bfd: T1949: fix verification logic for IPv6 BFD peers

IPv6 BFD peers only require a source address unless link-local addresses are used.

2 files changed, 19 insertions, 3 deletions

diff --git a/python/vyos/validate.py b/python/vyos/validate.py
index 1ce5a8467..8ffef64fa 100644
--- a/python/vyos/validate.py
+++ b/python/vyos/validate.py
@@ -52,6 +52,17 @@ def is_ipv6(addr):
 
     return False
 
+def is_ipv6_link_local(addr):
+    """
+    Check addr if it is an IPv6 link-local address/network. Returns True/False
+    """
+
+    if is_ipv6(addr):
+        if ipaddress.IPv6Address(addr).is_link_local:
+            return True
+
+    return False
+
 def is_intf_addr_assigned(intf, addr):
     """
     Verify if the given IPv4/IPv6 address is assigned to specific interface.
diff --git a/src/conf_mode/protocols_bfd.py b/src/conf_mode/protocols_bfd.py
index 9ca194edd..58f5b5a0e 100755
--- a/src/conf_mode/protocols_bfd.py
+++ b/src/conf_mode/protocols_bfd.py
@@ -163,10 +163,15 @@ def verify(bfd):
     conf = Config()
 
     for peer in bfd['new_peers']:
-        # IPv6 peers require an explicit local address/interface combination
-        if vyos.validate.is_ipv6(peer['remote']):
+        # IPv6 link local peers require an explicit local address/interface
+        if vyos.validate.is_ipv6_link_local(peer['remote']):
             if not (peer['src_if'] and peer['src_addr']):
-                raise ConfigError('BFD IPv6 peers require explicit local address and interface setting')
+                raise ConfigError('BFD IPv6 link-local peers require explicit local address and interface setting')
+
+        # IPv6 peers require an explicit local address
+        if vyos.validate.is_ipv6(peer['remote']):
+            if not peer['src_addr']:
+                raise ConfigError('BFD IPv6 peers require explicit local address setting')
 
         # multihop require source address
         if peer['multihop'] and not peer['src_addr']: