diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-01-06 12:09:37 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-01-06 12:09:37 +0100 |
| commit | f78201c25611cf6b8bc1ef7ff9ff0b7e4c992519 (patch) | |
| tree | e03ad7d8135f2f9413540ee218670494ab7b8862 | |
| parent | cbd2d71fc85f89f322f1d5c85052034b0b57b3b9 (diff) | |
| download | vyos-1x-f78201c25611cf6b8bc1ef7ff9ff0b7e4c992519.tar.gz vyos-1x-f78201c25611cf6b8bc1ef7ff9ff0b7e4c992519.zip | |
bgp: T2174: verify() proper existance of remote-as
| -rwxr-xr-x | src/conf_mode/protocols_bgp.py | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index a3f32fd2d..d0dfb55ec 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -50,32 +50,37 @@ def verify(bgp): # Check if declared more than one ASN if len(bgp) > 1: - raise ConfigError('Only one BGP AS can be defined!') + raise ConfigError('Only one BGP AS number can be defined!') for asn, asn_config in bgp.items(): + import pprint + pprint.pprint(asn_config) + # Common verification for both peer-group and neighbor statements - for neigh in ['neighbor', 'peer_group']: + for neighbor in ['neighbor', 'peer_group']: # bail out early if there is no neighbor or peer-group statement # this also saves one indention level - if neigh not in asn_config: + if neighbor not in asn_config: + print(f'no {neighbor} found in config') continue - #for neighbor, config in asn_config[neigh].items(): - ''' - # These checks need to be modified. Because peer-group can be declared without 'remote-as'. - # When 'remote-as' configured for specific neighbor in peer-group. For example - # - - set protocols nbgp 65001 neighbor 100.64.0.2 peer-group 'FOO' - set protocols nbgp 65001 neighbor 100.64.0.2 remote-as '65002' - set protocols nbgp 65001 peer-group FOO - - ''' - #if 'remote_as' not in config and 'peer_group' not in config: - # raise ConfigError(f'BGP remote-as must be specified for "{neighbor}"!') - - #if 'remote_as' in config and 'peer_group' in config: - # raise ConfigError(f'BGP peer-group member "{neighbor}" cannot override remote-as of peer-group!') + for peer, peer_config in asn_config[neighbor].items(): + # Only regular "neighbor" statement can have a peer-group set + # Check if the configure peer-group exists + if 'peer_group' in peer_config: + peer_group = peer_config['peer_group'] + if peer_group not in asn_config['peer_group']: + raise ConfigError(f'Specified peer-group "{peer_group}" for '\ + f'neighbor "{neighbor}" does not exist!') + + # Some checks can/must only be done on a neighbor and nor a peer-group + if neighbor == 'neighbor': + # remote-as must be either set explicitly for the neighbor + # or for the entire peer-group + if 'remote_as' not in peer_config: + peer_group = peer_config['peer_group'] + if 'remote_as' not in asn_config['peer_group'][peer_group]: + raise ConfigError('Remote AS must be set for neighbor or peer-group!') return None |