From 5ae305002d35de573a34974104f13ebede556715 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Fri, 23 Jul 2010 13:07:44 -0700 Subject: fix for bug 5892 --- scripts/bgp/vyatta-bgp.pl | 83 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 65 insertions(+), 18 deletions(-) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 86ec1e14..d97a3e69 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1138,7 +1138,7 @@ my %qcom = ( ); my ( $pg, $as, $neighbor ); -my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource, $checklocalas ); +my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource, $isIBGPpeer, $checkforibgpasn); GetOptions( "peergroup=s" => \$pg, @@ -1148,16 +1148,19 @@ GetOptions( "check-neighbor-ip" => \$isneighbor, "check-peer-groups" => \$checkpeergroups, "check-source=s" => \$checksource, - "check-local-as" => \$checklocalas, + "is-iBGP" => \$isIBGPpeer, + "check-for-iBGP-ASN=s" => \$checkforibgpasn, "main" => \$main, ); -main() if ($main); -check_peergroup_name($peername) if ($peername); -check_neighbor_ip($neighbor) if ($isneighbor); -check_for_peer_groups( $pg, $as ) if ($checkpeergroups); -check_source($checksource) if ($checksource); -check_local_as($neighbor, $as) if ($checklocalas); +main() if ($main); +check_peergroup_name($peername) if ($peername); +check_neighbor_ip($neighbor) if ($isneighbor); +check_for_peer_groups( $pg, $as ) if ($checkpeergroups); +check_source($checksource) if ($checksource); +check_for_iBGP_ASN($as, $checkforibgpasn) if ($checkforibgpasn); +is_IBGP_peer($neighbor, $as) if ($isIBGPpeer); + exit 0; @@ -1293,23 +1296,67 @@ sub check_remote_as { } -# Verify that is local-as is used, the peer isn't in a confedration -sub check_local_as { +# check to see if this ASN will make a peer an iBGP peer +sub check_for_iBGP_ASN { + my ($as, $testas) = @_; + if ("$as" eq "$testas") { exit 1 ; } + + my $config = new Vyatta::Config; + $config->setLevel("protocols bgp $as"); + + my @neighbors = $config->listNodes('neighbor'); + foreach $neighbor (@neighbors) { + my $remoteas = $config->returnValue("neighbor $neighbor remote-as"); + if ("$testas" eq "$remoteas") { + exit 1; + } + } + + return; +} + +# is this peer an iBGP peer? +sub is_IBGP_peer { my ($neighbor, $as) = @_; my $config = new Vyatta::Config; + my @ibgp_as; + my $neighbor_as; $config->setLevel("protocols bgp $as"); + + # find my local ASN for this neighbor + # it's either explicitly defined or in the peer-group + if ($config->exists("neighbor $neighbor remote-as")) { + $neighbor_as = $config->returnValue("neighbor $neighbor remote-as"); + } + elsif ($config->exists("neighbor $neighbor peer-group")) { + my $peergroup = $config->returnValue("neighbor $neighbor peer-group"); + if ($config->exists("peer-group $peergroup remote-as")) { + my $peergroup = $config->returnValue("neighbor $neighbor peer-group"); + $neighbor_as = $config->returnValue("peer-group $peergroup remote-as"); + } + } + else { + print "Unable to determine primary ASN for neighbor $neighbor\n"; + exit 1; + } + + # now find my possible local ASNs. Confederation ASNs are first. if ($config->exists('parameters confederation peers')) { - my @peers = $config->returnValues('parameters confederation peers'); - my $remoteas = $config->returnValue("neighbor $neighbor remote-as"); - foreach my $peeras (@peers) { - if ("$peeras" eq "$remoteas") { - print "local-as can't be set for neighbors in a peer group\n"; - return 1; - } + @ibgp_as = $config->returnValues('parameters confederation peers'); + } + + # push router local ASN on the stack + push @ibgp_as, $as; + + # and compare neighbor local as to possible local ASNs + foreach my $localas (@ibgp_as) { + if ("$localas" eq "$neighbor_as") { + exit 1; } } - return 0; + + return; } # check that value is either an IPV4 address on system or an interface -- cgit v1.2.3 From 0773ce1032d07f7f74e2b41c0f160570a8ed66a1 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Fri, 6 Aug 2010 15:40:27 -0700 Subject: fix for bug 5925 --- scripts/bgp/vyatta-bgp.pl | 3 ++- .../protocols/bgp/node.tag/parameters/confederation/peers/node.def | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index d97a3e69..a91d16e5 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1304,7 +1304,8 @@ sub check_for_iBGP_ASN { my $config = new Vyatta::Config; $config->setLevel("protocols bgp $as"); - my @neighbors = $config->listNodes('neighbor'); + #my @neighbors = $config->listNodes('neighbor'); + my @neighbors = $config->listOrigNodes('neighbor'); foreach $neighbor (@neighbors) { my $remoteas = $config->returnValue("neighbor $neighbor remote-as"); if ("$testas" eq "$remoteas") { diff --git a/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def b/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def index a5d5b671..52823424 100644 --- a/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def +++ b/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def @@ -3,4 +3,4 @@ type: u32 help: Peer ASs in the BGP confederation val_help: u32:1-4294967294; Peer AS number numbers (ex: "435 234") syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 4294967294; "confederation AS id must be between 1 and 4294967294" -commit:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-for-iBGP-ASN $VAR(@) --as $VAR(../../../@)"; "can't set confederation ASN to $VAR(@). Delete neighbors with remote-as $VAR(@) first." +commit:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-for-iBGP-ASN $VAR(@) --as $VAR(../../../@)"; "Can't set confederation peers ASN to $VAR(@). Delete any neighbors with remote-as $VAR(@) and/or change the local ASN first." -- cgit v1.2.3 From 7e526aa0bfdcafa1d2ae878d680fe568220ecc52 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Fri, 6 Aug 2010 16:55:45 -0700 Subject: fix for bug 5973 --- scripts/bgp/vyatta-bgp.pl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index a91d16e5..bf289511 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -118,18 +118,18 @@ my %qcom = ( noerr => 'set', }, 'protocols bgp var address-family ipv6-unicast redistribute ospfv3' => { - set => 'router bgp #3 ; address-family ipv6 ; redistribute ospfv3', - del => 'router bgp #3 ; address-family ipv6 ; no redistribute ospfv3', + set => 'router bgp #3 ; address-family ipv6 ; redistribute ospf6', + del => 'router bgp #3 ; address-family ipv6 ; no redistribute ospf6', noerr => 'set', }, 'protocols bgp var address-family ipv6-unicast redistribute ospfv3 metric' => { - set => 'router bgp #3 ; address-family ipv6 ; redistribute ospfv3 metric #9', - del => 'router bgp #3 ; address-family ipv6 ; no redistribute ospfv3 metric #9', + set => 'router bgp #3 ; address-family ipv6 ; redistribute ospf6 metric #9', + del => 'router bgp #3 ; address-family ipv6 ; no redistribute ospf6 metric #9', noerr => 'set', }, 'protocols bgp var address-family ipv6-unicast redistribute ospfv3 route-map' => { - set => 'router bgp #3 ; address-family ipv6 ; redistribute ospfv3 route-map #9', - del => 'router bgp #3 ; address-family ipv6 ; no redistribute ospfv3 route-map #9', + set => 'router bgp #3 ; address-family ipv6 ; redistribute ospf6 route-map #9', + del => 'router bgp #3 ; address-family ipv6 ; no redistribute ospf6 route-map #9', noerr => 'set', }, 'protocols bgp var address-family ipv6-unicast redistribute ripng' => { -- cgit v1.2.3 From 57a3d8e42d6ead50cecac01e4f384ec3c84d95b9 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Tue, 10 Aug 2010 11:12:40 -0700 Subject: rename function to be more descriptive of the actual use --- scripts/bgp/vyatta-bgp.pl | 11 ++++++----- .../bgp/node.tag/parameters/confederation/peers/node.def | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index bf289511..7e276231 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1138,7 +1138,7 @@ my %qcom = ( ); my ( $pg, $as, $neighbor ); -my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource, $isIBGPpeer, $checkforibgpasn); +my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource, $isIBGPpeer, $confedibgpasn); GetOptions( "peergroup=s" => \$pg, @@ -1149,7 +1149,7 @@ GetOptions( "check-peer-groups" => \$checkpeergroups, "check-source=s" => \$checksource, "is-iBGP" => \$isIBGPpeer, - "check-for-iBGP-ASN=s" => \$checkforibgpasn, + "confed-iBGP-ASN-check=s" => \$confedibgpasn, "main" => \$main, ); @@ -1158,7 +1158,7 @@ check_peergroup_name($peername) if ($peername); check_neighbor_ip($neighbor) if ($isneighbor); check_for_peer_groups( $pg, $as ) if ($checkpeergroups); check_source($checksource) if ($checksource); -check_for_iBGP_ASN($as, $checkforibgpasn) if ($checkforibgpasn); +confed_iBGP_ASN($as, $confedibgpasn) if ($confedibgpasn); is_IBGP_peer($neighbor, $as) if ($isIBGPpeer); @@ -1296,8 +1296,9 @@ sub check_remote_as { } -# check to see if this ASN will make a peer an iBGP peer -sub check_for_iBGP_ASN { +# check to see if adding this ASN to confederations +# will make a peer an iBGP peer +sub confed_iBGP_ASN { my ($as, $testas) = @_; if ("$as" eq "$testas") { exit 1 ; } diff --git a/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def b/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def index 52823424..e806b5d7 100644 --- a/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def +++ b/templates/protocols/bgp/node.tag/parameters/confederation/peers/node.def @@ -3,4 +3,4 @@ type: u32 help: Peer ASs in the BGP confederation val_help: u32:1-4294967294; Peer AS number numbers (ex: "435 234") syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 4294967294; "confederation AS id must be between 1 and 4294967294" -commit:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-for-iBGP-ASN $VAR(@) --as $VAR(../../../@)"; "Can't set confederation peers ASN to $VAR(@). Delete any neighbors with remote-as $VAR(@) and/or change the local ASN first." +commit:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --confed-iBGP-ASN-check $VAR(@) --as $VAR(../../../@)"; "Can't set confederation peers ASN to $VAR(@). Delete any neighbors with remote-as $VAR(@) and/or change the local ASN first." -- cgit v1.2.3 From b3f09c88499ccabe79085b0c3621c830ee5be3ae Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Tue, 10 Aug 2010 15:49:57 -0700 Subject: fix for bug 5939 --- scripts/bgp/vyatta-bgp.pl | 187 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 132 insertions(+), 55 deletions(-) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 7e276231..9cbde833 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1030,7 +1030,7 @@ my %qcom = ( }, 'protocols bgp var peer-group var timers' => { set => 'router bgp #3 ; neighbor #5 timers @keepalive @holdtime', - del => 'router bgp #3 ; no neighbor #5', + del => 'router bgp #3 ; no neighbor #5 timers', }, 'protocols bgp var peer-group var timers connect' => { set => 'router bgp #3 ; neighbor #5 timers connect #8', @@ -1138,7 +1138,7 @@ my %qcom = ( ); my ( $pg, $as, $neighbor ); -my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource, $isIBGPpeer, $confedibgpasn); +my ( $main, $peername, $isneighbor, $checkpeergroups, $checksource, $isiBGPpeer, $wasiBGPpeer, $confedibgpasn); GetOptions( "peergroup=s" => \$pg, @@ -1148,7 +1148,8 @@ GetOptions( "check-neighbor-ip" => \$isneighbor, "check-peer-groups" => \$checkpeergroups, "check-source=s" => \$checksource, - "is-iBGP" => \$isIBGPpeer, + "is-iBGP" => \$isiBGPpeer, + "was-iBGP" => \$wasiBGPpeer, "confed-iBGP-ASN-check=s" => \$confedibgpasn, "main" => \$main, ); @@ -1159,7 +1160,8 @@ check_neighbor_ip($neighbor) if ($isneighbor); check_for_peer_groups( $pg, $as ) if ($checkpeergroups); check_source($checksource) if ($checksource); confed_iBGP_ASN($as, $confedibgpasn) if ($confedibgpasn); -is_IBGP_peer($neighbor, $as) if ($isIBGPpeer); +is_iBGP_peer($neighbor, $as) if ($isiBGPpeer); +was_iBGP_peer($neighbor, $as) if ($wasiBGPpeer); exit 0; @@ -1219,46 +1221,56 @@ sub check_for_peer_groups { } } -# check that changed neighbors have a remote-as or peer-group defined -sub check_remote_as { +# function to verify changing remote-as from/to i/eBGP +# there are two types of parameter checks we need to do. The first should happen +# when the affected parameter is created/changed. Those checks should happen in +# the syntax and commit statements in the node.defs for those specific params since +# they can be updated individually. The params should be checked again if the remote-as +# changes. +# This funtion handles changes in the remote-as and/or peer-group +sub bgp_type_change { + my ($neighbor, $as, $ntype) =@_; my $config = new Vyatta::Config; $config->setLevel('protocols bgp'); - my @asns = $config->listNodes(); - foreach my $as (@asns) { - # check remote-as if neighbors have been changed - my @neighbors = $config->listNodes("$as neighbor"); - foreach my $neighbor (@neighbors) { - next unless $config->isChanged("$as neighbor $neighbor"); + if ( ("$ntype" ne "neighbor") && ("$ntype" ne "peer-group") ) { + return -1; + } - my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); - my ($peergroup, $peergroupas); - if ($config->exists("$as neighbor $neighbor peer-group")) { - $peergroup = $config->returnValue("$as neighbor $neighbor peer-group"); - if ($config->exists("$as peer-group $peergroup remote-as")) { - $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as"); - } - } + # check if changing from iBGP to eBGP + if ( (iBGP_peer(1, $neighbor, $as, $ntype)) && (! iBGP_peer(0, $neighbor, $as, $ntype)) ) { + if ($config->exists("$as $ntype $neighbor route-reflector-client")) { + return "can not set route-reflector-client and an eBGP remote-as at the same time\n"; + } + } - if ($remoteas) { - if ($peergroupas) { - die "protocols bgp $as neighbor $neighbor: remote-as should not be defined in both neighbor and peer-group\n" - } - return; - } + # check if changing from eBGP to iBGP + if ( (! iBGP_peer(1, $neighbor, $as, $ntype)) && (iBGP_peer(0, $neighbor, $as, $ntype)) ) { + if ($config->exists("$as $ntype $neighbor ebgp-multihop")) { + return "can not set ebgp-multihop and an iBGP remote-as at the same time\n"; + } + if ($config->exists("$as $ntype $neighbor ttl-security")) { + return "can not set ttl-security and an iBGP remote-as at the same time\n"; + } + if ($config->exists("$as $ntype $neighbor local-as")) { + return "can not set local-as and an iBGP remote-as at the same time\n"; + } + } +} - die "protocols bgp $as neighbor $neighbor: must define a remote-as or peer-group\n" - unless $peergroup; - - die "protocols bgp $as neighbor $neighbor: must define a remote-as in neighbor or peer-group $peergroup\n" - unless $peergroupas; +# check that changed neighbors have a remote-as or peer-group defined +# and that all permutations of parameters and BGP type are correct +sub check_remote_as { + my $config = new Vyatta::Config; + $config->setLevel('protocols bgp'); - } - + my @asns = $config->listNodes(); + foreach my $as (@asns) { # check remote-as if peer-groups have been changed my @peergroups = $config->listNodes("$as peer-group"); foreach my $peergroup (@peergroups) { - next unless $config->isChanged("$as peer-group $peergroup"); + next unless ( $config->isChanged("$as peer-group $peergroup remote-as") || + $config->isDeleted("$as peer-group $peergroup remote-as") ); # if we delete the remote-as in the pg, make sure all neighbors have a remote-as defined if ($config->isDeleted("$as peer-group $peergroup remote-as")) { @@ -1268,14 +1280,19 @@ sub check_remote_as { if ( (defined $pgmembership) && ("$pgmembership" eq "$peergroup") ) { my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); if (! defined $remoteas) { - die "protocols bgp $as peer-group $neighbor: can't delete the remote-as in peer-group without setting remote-as in members\n" + die "[protocols bgp $as peer-group $neighbor]\n can't delete the remote-as in peer-group without setting remote-as in member neighbors\n" } } } } - # remote-as can not be defined in both pg and neighbor at the same time + # if remote-as has changed, check that the change is valid if ($config->isChanged("$as peer-group $peergroup remote-as")) { + # check asn type change + my $error = bgp_type_change($peergroup, $as, "peer-group"); + if ($error) { die "[protocols bgp $as peer-group $peergroup]\n $error\n"; } + + # remote-as can not be defined in both pg and neighbor at the same time my $pgremoteas = $config->returnValue("$as peer-group $peergroup remote-as"); my @neighbors = $config->listNodes("$as neighbor"); foreach my $neighbor (@neighbors) { @@ -1283,17 +1300,51 @@ sub check_remote_as { if ( (defined $pgmembership) && ("$pgmembership" eq "$peergroup") ) { my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); if (defined $remoteas && defined $pgremoteas) { - die "protocols bgp $as peer-group $neighbor: must not define remote-as in both neighbor and peer-group\n" + die "[protocols bgp $as peer-group $neighbor]\n must not define remote-as in both neighbor and peer-group\n" } } } + } - } + } ## end foreach my $peergroup (@peergroups) - } # end foreach my $peergroup + # check neighbor if remote-as or peer-group has been changed + my @neighbors = $config->listNodes("$as neighbor"); + foreach my $neighbor (@neighbors) { + next unless ( $config->isChanged("$as neighbor $neighbor remote-as") || + $config->isDeleted("$as neighbor $neighbor remote-as") || + $config->isChanged("$as neighbor $neighbor peer-group") || + $config->isDeleted("$as neighbor $neighbor peer-group") ); - } + # First check that we have a remote-as defined in the neighbor or that + # the neighbor is a member of a peer-group that has a remote-as defined + my ($remoteas, $peergroup, $peergroupas); + $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); + if ($config->exists("$as neighbor $neighbor peer-group")) { + $peergroup = $config->returnValue("$as neighbor $neighbor peer-group"); + if ($config->exists("$as peer-group $peergroup remote-as")) { + $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as"); + } + } + + die "[protocols bgp $as neighbor $neighbor]\n must define a remote-as or peer-group\n" + unless ($peergroup || $remoteas); + + if ($peergroup) { + die "[protocols bgp $as neighbor $neighbor]\n remote-as should not be defined in both neighbor and peer-group\n" + if ($remoteas && $peergroupas); + + die "[protocols bgp $as neighbor $neighbor]\n must define a remote-as in neighbor or peer-group $peergroup\n" + unless ($peergroupas); + } + + # now check if changing remote-as type from/to i/eBGP + my $error = bgp_type_change($neighbor, $as, "neighbor"); + if ($error) { die "[protocols bgp $as neighbor $neighbor]\n $error\n"; } + } ## end foreach my $neighbor (@neighbors) + + } ## end foreach my $as (@asns) } # check to see if adding this ASN to confederations @@ -1317,35 +1368,60 @@ sub confed_iBGP_ASN { return; } -# is this peer an iBGP peer? -sub is_IBGP_peer { +sub is_iBGP_peer { + my ($neighbor, $as) = @_; + + my $return = iBGP_peer(0, $neighbor, $as, "neighbor"); + if ($return > 0) { exit 1; } + elsif ($return < 0) { print "Unable to determine original ASN for neighbhor $neighbor\n"; } + exit 0; +} + +sub was_iBGP_peer { my ($neighbor, $as) = @_; + + if (iBGP_peer(1, $neighbor, $as, "neighbor") >= 1) { exit 1; } + exit 0; +} + +# is this peer an iBGP peer? +sub iBGP_peer { + my ($orig, $neighbor, $as, $ntype) = @_; my $config = new Vyatta::Config; my @ibgp_as; my $neighbor_as; $config->setLevel("protocols bgp $as"); + my $exists = sub { $config->exists(@_) }; + my $returnValue = sub { $config->returnValue(@_) }; + my $returnValues = sub { $config->returnValues(@_) }; + + if ($orig) { + $exists = sub { $config->existsOrig(@_) }; + $returnValue = sub { $config->returnOrigValue(@_) }; + $returnValues = sub { $config->returnOrigValues(@_) }; + } + # find my local ASN for this neighbor # it's either explicitly defined or in the peer-group - if ($config->exists("neighbor $neighbor remote-as")) { - $neighbor_as = $config->returnValue("neighbor $neighbor remote-as"); + if ($exists->("$ntype $neighbor remote-as")) { + $neighbor_as = $returnValue->("$ntype $neighbor remote-as"); } - elsif ($config->exists("neighbor $neighbor peer-group")) { - my $peergroup = $config->returnValue("neighbor $neighbor peer-group"); - if ($config->exists("peer-group $peergroup remote-as")) { - my $peergroup = $config->returnValue("neighbor $neighbor peer-group"); - $neighbor_as = $config->returnValue("peer-group $peergroup remote-as"); + elsif ( ("$ntype" eq "neighbor") && ($exists->("neighbor $neighbor peer-group")) ) { + my $peergroup = $returnValue->("neighbor $neighbor peer-group"); + if ($exists->("peer-group $peergroup remote-as")) { + my $peergroup = $returnValue->("neighbor $neighbor peer-group"); + $neighbor_as = $returnValue->("peer-group $peergroup remote-as"); } } else { - print "Unable to determine primary ASN for neighbor $neighbor\n"; - exit 1; + return -1; } # now find my possible local ASNs. Confederation ASNs are first. - if ($config->exists('parameters confederation peers')) { - @ibgp_as = $config->returnValues('parameters