diff options
Diffstat (limited to 'scripts/bgp/vyatta-bgp.pl')
| -rwxr-xr-x | scripts/bgp/vyatta-bgp.pl | 87 |
1 files changed, 79 insertions, 8 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 849b4284..e4e626e6 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -405,7 +405,7 @@ my %qcom = ( }, 'protocols bgp var neighbor var local-as var no-prepend' => { set => 'router bgp #3 ; no neighbor #5 local-as #7 ; neighbor #5 local-as #7 no-prepend', - del => 'router bgp #3 ; no neighbor #5 local-as #7 no-prepend; neighbor #5 local-as #7', + del => 'router bgp #3 ; no neighbor #5 local-as #7 no-prepend ; neighbor #5 local-as #7', }, 'protocols bgp var neighbor var maximum-prefix' => { set => 'router bgp #3 ; neighbor #5 maximum-prefix #7', @@ -448,7 +448,7 @@ my %qcom = ( del => 'router bgp #3 ; no neighbor #5 prefix-list #8 in', }, 'protocols bgp var neighbor var remote-as' => { - set => 'router bgp #3 ; neighbor #5 remote-as #7', + set => 'router bgp #3 ; neighbor #5 remote-as #7 ; neighbor #5 activate', del => 'router bgp #3 ; no neighbor #5 remote-as #7', }, 'protocols bgp var neighbor var remove-private-as' => { @@ -942,7 +942,7 @@ my %qcom = ( }, 'protocols bgp var peer-group var password' => { set => 'router bgp #3 ; neighbor #5 password #7', - del => 'router bgp #3 ; no neighbor #5 password #7', + del => 'router bgp #3 ; no neighbor #5 password', }, 'protocols bgp var peer-group var port' => { set => 'router bgp #3 ; neighbor #5 port #7', @@ -1019,7 +1019,7 @@ my %qcom = ( }, 'protocols bgp var peer-group var update-source' => { set => 'router bgp #3 ; neighbor #5 update-source #7', - del => 'router bgp #3 ; no neighbor #5 update-source #7', + del => 'router bgp #3 ; no neighbor #5 update-source', }, 'protocols bgp var peer-group var weight' => { set => 'router bgp #3 ; neighbor #5 weight #7', @@ -1096,7 +1096,7 @@ my %qcom = ( ); my ( $pg, $as, $neighbor ); -my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource ); +my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource, $checklocalas ); GetOptions( "peergroup=s" => \$pg, @@ -1106,6 +1106,7 @@ GetOptions( "check-neighbor-ip" => \$isneighbor, "check-peer-groups" => \$checkpeergroups, "check-source=s" => \$checksource, + "check-local-as" => \$checklocalas, "main" => \$main, ); @@ -1114,6 +1115,7 @@ check_peergroup_name($peername) if ($peername); check_neighbor_ip($neighbor) if ($isneighbor); check_for_peer_groups( $pg, $as ) if ($checkpeergroups); check_source($checksource) if ($checksource); +check_local_as($neighbor, $as) if ($checklocalas); exit 0; @@ -1179,23 +1181,92 @@ sub check_remote_as { my @asns = $config->listNodes(); foreach my $as (@asns) { + # check remote-as if neighbors have been changed my @neighbors = $config->listNodes("$as neighbor"); foreach my $neighbor (@neighbors) { if ($config->isChanged("$as neighbor $neighbor")) { my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); + + my ($peergroup, $peergroupas); + if ($config->exists("$as neighbor $neighbor peer-group")) { + $peergroup = $config->returnValue("$as neighbor $neighbor peer-group"); + if ($config->exists("$as peer-group $peergroup remote-as")) { + $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as"); + } + } + if ($remoteas) { + if ($peergroupas) { + die "protocols bgp $as neighbor $neighbor: remote-as should not be defined in both neighbor and peer-group\n" + } return; } - my $peergroup = $config->returnValue("$as neighbor $neighbor peer-group"); + die "protocols bgp $as neighbor $neighbor: must define a remote-as or peer-group\n" unless $peergroup; - - my $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as"); + die "protocols bgp $as neighbor $neighbor: must define a remote-as in neighbor or peer-group $peergroup\n" unless $peergroupas; } } + + # check remote-as if peer-groups have been changed + my @peergroups = $config->listNodes("$as peer-group"); + foreach my $peergroup (@peergroups) { + if ($config->isChanged("$as peer-group $peergroup")) { + + # if we delete the remote-as in the pg, make sure all neighbors have a remote-as defined + if ($config->isDeleted("$as peer-group $peergroup remote-as")) { + my @neighbors = $config->listNodes("$as neighbor"); + foreach my $neighbor (@neighbors) { + my $pgmembership = $config->returnValue("$as neighbor $neighbor peer-group"); + if ( (defined $pgmembership) && ("$pgmembership" eq "$peergroup") ) { + my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); + if (! defined $remoteas) { + die "protocols bgp $as peer-group $neighbor: can't delete the remote-as in peer-group without setting remote-as in members\n" + } + } + } + } + + # remote-as can not be defined in both pg and neighbor at the same time + if ($config->isChanged("$as peer-group $peergroup remote-as")) { + my $pgremoteas = $config->returnValue("$as peer-group $peergroup remote-as"); + my @neighbors = $config->listNodes("$as neighbor"); + foreach my $neighbor (@neighbors) { + my $pgmembership = $config->returnValue("$as neighbor $neighbor peer-group"); + if ( (defined $pgmembership) && ("$pgmembership" eq "$peergroup") ) { + my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); + if (defined $remoteas && defined $pgremoteas) { + die "protocols bgp $as peer-group $neighbor: must not define remote-as in both neighbor and peer-group\n" + } + } + } + } + + } + } # end foreach my $peergroup + } + +} + +# Verify that is local-as is used, the peer isn't in a confedration +sub check_local_as { + my ($neighbor, $as) = @_; + my $config = new Vyatta::Config; + + $config->setLevel("protocols bgp $as"); + if ($config->exists('parameters confederation peers')) { + my @peers = $config->returnValues('parameters confederation peers'); + my $remoteas = $config->returnValue("neighbor $neighbor remote-as"); + foreach my $peeras (@peers) { + if ("$peeras" eq "$remoteas") { + print "local-as can't be set for neighbors in a peer group\n"; + return 1; + } + } } + return 0; } # check that value is either an IPV4 address on system or an interface |