summaryrefslogtreecommitdiff
path: root/scripts/bgp
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/bgp')
-rwxr-xr-xscripts/bgp/vyatta-bgp.pl181
1 files changed, 108 insertions, 73 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl
index e2cd2a1e..0f68b900 100755
--- a/scripts/bgp/vyatta-bgp.pl
+++ b/scripts/bgp/vyatta-bgp.pl
@@ -228,6 +228,11 @@ my %qcom = (
set => 'router bgp #3 ; address-family ipv6 ; neighbor #5 next-hop-self',
del => 'router bgp #3 ; address-family ipv6 ; no neighbor #5 next-hop-self',
},
+ 'protocols bgp var neighbor var address-family ipv6-unicast peer-group' => {
+ set => 'router bgp #3 ; address-family ipv6 ; neighbor #5 peer-group #9',
+ del => 'router bgp #3 ; address-family ipv6 ; no neighbor #5 peer-group #9 ; neighbor #5 activate',
+ noerr => 'del',
+ },
'protocols bgp var neighbor var address-family ipv6-unicast prefix-list' => {
set => undef,
del => undef,
@@ -1168,66 +1173,80 @@ sub bgp_type_change {
}
}
-# delete a neighbor from a peer-group
-sub neighborFromPeerGroup
+sub checkBannedPeerGroupParameters
{
- my ($level) = @_;
-
- my @overwritelist = ('allowas-in', 'allowas-in number', 'capability dynamic', 'capability orf',
- 'disable-connected-check', 'distribute-list import',
- 'disable-capability-negotiation', 'ebgp-multihop', 'filter-list import',
- 'maximum-prefix', 'override-capability', 'passive', 'password', 'port',
- 'prefix-list import', 'route-map import', 'shutdown',
- 'soft-reconfiguration inbound', 'strict-capability-match',
- 'update-source', 'weight');
-
+ my ($level, $protocol) = @_;
+ unless ($protocol == 4 || $protocol == 6) {
+ return -1;
+ }
+
+ my @bannedlist = ('advertisement-interval', 'attribute-unchanged', 'capability orf',
+ 'default-originate', 'distribute-list export', 'filter-list export',
+ 'nexthop-self', 'prefix-list export', 'remove-private-as',
+ 'route-map export', 'route-reflector-client', 'route-server-client',
+ 'disable-send-community', 'timers', 'ttl-security', 'unsuppress-map');
+
+ my @globalbannedlist = ('local-as');
+
my $config = new Vyatta::Config;
$config->setLevel("protocols bgp $level");
-
- # make sure to re-add the overwrite nodes if they exist.
- foreach my $node (@overwritelist) {
+
+ foreach my $node (@globalbannedlist) {
if ($config->exists($node)) {
- $qconfig->reInsertNode("protocols bgp $level $node");
+ print "[ protocols bgp $level ]\n parameter $node is incompatible with a neighbor in a peer-group\n";
+ exit 1;
}
}
+ if ($protocol == 6) {
+ $config->setLevel("protocols bgp $level address-family ipv6-unicast");
+ }
+ foreach my $node (@bannedlist) {
+ if ($config->exists($node)) {
+ print "[ protocols bgp $level ]\n parameter $node is incompatible with a neighbor in a peer-group\n";
+ exit 1;
+ }
+ }
+ return 1;
}
-# add a neighbor to a peer-group
-sub neighborToPeerGroup
+sub checkOverwritePeerGroupParameters
{
- my ($level) = @_;
+ my ($level, $protocol) = @_;
+ my $ret = 0;
- my @bannedlist = ('advertisement-interval', 'attribute-unchanged', 'capability orf',
- 'default-originate', 'distribute-list export', 'filter-list export',
- 'local-as', 'nexthop-self', 'prefix-list export', 'remove-private-as',
- 'route-map export', 'route-reflector-client', 'route-server-client',
- 'disable-send-community', 'timers', 'ttl-security', 'unsuppress-map');
-
- my @overwritelist = ('allowas-in', 'allowas-in number', 'capability dynamic', 'capability orf',
- 'disable-connected-check', 'distribute-list import',
- 'disable-capability-negotiation', 'ebgp-multihop', 'filter-list import',
- 'maximum-prefix', 'override-capability', 'passive', 'password', 'port',
- 'prefix-list import', 'route-map import', 'shutdown',
- 'soft-reconfiguration inbound', 'strict-capability-match',
- 'update-source', 'weight');
+ unless ($protocol == 4 || $protocol == 6) {
+ return -1;
+ }
+
+ my @overwritelist = ('allowas-in', 'allowas-in number', 'capability dynamic',
+ 'distribute-list import', 'filter-list import', 'maximum-prefix',
+ 'port', 'prefix-list import', 'route-map import',
+ 'soft-reconfiguration inbound', 'strict-capability-match');
+
+ my @globaloverwritelist = ('disable-capability-negotiation', 'disable-connected-check',
+ 'ebgp-multihop', 'override-capability', 'passive', 'password',
+ 'shutdown', 'update-source', 'weight');
my $config = new Vyatta::Config;
$config->setLevel("protocols bgp $level");
- # first check that the neighbor doesn't contain anything in the bannedlist
- foreach my $node (@bannedlist) {
+ foreach my $node (@globaloverwritelist) {
if ($config->exists($node)) {
- print "[ protocols bgp $level ]\n parameter $node is incompatible with neighbors in a peer-group\n";
- exit 1;
+ $qconfig->reInsertNode("protocols bgp $level $node");
+ $ret++;
}
}
-
- # now make sure to re-add the overwrite nodes if they exist.
+ if ($protocol == 6) {
+ $level .= " address-family ipv6-unicast";
+ $config->setLevel("protocols bgp $level");
+ }
foreach my $node (@overwritelist) {
if ($config->exists($node)) {
$qconfig->reInsertNode("protocols bgp $level $node");
+ $ret++;
}
}
+ return $ret;
}
# check that changed neighbors have a remote-as or peer-group defined
@@ -1253,7 +1272,7 @@ sub check_neighbor_parameters
if ( (defined $pgmembership) && ("$pgmembership" eq "$peergroup") ) {
my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as");
if (! defined $remoteas) {
- die "[protocols bgp $as peer-group $neighbor]\n can't delete the remote-as in peer-group without setting remote-as in member neighbors\n"
+ die "[ protocols bgp $as peer-group $neighbor ]\n can't delete the remote-as in peer-group without setting remote-as in member neighbors\n"
}
}
}
@@ -1273,52 +1292,68 @@ sub check_neighbor_parameters
if ( (defined $pgmembership) && ("$pgmembership" eq "$peergroup") ) {
my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as");
if (defined $remoteas && defined $pgremoteas) {
- die "[protocols bgp $as peer-group $neighbor]\n must not define remote-as in both neighbor and peer-group\n"
+ die "[ protocols bgp $as peer-group $neighbor ]\n must not define remote-as in both neighbor and peer-group\n"
}
}
}
}
-
} ## end foreach my $peergroup (@peergroups)
# check neighbor if remote-as or peer-group has been changed
my @neighbors = $config->listNodes("$as neighbor");
foreach my $neighbor (@neighbors) {
- next unless ($config->isChanged("$as neighbor $neighbor remote-as") ||
- $config->isChanged("$as neighbor $neighbor peer-group") ||
- $config->isDeleted("$as neighbor $neighbor remote-as") ||
- $config->isDeleted("$as neighbor $neighbor peer-group") );
-
- # remote-as checks: Make sure the neighbor has a remote-as defined locally or in the peer-group
- my ($remoteas, $peergroup, $peergroupas);
- $remoteas = $config->returnValue("$as neighbor $neighbor remote-as");
- if ($config->exists("$as neighbor $neighbor peer-group")) {
- $peergroup = $config->returnValue("$as neighbor $neighbor peer-group");
- if ($config->exists("$as peer-group $peergroup remote-as")) {
- $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as");
- }
- }
-
- die "[ protocols bgp $as neighbor $neighbor ]\n must set remote-as or peer-group with remote-as defined\n"
- unless ($remoteas || $peergroupas);
-
- die "[ protocols bgp $as neighbor $neighbor ]\n remote-as should not be defined in both neighbor and peer-group\n"
- if ($remoteas && $peergroupas);
- ## end remote-as checks
+ # check that remote-as exists
+ if ($config->isChanged("$as neighbor $neighbor remote-as") ||
+ $config->isDeleted("$as neighbor $neighbor remote-as")) {
+ # remote-as checks: Make sure the neighbor has a remote-as defined locally or in the peer-group
+ my ($remoteas, $peergroup, $peergroupas);
+ $remoteas = $config->returnValue("$as neighbor $neighbor remote-as");
+ if ($config->exists("$as neighbor $neighbor peer-group")) {
+ $peergroup = $config->returnValue("$as neighbor $neighbor peer-group");
+ if ($config->exists("$as peer-group $peergroup remote-as")) {
+ $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as");
+ }
+ }
- # If the peer-group has changed since the last commit, update overwritable nodes
- # We do this because Quagga removes nodes silently while vyatta-cfg does not. These
- # functions actually make Vyatta implentation of peer-groups more consistent.