confederation peers'); + if ($exists->('parameters confederation peers')) { + @ibgp_as = $returnValues->('parameters confederation peers'); } # push router local ASN on the stack @@ -1354,11 +1430,11 @@ sub is_IBGP_peer { # and compare neighbor local as to possible local ASNs foreach my $localas (@ibgp_as) { if ("$localas" eq "$neighbor_as") { - exit 1; + return 1; } } - return; + return 0; } # check that value is either an IPV4 address on system or an interface @@ -1385,6 +1461,7 @@ sub main { #$qconfig->_reInitialize(); # check that all changed neighbors have a proper remote-as or peer-group defined + # and that migrations to/from iBGP eBGP are valid check_remote_as(); # deletes with priority -- cgit v1.2.3 From bd7d722092948eaf9609b79b822a032604d2dd55 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Tue, 10 Aug 2010 16:40:37 -0700 Subject: fix for bug 6021 --- scripts/bgp/vyatta-bgp.pl | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 9cbde833..3bfb4cc0 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1316,6 +1316,13 @@ sub check_remote_as { $config->isChanged("$as neighbor $neighbor peer-group") || $config->isDeleted("$as neighbor $neighbor peer-group") ); + if ($config->isDeleted("$as neighbor $neighbor remote-as")) { + my @neighbor_params = undef; + @neighbor_params = $config->listNodes("$as neighbor $neighbor"); + die "[protocols bgp $as neighbor $neighbor]\n must delete the neighbor first if changing the remote-as\n" + if (@neighbor_params); + } + # First check that we have a remote-as defined in the neighbor or that # the neighbor is a member of a peer-group that has a remote-as defined my ($remoteas, $peergroup, $peergroupas); @@ -1330,13 +1337,11 @@ sub check_remote_as { die "[protocols bgp $as neighbor $neighbor]\n must define a remote-as or peer-group\n" unless ($peergroup || $remoteas); - if ($peergroup) { - die "[protocols bgp $as neighbor $neighbor]\n remote-as should not be defined in both neighbor and peer-group\n" - if ($remoteas && $peergroupas); - - die "[protocols bgp $as neighbor $neighbor]\n must define a remote-as in neighbor or peer-group $peergroup\n" - unless ($peergroupas); - } + die "[protocols bgp $as neighbor $neighbor]\n remote-as should not be defined in both neighbor and peer-group\n" + if ($remoteas && $peergroupas); + + die "[protocols bgp $as neighbor $neighbor]\n must define a remote-as in neighbor or peer-group $peergroup\n" + if ( (! $remoteas) && (! $peergroupas) ); # now check if changing remote-as type from/to i/eBGP my $error = bgp_type_change($neighbor, $as, "neighbor"); -- cgit v1.2.3 From 1f3b94d092ebdb9d682b66911738b6ce506f7b04 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 12 Aug 2010 08:45:50 -0400 Subject: Add missing step for peer group ttl-security Bug 5809 --- scripts/bgp/vyatta-bgp.pl | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 3bfb4cc0..a26501e0 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1036,6 +1036,10 @@ my %qcom = ( set => 'router bgp #3 ; neighbor #5 timers connect #8', del => 'router bgp #3 ; no neighbor #5 timers connect #8', }, + 'protocols bgp var peer-group var ttl-security' => { + set => undef, + del => undef, + }, 'protocols bgp var peer-group var ttl-security hops' => { set => 'router bgp #3 ; neighbor #5 ttl-security hops #8', del => 'router bgp #3 ; no neighbor #5 ttl-security hops #8', -- cgit v1.2.3 From 8e5c84d12fd839a97e92bf0fe476780613149af8 Mon Sep 17 00:00:00 2001 From: Robert Bays Date: Thu, 12 Aug 2010 10:47:48 -0700 Subject: fix for bug 6041 --- scripts/bgp/vyatta-bgp.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 3bfb4cc0..bc7e684b 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1239,7 +1239,8 @@ sub bgp_type_change { # check if changing from iBGP to eBGP if ( (iBGP_peer(1, $neighbor, $as, $ntype)) && (! iBGP_peer(0, $neighbor, $as, $ntype)) ) { - if ($config->exists("$as $ntype $neighbor route-reflector-client")) { + if ( $config->exists("$as $ntype $neighbor route-reflector-client") || + $config->exists("$as $ntype $neighbor address-family ipv6-unicast route-reflector-client") ) { return "can not set route-reflector-client and an eBGP remote-as at the same time\n"; } } -- cgit v1.2.3