summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-07-25 20:51:37 +0200
committerChristian Poessinger <christian@poessinger.com>2022-07-25 20:51:37 +0200
commit8274e9706adf33544e4c990134e65a0ddee976d8 (patch)
treebe94fdfcd974188e4129f4b62f0b04bb163f0ea2 /src
parent96d2939780dcd3db0353f46faf72a71905ccbbe5 (diff)
downloadvyos-1x-8274e9706adf33544e4c990134e65a0ddee976d8.tar.gz
vyos-1x-8274e9706adf33544e4c990134e65a0ddee976d8.zip
bgp: T4560: neighbor/peer-group local-as option is only allowed for eBGP
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/protocols_bgp.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 5aa643476..7d3687094 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -213,6 +213,12 @@ def verify(bgp):
if 'source_interface' in peer_config['interface']:
raise ConfigError(f'"source-interface" option not allowed for neighbor "{peer}"')
+ # Local-AS allowed only for EBGP peers
+ if 'local_as' in peer_config:
+ remote_as = verify_remote_as(peer_config, bgp)
+ if remote_as == bgp['local_as']:
+ raise ConfigError(f'local-as configured for "{peer}", allowed only for eBGP peers!')
+
for afi in ['ipv4_unicast', 'ipv4_multicast', 'ipv4_labeled_unicast', 'ipv4_flowspec',
'ipv6_unicast', 'ipv6_multicast', 'ipv6_labeled_unicast', 'ipv6_flowspec',
'l2vpn_evpn']: