diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-04-05 16:11:41 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-04-05 16:11:41 +0200 |
commit | 1e66589d1f674f78c6989324d80ae82187b59698 (patch) | |
tree | 588d08d23af3121045ecc8694b4d4da81ade3110 /src/conf_mode/protocols_bgp.py | |
parent | 23598fc082fcf0c02e113586bfc615583a05d2f3 (diff) | |
download | vyos-1x-1e66589d1f674f78c6989324d80ae82187b59698.tar.gz vyos-1x-1e66589d1f674f78c6989324d80ae82187b59698.zip |
bgp: T3418: peer-group and remote-as must be present under interface node
When configuring a BGP neighbor via an interface, FRR requires that the
peer-group and remote-as node from under the interface statement is used.
This is now enforced by a verify() check.
Diffstat (limited to 'src/conf_mode/protocols_bgp.py')
-rwxr-xr-x | src/conf_mode/protocols_bgp.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 73cfa9b83..8304df2e5 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -22,6 +22,7 @@ from sys import argv from vyos.config import Config from vyos.configdict import dict_merge from vyos.template import is_ip +from vyos.template import is_interface from vyos.template import render_to_string from vyos.util import call from vyos.util import dict_search @@ -128,7 +129,12 @@ def verify(bgp): # Only checks for ipv4 and ipv6 neighbors # Check if neighbor address is assigned as system interface address if is_ip(peer) and is_addr_assigned(peer): - raise ConfigError(f'Can\'t configure local address as neighbor "{peer}"') + raise ConfigError(f'Can not configure a local address as neighbor "{peer}"') + elif is_interface(peer): + if 'peer_group' in peer_config: + raise ConfigError(f'peer-group must be set under the interface node of "{peer}"') + if 'remote_as' in peer_config: + raise ConfigError(f'remote-as must be set under the interface node of "{peer}"') for afi in ['ipv4_unicast', 'ipv6_unicast', 'l2vpn_evpn']: # Bail out early if address family is not configured |