diff options
Diffstat (limited to 'src/conf_mode/protocols_bgp.py')
| -rwxr-xr-x | src/conf_mode/protocols_bgp.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index baf5c4159..1ce2d3e7c 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -23,6 +23,7 @@ from vyos.configdict import dict_merge from vyos.template import render_to_string from vyos.util import call from vyos.util import dict_search +from vyos.validate import is_addr_assigned from vyos import ConfigError from vyos import frr from vyos import airbag @@ -99,6 +100,13 @@ def verify(bgp): raise ConfigError(f'Specified peer-group "{peer_group}" for '\ f'neighbor "{neighbor}" does not exist!') + # ttl-security and ebgp-multihop can't be used in the same configration + if 'ebgp_multihop' in peer_config and 'ttl_security' in peer_config: + raise ConfigError('You can\'t set both ebgp-multihop and ttl-security hops') + + # Check spaces in the password + if 'password' in peer_config and ' ' in peer_config['password']: + raise ConfigError('You can\'t use spaces in the password') # Some checks can/must only be done on a neighbor and not a peer-group if neighbor == 'neighbor': @@ -107,6 +115,10 @@ def verify(bgp): if not verify_remote_as(peer_config, asn_config): raise ConfigError(f'Neighbor "{peer}" remote-as must be set!') + # Check if neighbor address is assigned as system interface address + if is_addr_assigned(peer): + raise ConfigError(f'Can\'t configure local address as neighbor "{peer}"') + for afi in ['ipv4_unicast', 'ipv6_unicast', 'l2vpn_evpn']: # Bail out early if address family is not configured if 'address_family' not in peer_config or afi not in peer_config['address_family']: |