/neighbor-afi-ipv6-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-vpn.xml.i>
#include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i>
</children>
</node>
#include <include/generic-description.xml.i>
#include <include/bgp/neighbor-bfd.xml.i>
#include <include/bgp/neighbor-capability.xml.i>
#include <include/bgp/neighbor-disable-capability-negotiation.xml.i>
#include <include/bgp/neighbor-disable-connected-check.xml.i>
#include <include/bgp/neighbor-ebgp-multihop.xml.i>
#include <include/bgp/neighbor-graceful-restart.xml.i>
#include <include/bgp/neighbor-graceful-restart.xml.i>
#include <include/bgp/neighbor-local-as.xml.i>
#include <include/bgp/neighbor-local-role.xml.i>
#include <include/bgp/neighbor-override-capability.xml.i>
#include <include/bgp/neighbor-path-attribute.xml.i>
#include <include/bgp/neighbor-passive.xml.i>
#include <include/bgp/neighbor-password.xml.i>
#include <include/bgp/neighbor-shutdown.xml.i>
#include <include/bgp/neighbor-ttl-security.xml.i>
#include <include/bgp/neighbor-update-source.xml.i>
#include <include/bgp/remote-as.xml.i>
#include <include/port-number.xml.i>
</children>
</tagNode>
<node name="srv6">
<properties>
<help>Segment-Routing SRv6 configuration</help>
</properties>
<children>
<leafNode name="locator">
<properties>
<help>Specify SRv6 locator</help>
<valueHelp>
<format>txt</format>
<description>SRv6 locator name</description>
</valueHelp>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
</properties>
</leafNode>
</children>
</node>
<node name="sid">
<properties>
<help>SID value for VRF</help>
</properties>
<children>
<node name="vpn">
<properties>
<help>Between current VRF and VPN</help>
</properties>
<children>
<node name="per-vrf">
<properties>
<help>SID per-VRF (both IPv4 and IPv6 address families)</help>
</properties>
<children>
<leafNode name="export">
<properties>
<help>For routes leaked from current VRF to VPN</help>
<completionHelp>
<list>auto</list>
</completionHelp>
<valueHelp>
<format>u32:1-1048575</format>
<description>SID allocation index</description>
</valueHelp>
<valueHelp>
<format>auto</format>
<description>Automatically assign a label</description>
</valueHelp>
<constraint>
<regex>auto</regex>
<validator name="numeric" argument="--range 1-1048575"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="timers">
<properties>
<help>BGP protocol timers</help>
</properties>
<children>
#include <include/bgp/timers-holdtime.xml.i>
#include <include/bgp/timers-keepalive.xml.i>
</children>
</node>
<!-- include end -->
diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py
index 08a6e1696..db49db98f 100755
--- a/smoketest/scripts/cli/test_protocols_bgp.py
+++ b/smoketest/scripts/cli/test_protocols_bgp.py
@@ -1,1291 +1,1293 @@
#!/usr/bin/env python3
#
# Copyright (C) 2021-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from time import sleep
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.ifconfig import Section
from vyos.configsession import ConfigSessionError
from vyos.template import is_ipv6
from vyos.utils.process import process_named_running
from vyos.utils.process import cmd
PROCESS_NAME = 'bgpd'
ASN = '64512'
base_path = ['protocols', 'bgp']
route_map_in = 'foo-map-in'
route_map_out = 'foo-map-out'
prefix_list_in = 'pfx-foo-in'
prefix_list_out = 'pfx-foo-out'
prefix_list_in6 = 'pfx-foo-in6'
prefix_list_out6 = 'pfx-foo-out6'
bfd_profile = 'foo-bar-baz'
import_afi = 'ipv4-unicast'
import_vrf = 'red'
import_rd = ASN + ':100'
import_vrf_base = ['vrf', 'name']
neighbor_config = {
'192.0.2.1' : {
'bfd' : '',
'cap_dynamic' : '',
'cap_ext_next' : '',
'cap_ext_sver' : '',
'remote_as' : '100',
'adv_interv' : '400',
'passive' : '',
'password' : 'VyOS-Secure123',
'shutdown' : '',
'cap_over' : '',
'ttl_security' : '5',
'system_as' : '300',
'route_map_in' : route_map_in,
'route_map_out' : route_map_out,
'no_send_comm_ext' : '',
'addpath_all' : '',
'p_attr_discard' : '123',
},
'192.0.2.2' : {
'bfd_profile' : bfd_profile,
'remote_as' : '200',
'shutdown' : '',
'no_cap_nego' : '',
'port' : '667',
'cap_strict' : '',
'advertise_map' : route_map_in,
'non_exist_map' : route_map_out,
'pfx_list_in' : prefix_list_in,
'pfx_list_out' : prefix_list_out,
'no_send_comm_std' : '',
'local_role' : 'rs-client',
'p_attr_taw' : '200',
},
'192.0.2.3' : {
'advertise_map' : route_map_in,
'description' : 'foo bar baz',
'remote_as' : '200',
'passive' : '',
'multi_hop' : '5',
'update_src' : 'lo',
'peer_group' : 'foo',
'graceful_rst' : '',
},
'2001:db8::1' : {
'advertise_map' : route_map_in,
'exist_map' : route_map_out,
'cap_dynamic' : '',
'cap_ext_next' : '',
'cap_ext_sver' : '',
'remote_as' : '123',
'adv_interv' : '400',
'passive' : '',
'password' : 'VyOS-Secure123',
'shutdown' : '',
'cap_over' : '',
'ttl_security' : '5',
'system_as' : '300',
'solo' : '',
'route_map_in' : route_map_in,
'route_map_out' : route_map_out,
'no_send_comm_std' : '',
'addpath_per_as' : '',
'peer_group' : 'foo-bar',
'local_role' : 'customer',
'local_role_strict': '',
},
'2001:db8::2' : {
'remote_as' : '456',
'shutdown' : '',
'no_cap_nego' : '',
'port' : '667',
'cap_strict' : '',
'pfx_list_in' : prefix_list_in6,
'pfx_list_out' : prefix_list_out6,
'no_send_comm_ext' : '',
'peer_group' : 'foo-bar_baz',
'graceful_rst_hlp' : '',
'disable_conn_chk' : '',
},
}
peer_group_config = {
'foo' : {
'advertise_map' : route_map_in,
'exist_map' : route_map_out,
'bfd' : '',
'remote_as' : '100',
'passive' : '',
'password' : 'VyOS-Secure123',
'shutdown' : '',
'cap_over' : '',
'ttl_security' : '5',
'disable_conn_chk' : '',
'p_attr_discard' : '250',
},
'bar' : {
'remote_as' : '111',
'graceful_rst_no' : '',
'port' : '667',
'p_attr_taw' : '126',
},
'foo-bar' : {
'advertise_map' : route_map_in,
'description' : 'foo peer bar group',
'remote_as' : '200',
'shutdown' : '',
'no_cap_nego' : '',
'system_as' : '300',
'pfx_list_in' : prefix_list_in,
'pfx_list_out' : prefix_list_out,
'no_send_comm_ext' : '',
},
'foo-bar_baz' : {
'advertise_map' : route_map_in,
'non_exist_map' : route_map_out,
'bfd_profile' : bfd_profile,
'cap_dynamic' : '',
'cap_ext_next' : '',
'remote_as' : '200',
'passive' : '',
'multi_hop' : '5',
'update_src' : 'lo',
'route_map_in' : route_map_in,
'route_map_out' : route_map_out,
'local_role' : 'peer',
'local_role_strict': '',
},
}
class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
@classmethod
def setUpClass(cls):
super(TestProtocolsBGP, cls).setUpClass()
# Retrieve FRR daemon PID - it is not allowed to crash, thus PID must remain the same
cls.daemon_pid = process_named_running(PROCESS_NAME)
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
cls.cli_delete(cls, base_path)
cls.cli_delete(cls, ['policy', 'route-map'])
cls.cli_delete(cls, ['policy', 'prefix-list'])
cls.cli_delete(cls, ['policy', 'prefix-list6'])
cls.cli_delete(cls, ['vrf'])
cls.cli_set(cls, ['policy', 'route-map', route_map_in, 'rule', '10', 'action', 'permit'])
cls.cli_set(cls, ['policy', 'route-map', route_map_out, 'rule', '10', 'action', 'permit'])
cls.cli_set(cls, ['policy', 'prefix-list', prefix_list_in, 'rule', '10', 'action', 'permit'])
cls.cli_set(cls, ['policy', 'prefix-list', prefix_list_in, 'rule', '10', 'prefix', '192.0.2.0/25'])
cls.cli_set(cls, ['policy', 'prefix-list', prefix_list_out, 'rule', '10', 'action', 'permit'])
cls.cli_set(cls, ['policy', 'prefix-list', prefix_list_out, 'rule', '10', 'prefix', '192.0.2.128/25'])
cls.cli_set(cls, ['policy', 'prefix-list6', prefix_list_in6, 'rule', '10', 'action', 'permit'])
cls.cli_set(cls, ['policy', 'prefix-list6', prefix_list_in6, 'rule', '10', 'prefix', '2001:db8:1000::/64'])
cls.cli_set(cls, ['policy', 'prefix-list6', prefix_list_out6, 'rule', '10', 'action', 'deny'])
cls.cli_set(cls, ['policy', 'prefix-list6', prefix_list_out6, 'rule', '10', 'prefix', '2001:db8:2000::/64'])
@classmethod
def tearDownClass(cls):
cls.cli_delete(cls, ['policy', 'route-map'])
cls.cli_delete(cls, ['policy', 'prefix-list'])
cls.cli_delete(cls, ['policy', 'prefix-list6'])
def setUp(self):
self.cli_set(base_path + ['system-as', ASN])
def tearDown(self):
# cleanup any possible VRF mess
self.cli_delete(['vrf'])
# always destrox the entire bgpd configuration to make the processes
# life as hard as possible
self.cli_delete(base_path)
self.cli_commit()
# check process health and continuity
self.assertEqual(self.daemon_pid, process_named_running(PROCESS_NAME))
def create_bgp_instances_for_import_test(self):
table = '1000'
self.cli_set(import_vrf_base + [import_vrf, 'table', table])
self.cli_set(import_vrf_base + [import_vrf, 'protocols', 'bgp', 'system-as', ASN])
def verify_frr_config(self, peer, peer_config, frrconfig):
# recurring patterns to verify for both a simple neighbor and a peer-group
if 'bfd' in peer_config:
self.assertIn(f' neighbor {peer} bfd', frrconfig)
if 'bfd_profile' in peer_config:
self.assertIn(f' neighbor {peer} bfd profile {peer_config["bfd_profile"]}', frrconfig)
self.assertIn(f' neighbor {peer} bfd check-control-plane-failure', frrconfig)
if 'cap_dynamic' in peer_config:
self.assertIn(f' neighbor {peer} capability dynamic', frrconfig)
if 'cap_ext_next' in peer_config:
self.assertIn(f' neighbor {peer} capability extended-nexthop', frrconfig)
if 'cap_ext_sver' in peer_config:
self.assertIn(f' neighbor {peer} capability software-version', frrconfig)
if 'description' in peer_config:
self.assertIn(f' neighbor {peer} description {peer_config["description"]}', frrconfig)
if 'no_cap_nego' in peer_config:
self.assertIn(f' neighbor {peer} dont-capability-negotiate', frrconfig)
if 'multi_hop' in peer_config:
self.assertIn(f' neighbor {peer} ebgp-multihop {peer_config["multi_hop"]}', frrconfig)
if 'local_as' in peer_config:
self.assertIn(f' neighbor {peer} local-as {peer_config["local_as"]} no-prepend replace-as', frrconfig)
if 'local_role' in peer_config:
tmp = f' neighbor {peer} local-role {peer_config["local_role"]}'
if 'local_role_strict' in peer_config:
tmp += ' strict'
self.assertIn(tmp, frrconfig)
if 'cap_over' in peer_config:
self.assertIn(f' neighbor {peer} override-capability', frrconfig)
if 'passive' in peer_config:
self.assertIn(f' neighbor {peer} passive', frrconfig)
if 'password' in peer_config:
self.assertIn(f' neighbor {peer} password {peer_config["password"]}', frrconfig)
if 'port' in peer_config:
self.assertIn(f' neighbor {peer} port {peer_config["port"]}', frrconfig)
if 'remote_as' in peer_config:
self.assertIn(f' neighbor {peer} remote-as {peer_config["remote_as"]}', frrconfig)
if 'solo' in peer_config:
self.assertIn(f' neighbor {peer} solo', frrconfig)
if 'shutdown' in peer_config:
self.assertIn(f' neighbor {peer} shutdown', frrconfig)
if 'ttl_security' in peer_config:
self.assertIn(f' neighbor {peer} ttl-security hops {peer_config["ttl_security"]}', frrconfig)
if 'update_src' in peer_config:
self.assertIn(f' neighbor {peer} update-source {peer_config["update_src"]}', frrconfig)
if 'route_map_in' in peer_config:
self.assertIn(f' neighbor {peer} route-map {peer_config["route_map_in"]} in', frrconfig)
if 'route_map_out' in peer_config:
self.assertIn(f' neighbor {peer} route-map {peer_config["route_map_out"]} out', frrconfig)
if 'pfx_list_in' in peer_config:
self.assertIn(f' neighbor {peer} prefix-list {peer_config["pfx_list_in"]} in', frrconfig)
if 'pfx_list_out' in peer_config:
self.assertIn(f' neighbor {peer} prefix-list {peer_config["pfx_list_out"]} out', frrconfig)
if 'no_send_comm_std' in peer_config:
self.assertIn(f' no neighbor {peer} send-community', frrconfig)
if 'no_send_comm_ext' in peer_config:
self.assertIn(f' no neighbor {peer} send-community extended', frrconfig)
if 'addpath_all' in peer_config:
self.assertIn(f' neighbor {peer} addpath-tx-all-paths', frrconfig)
if 'p_attr_discard' in peer_config:
self.assertIn(f' neighbor {peer} path-attribute discard {peer_config["p_attr_discard"]}', frrconfig)
if 'p_attr_taw' in peer_config:
self.assertIn(f' neighbor {peer} path-attribute treat-as-withdraw {peer_config["p_attr_taw"]}', frrconfig)
if 'addpath_per_as' in peer_config:
self.assertIn(f' neighbor {peer} addpath-tx-bestpath-per-AS', frrconfig)
if 'advertise_map' in peer_config:
base = f' neighbor {peer} advertise-map {peer_config["advertise_map"]}'
if 'exist_map' in peer_config:
base = f'{base} exist-map {peer_config["exist_map"]}'
if 'non_exist_map' in peer_config:
base = f'{base} non-exist-map {peer_config["non_exist_map"]}'
self.assertIn(base, frrconfig)
if 'graceful_rst' in peer_config:
self.assertIn(f' neighbor {peer} graceful-restart', frrconfig)
if 'graceful_rst_no' in peer_config:
self.assertIn(f' neighbor {peer} graceful-restart-disable', frrconfig)
if 'graceful_rst_hlp' in peer_config:
self.assertIn(f' neighbor {peer} graceful-restart-helper', frrconfig)
if 'disable_conn_chk' in peer_config:
self.assertIn(f' neighbor {peer} disable-connected-check', frrconfig)
def test_bgp_01_simple(self):
router_id = '127.0.0.1'
local_pref = '500'
stalepath_time = '60'
max_path_v4 = '2'
max_path_v4ibgp = '4'
max_path_v6 = '8'
max_path_v6ibgp = '16'
cond_adv_timer = '30'
min_hold_time = '2'
tcp_keepalive_idle = '66'
tcp_keepalive_interval = '77'
tcp_keepalive_probes = '22'
self.cli_set(base_path + ['parameters', 'allow-martian-nexthop'])
self.cli_set(base_path + ['parameters', 'no-hard-administrative-reset'])
self.cli_set(base_path + ['parameters', 'log-neighbor-changes'])
self.cli_set(base_path + ['parameters', 'labeled-unicast', 'explicit-null'])
self.cli_set(base_path + ['parameters', 'router-id', router_id])
# System AS number MUST be defined - as this is set in setUp() we remove
# this once for testing of the proper error
self.cli_delete(base_path + ['system-as'])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['system-as', ASN])
# Default local preference (higher = more preferred, default value is 100)
self.cli_set(base_path + ['parameters', 'default', 'local-pref', local_pref])
self.cli_set(base_path + ['parameters', 'graceful-restart', 'stalepath-time', stalepath_time])
self.cli_set(base_path + ['parameters', 'graceful-shutdown'])
self.cli_set(base_path + ['parameters', 'ebgp-requires-policy'])
self.cli_set(base_path + ['parameters', 'bestpath', 'as-path', 'multipath-relax'])
self.cli_set(base_path + ['parameters', 'bestpath', 'bandwidth', 'default-weight-for-missing'])
self.cli_set(base_path + ['parameters', 'bestpath', 'compare-routerid'])
self.cli_set(base_path + ['parameters', 'bestpath', 'peer-type', 'multipath-relax'])
self.cli_set(base_path + ['parameters', 'conditional-advertisement', 'timer', cond_adv_timer])
self.cli_set(base_path + ['parameters', 'fast-convergence'])
self.cli_set(base_path + ['parameters', 'minimum-holdtime', min_hold_time])
self.cli_set(base_path + ['parameters', 'no-suppress-duplicates'])
self.cli_set(base_path + ['parameters', 'reject-as-sets'])
self.cli_set(base_path + ['parameters', 'route-reflector-allow-outbound-policy'])
self.cli_set(base_path + ['parameters', 'shutdown'])
self.cli_set(base_path + ['parameters', 'suppress-fib-pending'])
self.cli_set(base_path + ['parameters', 'tcp-keepalive', 'idle', tcp_keepalive_idle])
self.cli_set(base_path + ['parameters', 'tcp-keepalive', 'interval', tcp_keepalive_interval])
self.cli_set(base_path + ['parameters', 'tcp-keepalive', 'probes', tcp_keepalive_probes])
# AFI maximum path support
self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ebgp', max_path_v4])
self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ibgp', max_path_v4ibgp])
self.cli_set(base_path + ['address-family', 'ipv4-labeled-unicast', 'maximum-paths', 'ebgp', max_path_v4])
self.cli_set(base_path + ['address-family', 'ipv4-labeled-unicast', 'maximum-paths', 'ibgp', max_path_v4ibgp])
self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'maximum-paths', 'ebgp', max_path_v6])
self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'maximum-paths', 'ibgp', max_path_v6ibgp])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' bgp router-id {router_id}', frrconfig)
self.assertIn(f' bgp allow-martian-nexthop', frrconfig)
self.assertIn(f' bgp log-neighbor-changes', frrconfig)
self.assertIn(f' bgp default local-preference {local_pref}', frrconfig)
self.assertIn(f' bgp conditional-advertisement timer {cond_adv_timer}', frrconfig)
self.assertIn(f' bgp fast-convergence', frrconfig)
self.assertIn(f' bgp graceful-restart stalepath-time {stalepath_time}', frrconfig)
self.assertIn(f' bgp graceful-shutdown', frrconfig)
self.assertIn(f' no bgp hard-administrative-reset', frrconfig)
self.assertIn(f' bgp labeled-unicast explicit-null', frrconfig)
self.assertIn(f' bgp bestpath as-path multipath-relax', frrconfig)
self.assertIn(f' bgp bestpath bandwidth default-weight-for-missing', frrconfig)
self.assertIn(f' bgp bestpath compare-routerid', frrconfig)
self.assertIn(f' bgp bestpath peer-type multipath-relax', frrconfig)
self.assertIn(f' bgp minimum-holdtime {min_hold_time}', frrconfig)
self.assertIn(f' bgp reject-as-sets', frrconfig)
self.assertIn(f' bgp route-reflector allow-outbound-policy', frrconfig)
self.assertIn(f' bgp shutdown', frrconfig)
self.assertIn(f' bgp suppress-fib-pending', frrconfig)
self.assertIn(f' bgp tcp-keepalive {tcp_keepalive_idle} {tcp_keepalive_interval} {tcp_keepalive_probes}', frrconfig)
self.assertNotIn(f'bgp ebgp-requires-policy', frrconfig)
self.assertIn(f' no bgp suppress-duplicates', frrconfig)
afiv4_config = self.getFRRconfig(' address-family ipv4 unicast')
self.assertIn(f' maximum-paths {max_path_v4}', afiv4_config)
self.assertIn(f' maximum-paths ibgp {max_path_v4ibgp}', afiv4_config)
afiv4_config = self.getFRRconfig(' address-family ipv4 labeled-unicast')
self.assertIn(f' maximum-paths {max_path_v4}', afiv4_config)
self.assertIn(f' maximum-paths ibgp {max_path_v4ibgp}', afiv4_config)
afiv6_config = self.getFRRconfig(' address-family ipv6 unicast')
self.assertIn(f' maximum-paths {max_path_v6}', afiv6_config)
self.assertIn(f' maximum-paths ibgp {max_path_v6ibgp}', afiv6_config)
def test_bgp_02_neighbors(self):
# Test out individual neighbor configuration items, not all of them are
# also available to a peer-group!
self.cli_set(base_path + ['parameters', 'deterministic-med'])
for peer, peer_config in neighbor_config.items():
afi = 'ipv4-unicast'
if is_ipv6(peer):
afi = 'ipv6-unicast'
if 'adv_interv' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'advertisement-interval', peer_config["adv_interv"]])
if 'bfd' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'bfd'])
if 'bfd_profile' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'bfd', 'profile', peer_config["bfd_profile"]])
self.cli_set(base_path + ['neighbor', peer, 'bfd', 'check-control-plane-failure'])
if 'cap_dynamic' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'capability', 'dynamic'])
if 'cap_ext_next' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'capability', 'extended-nexthop'])
if 'cap_ext_sver' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'capability', 'software-version'])
if 'description' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'description', peer_config["description"]])
if 'no_cap_nego' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'disable-capability-negotiation'])
if 'multi_hop' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'ebgp-multihop', peer_config["multi_hop"]])
if 'local_as' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'local-as', peer_config["local_as"], 'no-prepend', 'replace-as'])
if 'local_role' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'local-role', peer_config["local_role"]])
if 'local_role_strict' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'local-role', peer_config["local_role"], 'strict'])
if 'cap_over' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'override-capability'])
if 'passive' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'passive'])
if 'password' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'password', peer_config["password"]])
if 'port' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'port', peer_config["port"]])
if 'remote_as' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'remote-as', peer_config["remote_as"]])
if 'cap_strict' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'strict-capability-match'])
if 'shutdown' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'shutdown'])
if 'solo' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'solo'])
if 'ttl_security' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'ttl-security', 'hops', peer_config["ttl_security"]])
if 'update_src' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'update-source', peer_config["update_src"]])
if 'p_attr_discard' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'path-attribute', 'discard', peer_config["p_attr_discard"]])
if 'p_attr_taw' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'path-attribute', 'treat-as-withdraw', peer_config["p_attr_taw"]])
if 'route_map_in' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'route-map', 'import', peer_config["route_map_in"]])
if 'route_map_out' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'route-map', 'export', peer_config["route_map_out"]])
if 'pfx_list_in' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'prefix-list', 'import', peer_config["pfx_list_in"]])
if 'pfx_list_out' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'prefix-list', 'export', peer_config["pfx_list_out"]])
if 'no_send_comm_std' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'disable-send-community', 'standard'])
if 'no_send_comm_ext' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'disable-send-community', 'extended'])
if 'addpath_all' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'addpath-tx-all'])
if 'addpath_per_as' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'addpath-tx-per-as'])
if 'graceful_rst' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'graceful-restart', 'enable'])
if 'graceful_rst_no' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'graceful-restart', 'disable'])
if 'graceful_rst_hlp' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'graceful-restart', 'restart-helper'])
if 'disable_conn_chk' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'disable-connected-check'])
# Conditional advertisement
if 'advertise_map' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'conditionally-advertise', 'advertise-map', peer_config["advertise_map"]])
# Either exist-map or non-exist-map needs to be specified
if 'exist_map' not in peer_config and 'non_exist_map' not in peer_config:
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'conditionally-advertise', 'exist-map', route_map_in])
if 'exist_map' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'conditionally-advertise', 'exist-map', peer_config["exist_map"]])
if 'non_exist_map' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'conditionally-advertise', 'non-exist-map', peer_config["non_exist_map"]])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
for peer, peer_config in neighbor_config.items():
if 'adv_interv' in peer_config:
self.assertIn(f' neighbor {peer} advertisement-interval {peer_config["adv_interv"]}', frrconfig)
if 'cap_strict' in peer_config:
self.assertIn(f' neighbor {peer} strict-capability-match', frrconfig)
self.verify_frr_config(peer, peer_config, frrconfig)
def test_bgp_03_peer_groups(self):
# Test out individual peer-group configuration items
for peer_group, config in peer_group_config.items():
if 'bfd' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'bfd'])
if 'bfd_profile' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'bfd', 'profile', config["bfd_profile"]])
self.cli_set(base_path + ['peer-group', peer_group, 'bfd', 'check-control-plane-failure'])
if 'cap_dynamic' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'capability', 'dynamic'])
if 'cap_ext_next' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'capability', 'extended-nexthop'])
if 'cap_ext_sver' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'capability', 'software-version'])
if 'description' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'description', config["description"]])
if 'no_cap_nego' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'disable-capability-negotiation'])
if 'multi_hop' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'ebgp-multihop', config["multi_hop"]])
if 'local_as' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'local-as', config["local_as"], 'no-prepend', 'replace-as'])
if 'local_role' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'local-role', config["local_role"]])
if 'local_role_strict' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'local-role', config["local_role"], 'strict'])
if 'cap_over' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'override-capability'])
if 'passive' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'passive'])
if 'password' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'password', config["password"]])
if 'port' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'port', config["port"]])
if 'remote_as' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', config["remote_as"]])
if 'shutdown' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'shutdown'])
if 'ttl_security' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'ttl-security', 'hops', config["ttl_security"]])
if 'update_src' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'update-source', config["update_src"]])
if 'route_map_in' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'route-map', 'import', config["route_map_in"]])
if 'route_map_out' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'route-map', 'export', config["route_map_out"]])
if 'pfx_list_in' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'prefix-list', 'import', config["pfx_list_in"]])
if 'pfx_list_out' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'prefix-list', 'export', config["pfx_list_out"]])
if 'no_send_comm_std' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'disable-send-community', 'standard'])
if 'no_send_comm_ext' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'disable-send-community', 'extended'])
if 'addpath_all' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'addpath-tx-all'])
if 'addpath_per_as' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'addpath-tx-per-as'])
if 'graceful_rst' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'graceful-restart', 'enable'])
if 'graceful_rst_no' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'graceful-restart', 'disable'])
if 'graceful_rst_hlp' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'graceful-restart', 'restart-helper'])
if 'disable_conn_chk' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'disable-connected-check'])
if 'p_attr_discard' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'path-attribute', 'discard', config["p_attr_discard"]])
if 'p_attr_taw' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'path-attribute', 'treat-as-withdraw', config["p_attr_taw"]])
# Conditional advertisement
if 'advertise_map' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'conditionally-advertise', 'advertise-map', config["advertise_map"]])
# Either exist-map or non-exist-map needs to be specified
if 'exist_map' not in config and 'non_exist_map' not in config:
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'conditionally-advertise', 'exist-map', route_map_in])
if 'exist_map' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'conditionally-advertise', 'exist-map', config["exist_map"]])
if 'non_exist_map' in config:
self.cli_set(base_path + ['peer-group', peer_group, 'address-family', 'ipv4-unicast', 'conditionally-advertise', 'non-exist-map', config["non_exist_map"]])
for peer, peer_config in neighbor_config.items():
if 'peer_group' in peer_config:
self.cli_set(base_path + ['neighbor', peer, 'peer-group', peer_config['peer_group']])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
for peer, peer_config in peer_group_config.items():
self.assertIn(f' neighbor {peer_group} peer-group', frrconfig)
self.verify_frr_config(peer, peer_config, frrconfig)
for peer, peer_config in neighbor_config.items():
if 'peer_group' in peer_config:
self.assertIn(f' neighbor {peer} peer-group {peer_config["peer_group"]}', frrconfig)
def test_bgp_04_afi_ipv4(self):
networks = {
'10.0.0.0/8' : {
'as_set' : '',
},
'100.64.0.0/10' : {
'as_set' : '',
},
'192.168.0.0/16' : {
'summary_only' : '',
},
}
# We want to redistribute ...
redistributes = ['connected', 'isis', 'kernel', 'ospf', 'rip', 'static']
for redistribute in redistributes:
self.cli_set(base_path + ['address-family', 'ipv4-unicast',
'redistribute', redistribute])
for network, network_config in networks.items():
self.cli_set(base_path + ['address-family', 'ipv4-unicast',
'network', network])
if 'as_set' in network_config:
self.cli_set(base_path + ['address-family', 'ipv4-unicast',
'aggregate-address', network, 'as-set'])
if 'summary_only' in network_config:
self.cli_set(base_path + ['address-family', 'ipv4-unicast',
'aggregate-address', network, 'summary-only'])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' address-family ipv4 unicast', frrconfig)
for redistribute in redistributes:
self.assertIn(f' redistribute {redistribute}', frrconfig)
for network, network_config in networks.items():
self.assertIn(f' network {network}', frrconfig)
if 'as_set' in network_config:
self.assertIn(f' aggregate-address {network} as-set', frrconfig)
if 'summary_only' in network_config:
self.assertIn(f' aggregate-address {network} summary-only', frrconfig)
def test_bgp_05_afi_ipv6(self):
networks = {
'2001:db8:100::/48' : {
},
'2001:db8:200::/48' : {
},
'2001:db8:300::/48' : {
'summary_only' : '',
},
}
# We want to redistribute ...
redistributes = ['connected', 'kernel', 'ospfv3', 'ripng', 'static']
for redistribute in redistributes:
self.cli_set(base_path + ['address-family', 'ipv6-unicast',
'redistribute', redistribute])
for network, network_config in networks.items():
self.cli_set(base_path + ['address-family', 'ipv6-unicast',
'network', network])
if 'summary_only' in network_config:
self.cli_set(base_path + ['address-family', 'ipv6-unicast',
'aggregate-address', network, 'summary-only'])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' address-family ipv6 unicast', frrconfig)
# T2100: By default ebgp-requires-policy is disabled to keep VyOS
# 1.3 and 1.2 backwards compatibility
self.assertIn(f' no bgp ebgp-requires-policy', frrconfig)
for redistribute in redistributes:
# FRR calls this OSPF6
if redistribute == 'ospfv3':
redistribute = 'ospf6'
self.assertIn(f' redistribute {redistribute}', frrconfig)
for network, network_config in networks.items():
self.assertIn(f' network {network}', frrconfig)
if 'as_set' in network_config:
self.assertIn(f' aggregate-address {network} summary-only', frrconfig)
def test_bgp_06_listen_range(self):
# Implemented via T1875
limit = '64'
listen_ranges = ['192.0.2.0/25', '192.0.2.128/25']
peer_group = 'listenfoobar'
self.cli_set(base_path + ['listen', 'limit', limit])
for prefix in listen_ranges:
self.cli_set(base_path + ['listen', 'range', prefix])
# check validate() - peer-group must be defined for range/prefix
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['listen', 'range', prefix, 'peer-group', peer_group])
# check validate() - peer-group does yet not exist!
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', ASN])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' neighbor {peer_group} peer-group', frrconfig)
self.assertIn(f' neighbor {peer_group} remote-as {ASN}', frrconfig)
self.assertIn(f' bgp listen limit {limit}', frrconfig)
for prefix in listen_ranges:
self.assertIn(f' bgp listen range {prefix} peer-group {peer_group}', frrconfig)
def test_bgp_07_l2vpn_evpn(self):
vnis = ['10010', '10020', '10030']
- neighbors = ['192.0.2.10', '192.0.2.20', '192.0.2.30']
+ soo = '1.2.3.4:10000'
evi_limit = '1000'
route_targets = ['1.1.1.1:100', '1.1.1.1:200', '1.1.1.1:300']
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'advertise-all-vni'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'advertise-default-gw'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'advertise-svi-ip'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'flooding', 'disable'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'default-originate', 'ipv4'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'default-originate', 'ipv6'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'disable-ead-evi-rx'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'disable-ead-evi-tx'])
+ self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'mac-vrf', 'soo', soo])
for vni in vnis:
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'vni', vni, 'advertise-default-gw'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'vni', vni, 'advertise-svi-ip'])
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'ead-es-frag', 'evi-limit', evi_limit])
for route_target in route_targets:
self.cli_set(base_path + ['address-family', 'l2vpn-evpn', 'ead-es-route-target', 'export', route_target])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' address-family l2vpn evpn', frrconfig)
self.assertIn(f' advertise-all-vni', frrconfig)
self.assertIn(f' advertise-default-gw', frrconfig)
self.assertIn(f' advertise-svi-ip', frrconfig)
self.assertIn(f' default-originate ipv4', frrconfig)
self.assertIn(f' default-originate ipv6', frrconfig)
self.assertIn(f' disable-ead-evi-rx', frrconfig)
self.assertIn(f' disable-ead-evi-tx', frrconfig)
self.assertIn(f' flooding disable', frrconfig)
+ self.assertIn(f' mac-vrf soo {soo}', frrconfig)
for vni in vnis:
vniconfig = self.getFRRconfig(f' vni {vni}')
self.assertIn(f'vni {vni}', vniconfig)
self.assertIn(f' advertise-default-gw', vniconfig)
self.assertIn(f' advertise-svi-ip', vniconfig)
self.assertIn(f' ead-es-frag evi-limit {evi_limit}', frrconfig)
for route_target in route_targets:
self.assertIn(f' ead-es-route-target export {route_target}', frrconfig)
def test_bgp_09_distance_and_flowspec(self):
distance_external = '25'
distance_internal = '30'
distance_local = '35'
distance_v4_prefix = '169.254.0.0/32'
distance_v6_prefix = '2001::/128'
distance_prefix_value = '110'
distance_families = ['ipv4-unicast', 'ipv6-unicast','ipv4-multicast', 'ipv6-multicast']
verify_families = ['ipv4 unicast', 'ipv6 unicast','ipv4 multicast', 'ipv6 multicast']
flowspec_families = ['address-family ipv4 flowspec', 'address-family ipv6 flowspec']
flowspec_int = 'lo'
# Per family distance support
for family in distance_families:
self.cli_set(base_path + ['address-family', family, 'distance', 'external', distance_external])
self.cli_set(base_path + ['address-family', family, 'distance', 'internal', distance_internal])
self.cli_set(base_path + ['address-family', family, 'distance', 'local', distance_local])
if 'ipv4' in family:
self.cli_set(base_path + ['address-family', family, 'distance',
'prefix', distance_v4_prefix, 'distance', distance_prefix_value])
if 'ipv6' in family:
self.cli_set(base_path + ['address-family', family, 'distance',
'prefix', distance_v6_prefix, 'distance', distance_prefix_value])
# IPv4 flowspec interface check
self.cli_set(base_path + ['address-family', 'ipv4-flowspec', 'local-install', 'interface', flowspec_int])
# IPv6 flowspec interface check
self.cli_set(base_path + ['address-family', 'ipv6-flowspec', 'local-install', 'interface', flowspec_int])
# Commit changes
self.cli_commit()
# Verify FRR distances configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
for family in verify_families:
self.assertIn(f'address-family {family}', frrconfig)
self.assertIn(f'distance bgp {distance_external} {distance_internal} {distance_local}', frrconfig)
if 'ipv4' in family:
self.assertIn(f'distance {distance_prefix_value} {distance_v4_prefix}', frrconfig)
if 'ipv6' in family:
self.assertIn(f'distance {distance_prefix_value} {distance_v6_prefix}', frrconfig)
# Verify FRR flowspec configuration
for family in flowspec_families:
self.assertIn(f'{family}', frrconfig)
self.assertIn(f'local-install {flowspec_int}', frrconfig)
def test_bgp_10_vrf_simple(self):
router_id = '127.0.0.3'
vrfs = ['red', 'green', 'blue']
# It is safe to assume that when the basic VRF test works, all
# other BGP related features work, as we entirely inherit the CLI
# templates and Jinja2 FRR template.
table = '1000'
# testing only one AFI is sufficient as it's generic code
for vrf in vrfs:
vrf_base = ['vrf', 'name', vrf]
self.cli_set(vrf_base + ['table', table])
self.cli_set(vrf_base + ['protocols', 'bgp', 'system-as', ASN])
self.cli_set(vrf_base + ['protocols', 'bgp', 'parameters', 'router-id', router_id])
table = str(int(table) + 1000)
# import VRF routes do main RIB
self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'import', 'vrf', vrf])
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' address-family ipv6 unicast', frrconfig)
for vrf in vrfs:
self.assertIn(f' import vrf {vrf}', frrconfig)
# Verify FRR bgpd configuration
frr_vrf_config = self.getFRRconfig(f'router bgp {ASN} vrf {vrf}')
self.assertIn(f'router bgp {ASN} vrf {vrf}', frr_vrf_config)
self.assertIn(f' bgp router-id {router_id}', frr_vrf_config)
def test_bgp_11_confederation(self):
router_id = '127.10.10.2'
confed_id = str(int(ASN) + 1)
confed_asns = '10 20 30 40'
self.cli_set(base_path + ['parameters', 'router-id', router_id])
self.cli_set(base_path + ['parameters', 'confederation', 'identifier', confed_id])
for asn in confed_asns.split():
self.cli_set(base_path + ['parameters', 'confederation', 'peers', asn])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' bgp router-id {router_id}', frrconfig)
self.assertIn(f' bgp confederation identifier {confed_id}', frrconfig)
self.assertIn(f' bgp confederation peers {confed_asns}', frrconfig)
def test_bgp_12_v6_link_local(self):
remote_asn = str(int(ASN) + 10)
interface = 'eth0'
self.cli_set(base_path + ['neighbor', interface, 'address-family', 'ipv6-unicast'])
self.cli_set(base_path + ['neighbor', interface, 'interface', 'v6only', 'remote-as', remote_asn])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' neighbor {interface} interface v6only remote-as {remote_asn}', frrconfig)
self.assertIn(f' address-family ipv6 unicast', frrconfig)
self.assertIn(f' neighbor {interface} activate', frrconfig)
self.assertIn(f' exit-address-family', frrconfig)
def test_bgp_13_vpn(self):
remote_asn = str(int(ASN) + 150)
neighbor = '192.0.2.55'
vrf_name = 'red'
label = 'auto'
rd = f'{neighbor}:{ASN}'
rt_export = f'{neighbor}:1002 1.2.3.4:567'
rt_import = f'{neighbor}:1003 500:100'
# testing only one AFI is sufficient as it's generic code
for afi in ['ipv4-unicast', 'ipv6-unicast']:
self.cli_set(base_path + ['address-family', afi, 'export', 'vpn'])
self.cli_set(base_path + ['address-family', afi, 'import', 'vpn'])
self.cli_set(base_path + ['address-family', afi, 'label', 'vpn', 'export', label])
self.cli_set(base_path + ['address-family', afi, 'label', 'vpn', 'allocation-mode', 'per-nexthop'])
self.cli_set(base_path + ['address-family', afi, 'rd', 'vpn', 'export', rd])
self.cli_set(base_path + ['address-family', afi, 'route-map', 'vpn', 'export', route_map_out])
self.cli_set(base_path + ['address-family', afi, 'route-map', 'vpn', 'import', route_map_in])
self.cli_set(base_path + ['address-family', afi, 'route-target', 'vpn', 'export', rt_export])
self.cli_set(base_path + ['address-family', afi, 'route-target', 'vpn', 'import', rt_import])
# commit changes
self.cli_commit()
# Verify FRR bgpd configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
for afi in ['ipv4', 'ipv6']:
afi_config = self.getFRRconfig(f' address-family {afi} unicast', endsection='exit-address-family', daemon='bgpd')
self.assertIn(f'address-family {afi} unicast', afi_config)
self.assertIn(f' export vpn', afi_config)
self.assertIn(f' import vpn', afi_config)
self.assertIn(f' label vpn export {label}', afi_config)
self.assertIn(f' label vpn export allocation-mode per-nexthop', afi_config)
self.assertIn(f' rd vpn export {rd}', afi_config)
self.assertIn(f' route-map vpn export {route_map_out}', afi_config)
self.assertIn(f' route-map vpn import {route_map_in}', afi_config)
self.assertIn(f' rt vpn export {rt_export}', afi_config)
self.assertIn(f' rt vpn import {rt_import}', afi_config)
self.assertIn(f' exit-address-family', afi_config)
def test_bgp_14_remote_as_peer_group_override(self):
# Peer-group member cannot override remote-as of peer-group
remote_asn = str(int(ASN) + 150)
neighbor = '192.0.2.1'
peer_group = 'bar'
interface = 'eth0'
self.cli_set(base_path + ['neighbor', neighbor, 'remote-as', remote_asn])
self.cli_set(base_path + ['neighbor', neighbor, 'peer-group', peer_group])
self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', remote_asn])
# Peer-group member cannot override remote-as of peer-group
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_delete(base_path + ['neighbor', neighbor, 'remote-as'])
# re-test with interface based peer-group
self.cli_set(base_path + ['neighbor', interface, 'interface', 'peer-group', peer_group])
self.cli_set(base_path + ['neighbor', interface, 'interface', 'remote-as', 'external'])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_delete(base_path + ['neighbor', interface, 'interface', 'remote-as'])
# re-test with interface based v6only peer-group
self.cli_set(base_path + ['neighbor', interface, 'interface', 'v6only', 'peer-group', peer_group])
self.cli_set(base_path + ['neighbor', interface, 'interface', 'v6only', 'remote-as', 'external'])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_delete(base_path + ['neighbor', interface, 'interface', 'v6only', 'remote-as'])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' neighbor {neighbor} peer-group {peer_group}', frrconfig)
self.assertIn(f' neighbor {peer_group} peer-group', frrconfig)
self.assertIn(f' neighbor {peer_group} remote-as {remote_asn}', frrconfig)
def test_bgp_15_local_as_ebgp(self):
# https://vyos.dev/T4560
# local-as allowed only for ebgp peers
neighbor = '192.0.2.99'
remote_asn = '500'
local_asn = '400'
self.cli_set(base_path + ['neighbor', neighbor, 'remote-as', ASN])
self.cli_set(base_path + ['neighbor', neighbor, 'local-as', local_asn])
# check validate() - local-as allowed only for ebgp peers
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(base_path + ['neighbor', neighbor, 'remote-as', remote_asn])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' neighbor {neighbor} remote-as {remote_asn}', frrconfig)
self.assertIn(f' neighbor {neighbor} local-as {local_asn}', frrconfig)
def test_bgp_16_import_rd_rt_compatibility(self):
# Verify if import vrf and rd vpn export
# exist in the same address family
self.create_bgp_instances_for_import_test()
self.cli_set(
base_path + ['address-family', import_afi, 'import', 'vrf',
import_vrf])
self.cli_set(
base_path + ['address-family', import_afi, 'rd', 'vpn', 'export',
import_rd])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
def test_bgp_17_import_rd_rt_compatibility(self):
# Verify if vrf that is in import vrf list contains rd vpn export
self.create_bgp_instances_for_import_test()
self.cli_set(
base_path + ['address-family', import_afi, 'import', 'vrf',
import_vrf])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
frrconfig_vrf = self.getFRRconfig(f'router bgp {ASN} vrf {import_vrf}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f'address-family ipv4 unicast', frrconfig)
self.assertIn(f' import vrf {import_vrf}', frrconfig)
self.assertIn(f'router bgp {ASN} vrf {import_vrf}', frrconfig_vrf)
self.cli_set(
import_vrf_base + [import_vrf] + base_path + ['address-family',
import_afi, 'rd',
'vpn', 'export',
import_rd])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
def test_bgp_18_deleting_import_vrf(self):
# Verify deleting vrf that is in import vrf list
self.create_bgp_instances_for_import_test()
self.cli_set(
base_path + ['address-family', import_afi, 'import', 'vrf',
import_vrf])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
frrconfig_vrf = self.getFRRconfig(f'router bgp {ASN} vrf {import_vrf}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f'address-family ipv4 unicast', frrconfig)
self.assertIn(f' import vrf {import_vrf}', frrconfig)
self.assertIn(f'router bgp {ASN} vrf {import_vrf}', frrconfig_vrf)
self.cli_delete(import_vrf_base + [import_vrf])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
def test_bgp_19_deleting_default_vrf(self):
# Verify deleting existent vrf default if other vrfs were created
self.create_bgp_instances_for_import_test()
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
frrconfig_vrf = self.getFRRconfig(f'router bgp {ASN} vrf {import_vrf}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f'router bgp {ASN} vrf {import_vrf}', frrconfig_vrf)
self.cli_delete(base_path)
with self.assertRaises(ConfigSessionError):
self.cli_commit()
def test_bgp_20_import_rd_rt_compatibility(self):
# Verify if vrf that has rd vpn export is in import vrf of other vrfs
self.create_bgp_instances_for_import_test()
self.cli_set(
import_vrf_base + [import_vrf] + base_path + ['address-family',
import_afi, 'rd',
'vpn', 'export',
import_rd])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
frrconfig_vrf = self.getFRRconfig(f'router bgp {ASN} vrf {import_vrf}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f'router bgp {ASN} vrf {import_vrf}', frrconfig_vrf)
self.assertIn(f'address-family ipv4 unicast', frrconfig_vrf)
self.assertIn(f' rd vpn export {import_rd}', frrconfig_vrf)
self.cli_set(
base_path + ['address-family', import_afi, 'import', 'vrf',
import_vrf])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
def test_bgp_21_import_unspecified_vrf(self):
# Verify if vrf that is in import is unspecified
self.create_bgp_instances_for_import_test()
self.cli_set(
base_path + ['address-family', import_afi, 'import', 'vrf',
'test'])
with self.assertRaises(ConfigSessionError):
self.cli_commit()
def test_bgp_22_interface_mpls_forwarding(self):
interfaces = Section.interfaces('ethernet', vlan=False)
for interface in interfaces:
self.cli_set(base_path + ['interface', interface, 'mpls', 'forwarding'])
self.cli_commit()
for interface in interfaces:
frrconfig = self.getFRRconfig(f'interface {interface}')
self.assertIn(f'interface {interface}', frrconfig)
self.assertIn(f' mpls bgp forwarding', frrconfig)
def test_bgp_23_vrf_interface_mpls_forwarding(self):
self.create_bgp_instances_for_import_test()
interfaces = Section.interfaces('ethernet', vlan=False)
for interface in interfaces:
self.cli_set(['interfaces', 'ethernet', interface, 'vrf', import_vrf])
self.cli_set(import_vrf_base + [import_vrf] + base_path + ['interface', interface, 'mpls', 'forwarding'])
self.cli_commit()
for interface in interfaces:
frrconfig = self.getFRRconfig(f'interface {interface}')
self.assertIn(f'interface {interface}', frrconfig)
self.assertIn(f' mpls bgp forwarding', frrconfig)
self.cli_delete(['interfaces', 'ethernet', interface, 'vrf'])
def test_bgp_24_srv6_sid(self):
locator_name = 'VyOS_foo'
sid = 'auto'
nexthop_ipv4 = '192.0.0.1'
nexthop_ipv6 = '2001:db8:100:200::2'
self.cli_set(base_path + ['srv6', 'locator', locator_name])
self.cli_set(base_path + ['sid', 'vpn', 'per-vrf', 'export', sid])
self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'sid', 'vpn', 'export', sid])
# verify() - SID per VRF and SID per address-family are mutually exclusive!
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_delete(base_path + ['address-family', 'ipv4-unicast', 'sid'])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' segment-routing srv6', frrconfig)
self.assertIn(f' locator {locator_name}', frrconfig)
self.assertIn(f' sid vpn per-vrf export {sid}', frrconfig)
# Now test AFI SID
self.cli_delete(base_path + ['sid'])
self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'sid', 'vpn', 'export', sid])
self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'nexthop', 'vpn', 'export', nexthop_ipv4])
self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'sid', 'vpn', 'export', sid])
self.cli_set(base_path + ['address-family', 'ipv6-unicast', 'nexthop', 'vpn', 'export', nexthop_ipv6])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' segment-routing srv6', frrconfig)
self.assertIn(f' locator {locator_name}', frrconfig)
afiv4_config = self.getFRRconfig(' address-family ipv4 unicast')
self.assertIn(f' sid vpn export {sid}', afiv4_config)
self.assertIn(f' nexthop vpn export {nexthop_ipv4}', afiv4_config)
afiv6_config = self.getFRRconfig(' address-family ipv6 unicast')
self.assertIn(f' sid vpn export {sid}', afiv6_config)
self.assertIn(f' nexthop vpn export {nexthop_ipv6}', afiv4_config)
def test_bgp_25_ipv4_labeled_unicast_peer_group(self):
pg_ipv4 = 'foo4'
ipv4_max_prefix = '20'
ipv4_prefix = '192.0.2.0/24'
self.cli_set(base_path + ['listen', 'range', ipv4_prefix, 'peer-group', pg_ipv4])
self.cli_set(base_path + ['parameters', 'labeled-unicast', 'ipv4-explicit-null'])
self.cli_set(base_path + ['peer-group', pg_ipv4, 'address-family', 'ipv4-labeled-unicast', 'maximum-prefix', ipv4_max_prefix])
self.cli_set(base_path + ['peer-group', pg_ipv4, 'remote-as', 'external'])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' neighbor {pg_ipv4} peer-group', frrconfig)
self.assertIn(f' neighbor {pg_ipv4} remote-as external', frrconfig)
self.assertIn(f' bgp listen range {ipv4_prefix} peer-group {pg_ipv4}', frrconfig)
self.assertIn(f' bgp labeled-unicast ipv4-explicit-null', frrconfig)
afiv4_config = self.getFRRconfig(' address-family ipv4 labeled-unicast')
self.assertIn(f' neighbor {pg_ipv4} activate', afiv4_config)
self.assertIn(f' neighbor {pg_ipv4} maximum-prefix {ipv4_max_prefix}', afiv4_config)
def test_bgp_26_ipv6_labeled_unicast_peer_group(self):
pg_ipv6 = 'foo6'
ipv6_max_prefix = '200'
ipv6_prefix = '2001:db8:1000::/64'
self.cli_set(base_path + ['listen', 'range', ipv6_prefix, 'peer-group', pg_ipv6])
self.cli_set(base_path + ['parameters', 'labeled-unicast', 'ipv6-explicit-null'])
self.cli_set(base_path + ['peer-group', pg_ipv6, 'address-family', 'ipv6-labeled-unicast', 'maximum-prefix', ipv6_max_prefix])
self.cli_set(base_path + ['peer-group', pg_ipv6, 'remote-as', 'external'])
self.cli_commit()
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'router bgp {ASN}', frrconfig)
self.assertIn(f' neighbor {pg_ipv6} peer-group', frrconfig)
self.assertIn(f' neighbor {pg_ipv6} remote-as external', frrconfig)
self.assertIn(f' bgp listen range {ipv6_prefix} peer-group {pg_ipv6}', frrconfig)
self.assertIn(f' bgp labeled-unicast ipv6-explicit-null', frrconfig)
afiv6_config = self.getFRRconfig(' address-family ipv6 labeled-unicast')
self.assertIn(f' neighbor {pg_ipv6} activate', afiv6_config)
self.assertIn(f' neighbor {pg_ipv6} maximum-prefix {ipv6_max_prefix}', afiv6_config)
def test_bgp_99_bmp(self):
target_name = 'instance-bmp'
target_address = '127.0.0.1'
target_port = '5000'
min_retry = '1024'
max_retry = '2048'
monitor_ipv4 = 'pre-policy'
monitor_ipv6 = 'pre-policy'
mirror_buffer = '32000000'
bmp_path = base_path + ['bmp']
target_path = bmp_path + ['target', target_name]
# by default the 'bmp' module not loaded for the bgpd expect Error
self.cli_set(bmp_path)
if not process_named_running('bgpd', 'bmp'):
with self.assertRaises(ConfigSessionError):
self.cli_commit()
# add required 'bmp' module to bgpd and restart bgpd
self.cli_delete(bmp_path)
self.cli_set(['system', 'frr', 'bmp'])
self.cli_commit()
# restart bgpd to apply "-M bmp" and update PID
cmd(f'sudo kill -9 {self.daemon_pid}')
# let the bgpd process recover
sleep(10)
# update daemon PID - this was a planned daemon restart
self.daemon_pid = process_named_running(PROCESS_NAME)
# set bmp config but not set address
self.cli_set(target_path + ['port', target_port])
# address is not set, expect Error
with self.assertRaises(ConfigSessionError):
self.cli_commit()
# config other bmp options
self.cli_set(target_path + ['address', target_address])
self.cli_set(bmp_path + ['mirror-buffer-limit', mirror_buffer])
self.cli_set(target_path + ['port', target_port])
self.cli_set(target_path + ['min-retry', min_retry])
self.cli_set(target_path + ['max-retry', max_retry])
self.cli_set(target_path + ['mirror'])
self.cli_set(target_path + ['monitor', 'ipv4-unicast', monitor_ipv4])
self.cli_set(target_path + ['monitor', 'ipv6-unicast', monitor_ipv6])
self.cli_commit()
# Verify bgpd bmp configuration
frrconfig = self.getFRRconfig(f'router bgp {ASN}')
self.assertIn(f'bmp mirror buffer-limit {mirror_buffer}', frrconfig)
self.assertIn(f'bmp targets {target_name}', frrconfig)
self.assertIn(f'bmp mirror', frrconfig)
self.assertIn(f'bmp monitor ipv4 unicast {monitor_ipv4}', frrconfig)
self.assertIn(f'bmp monitor ipv6 unicast {monitor_ipv6}', frrconfig)
self.assertIn(f'bmp connect {target_address} port {target_port} min-retry {min_retry} max-retry {max_retry}', frrconfig)
if __name__ == '__main__':
unittest.main(verbosity=2)