summaryrefslogtreecommitdiff
path: root/src/conf_mode/protocols_bgp.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-01-08 18:18:42 +0100
committerChristian Poessinger <christian@poessinger.com>2021-01-08 18:18:42 +0100
commit43a9441cb80a14fff791bbd89e88a3c2ac99e3ab (patch)
tree2bf9c09fab5c95efa73fc2f7601890466fa9b99f /src/conf_mode/protocols_bgp.py
parent13a58d38b3dc8065a8ba71904e143e3d69aab638 (diff)
parent23f55c4bcbe5475ed98d57cf54b645ef0c2cc1a8 (diff)
downloadvyos-1x-43a9441cb80a14fff791bbd89e88a3c2ac99e3ab.tar.gz
vyos-1x-43a9441cb80a14fff791bbd89e88a3c2ac99e3ab.zip
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x: (30 commits) smoketest: dummy: fix indent smoketest: bridge: bond: enable ip subsystem tests smoketest: interfaces: dhcpv6pd final fix smoketest: ethernet: fix link-speed loop test Debian: add build-dependency on python3-jinja2 smoketest: ethernet: verify() speed/duplex must both be auto or discrete smoketest: interfaces: report skipped tests smoketest: ethernet: bugfixes for dhcpc6 and unknown interfaces Debian: add python3-psutil build dependency smoketest: ethernet: check for error on non existing interface vyos.configverify: provide generic helper to check for interface existence smoketest: interfaces: fix dhcpv6 pd testcase when using multiple interfaces login: radius: T3192: migrate to get_config_dict() ssh: T2635: harden Jinja2 template and daemon startup ssh: T2635: change sshd_config path to /run/sshd login: radius: T3192: support IPv6 server(s) and source-address xml: include: provide generic include for disable node xml: radius: T3192: split individual nodes to discrete includes bgp: T2174: verify() existence of route-map and prefix-list smoketest: interfaces: test dhcpv6 pd sla-id auto increment ...
Diffstat (limited to 'src/conf_mode/protocols_bgp.py')
-rwxr-xr-xsrc/conf_mode/protocols_bgp.py83
1 files changed, 63 insertions, 20 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index a3f32fd2d..678be5066 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -17,10 +17,11 @@
from sys import exit
from vyos.config import Config
-from vyos.util import call
-from vyos.util import dict_search
+from vyos.configdict import dict_merge
from vyos.template import render
from vyos.template import render_to_string
+from vyos.util import call
+from vyos.util import dict_search
from vyos import ConfigError
from vyos import frr
from vyos import airbag
@@ -42,6 +43,16 @@ def get_config():
if not conf.exists(base + ['route-map']):
call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ')
+ # We also need some additional information from the config,
+ # prefix-lists and route-maps for instance.
+ base = ['policy']
+ tmp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
+ # As we only support one ASN (later checked in begin of verify()) we add the
+ # new information only to the first AS number
+ asn = next(iter(bgp))
+ # Merge policy dict into bgp dict
+ bgp[asn] = dict_merge(tmp, bgp[asn])
+
return bgp
def verify(bgp):
@@ -50,32 +61,64 @@ def verify(bgp):
# Check if declared more than one ASN
if len(bgp) > 1:
- raise ConfigError('Only one BGP AS can be defined!')
+ raise ConfigError('Only one BGP AS number can be defined!')
for asn, asn_config in bgp.items():
+ import pprint
+ pprint.pprint(asn_config)
+
# Common verification for both peer-group and neighbor statements
- for neigh in ['neighbor', 'peer_group']:
+ for neighbor in ['neighbor', 'peer_group']:
# bail out early if there is no neighbor or peer-group statement
# this also saves one indention level
- if neigh not in asn_config:
+ if neighbor not in asn_config:
+ print(f'no {neighbor} found in config')
continue
- #for neighbor, config in asn_config[neigh].items():
- '''
- # These checks need to be modified. Because peer-group can be declared without 'remote-as'.
- # When 'remote-as' configured for specific neighbor in peer-group. For example
- #
-
- set protocols nbgp 65001 neighbor 100.64.0.2 peer-group 'FOO'
- set protocols nbgp 65001 neighbor 100.64.0.2 remote-as '65002'
- set protocols nbgp 65001 peer-group FOO
-
- '''
- #if 'remote_as' not in config and 'peer_group' not in config:
- # raise ConfigError(f'BGP remote-as must be specified for "{neighbor}"!')
+ for peer, peer_config in asn_config[neighbor].items():
+ # Only regular "neighbor" statement can have a peer-group set
+ # Check if the configure peer-group exists
+ if 'peer_group' in peer_config:
+ peer_group = peer_config['peer_group']
+ if peer_group not in asn_config['peer_group']:
+ raise ConfigError(f'Specified peer-group "{peer_group}" for '\
+ f'neighbor "{neighbor}" does not exist!')
+
+ # Some checks can/must only be done on a neighbor and nor a peer-group
+ if neighbor == 'neighbor':
+ # remote-as must be either set explicitly for the neighbor
+ # or for the entire peer-group
+ if 'remote_as' not in peer_config:
+ if 'peer_group' not in peer_config or 'remote_as' not in asn_config['peer_group'][peer_config['peer_group']]:
+ raise ConfigError('Remote AS must be set for neighbor or peer-group!')
+
+ for afi in ['ipv4_unicast', 'ipv6_unicast']:
+ # Bail out early if address family is not configured
+ if 'address_family' not in peer_config or afi not in peer_config['address_family']:
+ continue
+
+ afi_config = peer_config['address_family'][afi]
+ # Validate if configured Prefix list exists
+ if 'prefix_list' in afi_config:
+ for tmp in ['import', 'export']:
+ if tmp in afi_config['prefix_list']:
+ if afi == 'ipv4_unicast':
+ prefix_list = afi_config['prefix_list'][tmp]
+ if 'prefix_list' not in asn_config or prefix_list not in asn_config['prefix_list']:
+ raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
+ if afi == 'ipv6_unicast':
+ prefix_list = afi_config['prefix_list6'][tmp]
+ if 'prefix_list6' not in asn_config or prefix_list not in asn_config['prefix_list6']:
+ raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
+
+
+ if 'route_map' in afi_config:
+ for tmp in ['import', 'export']:
+ if tmp in afi_config['route_map']:
+ route_map = afi_config['route_map'][tmp]
+ if 'route_map' not in asn_config or route_map not in asn_config['route_map']:
+ raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!')
- #if 'remote_as' in config and 'peer_group' in config:
- # raise ConfigError(f'BGP peer-group member "{neighbor}" cannot override remote-as of peer-group!')
return None