bgp: T4560: neighbor/peer-group local-as option is only allowed for eBGP

author: Christian Poessinger <christian@poessinger.com> 2022-07-25 20:51:37 +0200
committer: Christian Poessinger <christian@poessinger.com> 2022-07-25 20:51:37 +0200
commit: 8274e9706adf33544e4c990134e65a0ddee976d8 (patch)
tree: be94fdfcd974188e4129f4b62f0b04bb163f0ea2 /src
parent: 96d2939780dcd3db0353f46faf72a71905ccbbe5 (diff)
download: vyos-1x-8274e9706adf33544e4c990134e65a0ddee976d8.tar.gz
vyos-1x-8274e9706adf33544e4c990134e65a0ddee976d8.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 5aa643476..7d3687094 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -213,6 +213,12 @@ def verify(bgp):
                     if 'source_interface' in peer_config['interface']:
                         raise ConfigError(f'"source-interface" option not allowed for neighbor "{peer}"')
 
+            # Local-AS allowed only for EBGP peers
+            if 'local_as' in peer_config:
+                remote_as = verify_remote_as(peer_config, bgp)
+                if remote_as == bgp['local_as']:
+                    raise ConfigError(f'local-as configured for "{peer}", allowed only for eBGP peers!')
+
             for afi in ['ipv4_unicast', 'ipv4_multicast', 'ipv4_labeled_unicast', 'ipv4_flowspec',
                         'ipv6_unicast', 'ipv6_multicast', 'ipv6_labeled_unicast', 'ipv6_flowspec',
                         'l2vpn_evpn']:
author	Christian Poessinger <christian@poessinger.com>	2022-07-25 20:51:37 +0200
committer	Christian Poessinger <christian@poessinger.com>	2022-07-25 20:51:37 +0200
commit	8274e9706adf33544e4c990134e65a0ddee976d8 (patch)
tree	be94fdfcd974188e4129f4b62f0b04bb163f0ea2 /src
parent	96d2939780dcd3db0353f46faf72a71905ccbbe5 (diff)
download	vyos-1x-8274e9706adf33544e4c990134e65a0ddee976d8.tar.gz vyos-1x-8274e9706adf33544e4c990134e65a0ddee976d8.zip