diff options
18 files changed, 187 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 4615738c..d22d86ec 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +vyatta-cfg-quagga (0.19.1+vyos2+current3) unstable; urgency=low + + [ Mihail Vasilev ] + * Added bgp extended community support. + + [ Mihail Vasilev ] + + -- Mihail Vasilev <mick@corp.linkintel.ru> Tue, 10 Apr 2016 11:51:00 -0300 + vyatta-cfg-quagga (0.19.1+vyos2+current2) unstable; urgency=low [ Mihail Vasilev ] diff --git a/scripts/policy/vyatta-policy.pl b/scripts/policy/vyatta-policy.pl index 2d88505f..4acd1881 100755 --- a/scripts/policy/vyatta-policy.pl +++ b/scripts/policy/vyatta-policy.pl @@ -8,7 +8,7 @@ use Getopt::Long; my $VTYSH = '/usr/bin/vtysh'; my $ACL_CONSUMERS_DIR = "/opt/vyatta/sbin/policy"; -my ( $accesslist, $accesslist6, $aspathlist, $communitylist, $peer ); +my ( $accesslist, $accesslist6, $aspathlist, $communitylist, $extcommunitylist, $peer ); my ( $routemap, $deleteroutemap, $listpolicy ); GetOptions( @@ -16,6 +16,7 @@ GetOptions( "update-access-list6=s" => \$accesslist6, "update-aspath-list=s" => \$aspathlist, "update-community-list=s" => \$communitylist, + "update-extcommunity-list=s" => \$extcommunitylist, "check-peer-syntax=s" => \$peer, "check-routemap-action=s" => \$routemap, "check-delete-routemap-action=s" => \$deleteroutemap, @@ -26,6 +27,7 @@ update_access_list($accesslist) if ($accesslist); update_access_list6($accesslist6) if ($accesslist6); update_as_path($aspathlist) if ($aspathlist); update_community_list($communitylist) if ($communitylist); +update_ext_community_list($extcommunitylist) if ($extcommunitylist); check_peer_syntax($peer) if ($peer); check_routemap_action($routemap) if ($routemap); check_delete_routemap_action($deleteroutemap) if ($deleteroutemap); @@ -56,6 +58,71 @@ sub is_community_list { } } +sub is_extcommunity_list { + my $list = shift; + + my $count = `$VTYSH -c \"show ip extcommunity-list $list\" | grep -c $list`; + if ( $count > 0 ) { + return 1; + } + else { + return 0; + } +} + + +sub update_ext_community_list { + my $variant= shift; + my $name = shift; + my $config = new Vyatta::Config; + my @rules = (); + + if($variant !~ /^standard|expanded$/ ) { + die +"set policy route extcommunity-list [ standard | expanded ] list-name rule rule-num action { deny | permit } + ^^^^^^^^^^^^^^^^^^^^^^^\n"; + }; + my $cmdline="$VTYSH -c \"configure terminal\" "; + # remove the old rule + if ( is_extcommunity_list($name) ) { + $cmdline.= " -c \"no ip extcommunity-list $name\" "; + }; + + $config->setLevel("policy route extcommunity-list $variant $name "); + @rules = $config->listNodes(); + foreach my $rule ( sort numerically @rules ) { + + # set the action + my $action = $config->returnValue("$rule action"); + die + "policy route extcommunity-list $variant $name rule $rule: You must specify an action\n" + unless $action; + + # grab the regex + my $regex = $config->returnValue("$rule regex"); + die "policy route extcommunity-list $variant $name rule $rule: You must specify a regex\n" + unless $regex; + if($variant eq 'standard') { + unless (($regex =~ /(.*):(.*)/) and (isIpAddress($1)or($1=~/^\d+$/) ) and ($2=~/^\d+$/)) { + die "for standard extcommunity-list regex should be either: + +AS:VAL + + This is a format to define AS based Extended Community value. AS part is 2 octets Global Administrator subfield in Extended Community value. VAL part is 4 octets Local Administrator subfield. 7675:100 represents AS 7675 policy value 100. + +IP-Address:VAL + + This is a format to define IP address based Extended Community value. IP-Address part is 4 octets Global Administrator subfield. VAL part is 2 octets Local Administrator subfield. 10.0.0.1:100 represents IP 10.0.0.1 policy value 100. +"; + + }; + }; + $cmdline.