bgp: T5943: BGP Peer-group members must be all internal or all external

1 files changed, 13 insertions, 0 deletions

diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 512fa26e9..2b16de775 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -285,6 +285,7 @@ def verify(bgp):
             elif tmp != 'default':
                 raise ConfigError(f'{error_msg} "{tmp}"!')
 
+    peer_groups_context = dict()
     # Common verification for both peer-group and neighbor statements
     for neighbor in ['neighbor', 'peer_group']:
         # bail out early if there is no neighbor or peer-group statement
@@ -301,6 +302,18 @@ def verify(bgp):
                     raise ConfigError(f'Specified peer-group "{peer_group}" for '\
                                       f'neighbor "{neighbor}" does not exist!')
 
+                if 'remote_as' in peer_config:
+                    is_ibgp = True
+                    if peer_config['remote_as'] != 'internal' and \
+                            peer_config['remote_as'] != bgp['system_as']:
+                        is_ibgp = False
+
+                    if peer_group not in peer_groups_context:
+                        peer_groups_context[peer_group] = is_ibgp
+                    elif peer_groups_context[peer_group] != is_ibgp:
+                        raise ConfigError(f'Peer-group members must be '
+                                          f'all internal or all external')
+
             if 'local_role' in peer_config:
                 #Ensure Local Role has only one value.
                 if len(peer_config['local_role']) > 1: