diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2024-04-24 10:50:59 +0000 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-04-24 18:47:21 +0000 |
| commit | 9bdc522e2dbf3208a6f4c1b0c098b8dc57cf0dd6 (patch) | |
| tree | 56c4b960e0fec3548f3fc349c1196a17af6d248e | |
| parent | c1b328f6818b0ff7e4739ea04572bf4da884f134 (diff) | |
| download | vyos-1x-9bdc522e2dbf3208a6f4c1b0c098b8dc57cf0dd6.tar.gz vyos-1x-9bdc522e2dbf3208a6f4c1b0c098b8dc57cf0dd6.zip | |
T5833: Not all AFIs compatible with VRF add verify check
Not all FRR address-families compatibe with VRF
```
r4# conf t
r4(config)# router bgp 65001 vrf bgp
r4(config-router)#
r4(config-router)# address-family ipv4 flowspec
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
r4(config-router)# address-family ipv4 labeled-unicast
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
r4(config-router)# address-family ipv4 vpn
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
```
Add verify AFI for VRF
(cherry picked from commit a3713cd64f2f43f321a5138db94bb1a87edbffdd)
| -rwxr-xr-x | src/conf_mode/protocols_bgp.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 2b16de775..4df97d133 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -473,6 +473,22 @@ def verify(bgp): if peer_group_as is None or (peer_group_as != 'internal' and peer_group_as != bgp['system_as']): raise ConfigError('route-reflector-client only supported for iBGP peers') + # T5833 not all AFIs are supported for VRF + if 'vrf' in bgp and 'address_family' in peer_config: + unsupported_vrf_afi = { + 'ipv4_flowspec', + 'ipv6_flowspec', + 'ipv4_labeled_unicast', + 'ipv6_labeled_unicast', + 'ipv4_vpn', + 'ipv6_vpn', + } + for afi in peer_config['address_family']: + if afi in unsupported_vrf_afi: + raise ConfigError( + f"VRF is not allowed for address-family '{afi.replace('_', '-')}'" + ) + # Throw an error if a peer group is not configured for allow range for prefix in dict_search('listen.range', bgp) or []: # we can not use dict_search() here as prefix contains dots ... |