="-c \"ip extcommunity-list $name $action $regex\" "; + }; + exit system($cmdline); +} + + sub update_community_list { my $num = shift; my $config = new Vyatta::Config; diff --git a/templates/policy/extcommunity-list/expanded/description/node.def b/templates/policy/extcommunity-list/expanded/description/node.def new file mode 100644 index 00000000..7a660be4 --- /dev/null +++ b/templates/policy/extcommunity-list/expanded/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Description for this community list diff --git a/templates/policy/extcommunity-list/expanded/node.def b/templates/policy/extcommunity-list/expanded/node.def new file mode 100644 index 00000000..95f6f003 --- /dev/null +++ b/templates/policy/extcommunity-list/expanded/node.def @@ -0,0 +1,8 @@ +tag: +priority: 490 +type: txt +help: Border Gateway Protocol (BGP) extended community-list filter + +syntax:expression: pattern $VAR(@) "^[a-zA-Z0-9]+$" ; "Should be alphanumeric name" + +end: /opt/vyatta/sbin/vyatta-policy.pl --update-community-list expanded $VAR(@) diff --git a/templates/policy/extcommunity-list/expanded/rule/node.def b/templates/policy/extcommunity-list/expanded/rule/node.def new file mode 100644 index 00000000..7826f33d --- /dev/null +++ b/templates/policy/extcommunity-list/expanded/rule/node.def @@ -0,0 +1,6 @@ +tag: +type: u32 +help: create a rule for this BGP extended community list +val_help: u32:1-65535; Extended community-list rule number + +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "rule number must be between 1 and 65535" diff --git a/templates/policy/extcommunity-list/expanded/rule/node.tag/action/node.def b/templates/policy/extcommunity-list/expanded/rule/node.tag/action/node.def new file mode 100644 index 00000000..db4bdbc6 --- /dev/null +++ b/templates/policy/extcommunity-list/expanded/rule/node.tag/action/node.def @@ -0,0 +1,6 @@ +type: txt +help: Action to take on routes matching this rule [REQUIRED] +val_help: permit; Permit matching routes +val_help: deny; Deny matching routes + +syntax:expression: $VAR(@) in "permit", "deny"; "action must be permit or deny" diff --git a/templates/policy/extcommunity-list/expanded/rule/node.tag/description/node.def b/templates/policy/extcommunity-list/expanded/rule/node.tag/description/node.def new file mode 100644 index 00000000..b8e3095b --- /dev/null +++ b/templates/policy/extcommunity-list/expanded/rule/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Description for this rule diff --git a/templates/policy/extcommunity-list/expanded/rule/node.tag/regex/node.def b/templates/policy/extcommunity-list/expanded/rule/node.tag/regex/node.def new file mode 100644 index 00000000..fae3784c --- /dev/null +++ b/templates/policy/extcommunity-list/expanded/rule/node.tag/regex/node.def @@ -0,0 +1,5 @@ +type: txt +help: Extended community regexp. +val_help: Extended community list regular expression + +commit:expression: $VAR(../action/@) != ""; "You must specify an action" diff --git a/templates/policy/extcommunity-list/node.def b/templates/policy/extcommunity-list/node.def new file mode 100644 index 00000000..9676146c --- /dev/null +++ b/templates/policy/extcommunity-list/node.def @@ -0,0 +1,7 @@ +tag: +priority: 480 +type: txt +help: Border Gateway Protocol (BGP) extended communities attribute. Usefull for implementing network policy for MPLS VPN/BGP by restricting routes according to their Route Target or Site of Origin. +val_help: Type of extended community. standard or expanded. + +syntax:expression: pattern $VAR(@) "^standard|expanded$" ; "Should be either standard or expanded" diff --git a/templates/policy/extcommunity-list/standard/description/node.def b/templates/policy/extcommunity-list/standard/description/node.def new file mode 100644 index 00000000..7a660be4 --- /dev/null +++ b/templates/policy/extcommunity-list/standard/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Description for this community list diff --git a/templates/policy/extcommunity-list/standard/node.def b/templates/policy/extcommunity-list/standard/node.def new file mode 100644 index 00000000..aec1edcd --- /dev/null +++ b/templates/policy/extcommunity-list/standard/node.def @@ -0,0 +1,8 @@ +tag: +priority: 485 +type: txt +help: Border Gateway Protocol (BGP) extended community-list filter + +syntax:expression: pattern $VAR(@) "^[a-zA-Z0-9]+$" ; "Should be alphanumeric name" + +end: /opt/vyatta/sbin/vyatta-policy.pl --update-community-list standard $VAR(@) diff --git a/templates/policy/extcommunity-list/standard/rule/node.def b/templates/policy/extcommunity-list/standard/rule/node.def new file mode 100644 index 00000000..7826f33d --- /dev/null +++ b/templates/policy/extcommunity-list/standard/rule/node.def @@ -0,0 +1,6 @@ +tag: +type: u32 +help: create a rule for this BGP extended community list +val_help: u32:1-65535; Extended community-list rule number + +syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "rule number must be between 1 and 65535" diff --git a/templates/policy/extcommunity-list/standard/rule/node.tag/action/node.def b/templates/policy/extcommunity-list/standard/rule/node.tag/action/node.def new file mode 100644 index 00000000..db4bdbc6 --- /dev/null +++ b/templates/policy/extcommunity-list/standard/rule/node.tag/action/node.def @@ -0,0 +1,6 @@ +type: txt +help: Action to take on routes matching this rule [REQUIRED] +val_help: permit; Permit matching routes +val_help: deny; Deny matching routes + +syntax:expression: $VAR(@) in "permit", "deny"; "action must be permit or deny" diff --git a/templates/policy/extcommunity-list/standard/rule/node.tag/description/node.def b/templates/policy/extcommunity-list/standard/rule/node.tag/description/node.def new file mode 100644 index 00000000..b8e3095b --- /dev/null +++ b/templates/policy/extcommunity-list/standard/rule/node.tag/description/node.def @@ -0,0 +1,2 @@ +type: txt +help: Description for this rule diff --git a/templates/policy/extcommunity-list/standard/rule/node.tag/regex/node.def b/templates/policy/extcommunity-list/standard/rule/node.tag/regex/node.def new file mode 100644 index 00000000..36dd9954 --- /dev/null +++ b/templates/policy/extcommunity-list/standard/rule/node.tag/regex/node.def @@ -0,0 +1,7 @@ +type: txt +help: Extended community value. Should be either AS:VAL or IP-Address:VAL +val_help: Community list regular expression + +syntax:expression: pattern $VAR(@) "^([0-9]*)|([0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}):[0-9]*$" + +commit:expression: $VAR(../action/@) != ""; "You must specify an action" diff --git a/templates/policy/route-map/node.tag/rule/node.tag/match/extcommunity/node.def b/templates/policy/route-map/node.tag/rule/node.tag/match/extcommunity/node.def new file mode 100644 index 00000000..64325e14 --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/match/extcommunity/node.def @@ -0,0 +1,15 @@ +type: txt +help: BGP extended community to match +val_help: Extended community name + +commit:expression: $VAR(../../action/) != ""; "You must specify an action" +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy extcommunity-list $VAR(@)\" ";"extended community list $VAR(@) doesn't exist" + + +update: vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)" \ + -c "match extcommunity $VAR(@)" + +delete: vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)" \ + -c "no match extcommunity $VAR(@)" diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/extcommunity-rt/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/extcommunity-rt/node.def new file mode 100644 index 00000000..6338ca50 --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/set/extcommunity-rt/node.def @@ -0,0 +1,14 @@ +type: txt +help: Set route target value +val_help: ASN:nn_or_IP_address:nn VPN extended community + +syntax:expression: pattern $VAR(@) "\d+:\d+(\.\d+\.\d+\.\d+):\d+" ; "Should be in form: ASN:nn_or_IP_address:nn where ASN is autonomous system number" +commit:expression: $VAR(../../action/) != ""; "you must specify an action" + +update: vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)" \ + -c "set extcommunity rt $VAR(@)" + +delete: vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)" \ + -c "no set extcommunity rt" diff --git a/templates/policy/route-map/node.tag/rule/node.tag/set/extcommunity-soo/node.def b/templates/policy/route-map/node.tag/rule/node.tag/set/extcommunity-soo/node.def new file mode 100644 index 00000000..e76243dd --- /dev/null +++ b/templates/policy/route-map/node.tag/rule/node.tag/set/extcommunity-soo/node.def @@ -0,0 +1,14 @@ +type: txt +help: Set Site of Origin value. +val_help: ASN:nn_or_IP_address:nn VPN extended community + +syntax:expression: pattern $VAR(@) "\d+:\d+(\.\d+\.\d+\.\d+):\d+" ; "Should be in form: ASN:nn_or_IP_address:nn where ASN is autonomous system number" +commit:expression: $VAR(../../action/) != ""; "you must specify an action" + +update: vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)" \ + -c "set extcommunity soo $VAR(@)" + +delete: vtysh -c "configure terminal" \ + -c "route-map $VAR(../../../@) $VAR(../../action/@) $VAR(../../@)" \ + -c "no set extcommunity soo" |