- if ($config->isChanged("$as neighbor $neighbor peer-group")) {
- neighborToPeerGroup("$as neighbor $neighbor");
- } elsif ($config->isDeleted("$as neighbor $neighbor peer-group")) {
- neighborFromPeerGroup("$as neighbor $neighbor");
- }
+ die "[ protocols bgp $as neighbor $neighbor ]\n must set remote-as or peer-group with remote-as defined\n"
+ unless ($remoteas || $peergroupas);
- # Check if changing BGP peer type from/to i/eBGP
- my $error = bgp_type_change($neighbor, $as, "neighbor");
- if ($error) { die "[protocols bgp $as neighbor $neighbor]\n $error\n"; }
+ die "[ protocols bgp $as neighbor $neighbor ]\n remote-as should not be defined in both neighbor and peer-group\n"
+ if ($remoteas && $peergroupas);
+ } ## end remote-as checks
+
+ # Check if changing BGP peer type from/to i/eBGP
+ my $error = bgp_type_change($neighbor, $as, "neighbor");
+ if ($error) { die "[ protocols bgp $as neighbor $neighbor ]\n $error\n"; }
+
+ # check IPv4 peer-group
+ if ($config->isChanged("$as neighbor $neighbor peer-group") ||
+ $config->isDeleted("$as neighbor $neighbor peer-group")) {
+ # If the peer-group has changed since the last commit, update overwritable nodes
+ # We do this because Quagga removes nodes silently while vyatta-cfg does not. These
+ # functions actually make Vyatta implentation of peer-groups more consistent.
+ if ($config->isChanged("$as neighbor $neighbor peer-group")) {
+ checkBannedPeerGroupParameters("$as neighbor $neighbor", 4);
+ checkOverwritePeerGroupParameters("$as neighbor $neighbor", 4);
+ } elsif ($config->isDeleted("$as neighbor $neighbor peer-group")) {
+ checkOverwritePeerGroupParameters("$as neighbor $neighbor", 4);
+ }
+ }
+
+ # check IPv6 peer-group
+ if ($config->isChanged("$as neighbor $neighbor address-family ipv6-unicast peer-group") ||
+ $config->isDeleted("$as neighbor $neighbor address-family ipv6-unicast peer-group")) {
+ # If the peer-group has changed since the last commit, update overwritable nodes
+ # We do this because Quagga removes nodes silently while vyatta-cfg does not. These
+ # functions actually make Vyatta implentation of peer-groups more consistent.
+ if ($config->isChanged("$as neighbor $neighbor address-family ipv6-unicast peer-group")) {
+ checkBannedPeerGroupParameters("$as neighbor $neighbor", 6);
+ checkOverwritePeerGroupParameters("$as neighbor $neighbor", 6);
+ } elsif ($config->isDeleted("$as neighbor $neighbor address-family ipv6-unicast peer-group")) {
+ checkOverwritePeerGroupParameters("$as neighbor $neighbor", 6);
+ }
+ }
} ## end foreach my $neighbor (@neighbors)
} ## end foreach my $as (@asns)
}