diff options
| -rw-r--r-- | data/templates/frr/bgp.frr.tmpl | 966 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_bgp.py | 69 | 
2 files changed, 995 insertions, 40 deletions
| diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index cdf4cb4fe..d011a1e85 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -1 +1,967 @@ +{% set conf_bgp = nbgp -%} +{% for asn in nbgp -%}  ! +router bgp {{ asn }} + no bgp default ipv4-unicast + +{#- set 'conf_bgp[asn].parameters' as bgp_params #} +{%- set bgp_params = conf_bgp[asn].parameters %} +{%- set bgp_afi = conf_bgp[asn].address_family %} + +{#- START Global ASN address-family section; set protocol bgp xxx address-family #} +{%- if 'address_family' in conf_bgp[asn] %} +{%-   for type in bgp_afi %} +{%-     if type == "ipv4_unicast" %} + ! + address-family ipv4 unicast +{# need to check #} +{%- if 'aggregate_address' in bgp_afi[type] %} +{%-   for ip in bgp_afi[type].aggregate_address %} +{%-      if ( ('as_set' and 'summary_only') in bgp_afi[type].aggregate_address[ip]  ) %} +  aggregate-address {{ ip }} as-set summary-only +{%-      elif 'as_set' in bgp_afi[type].aggregate_address[ip]  %} +  aggregate-address {{ ip  }} as-set +{%-      elif 'summary_only' in bgp_afi[type].aggregate_address[ip]  %} +  aggregate-address {{ ip }} summary-only +{%-      else %} +  aggregate-address {{ ip }} +{%-      endif %} +{%-   endfor %} +{%- endif %} +{# END aggregate address#} +{#- redistribute #} +{# need to check. dont work.  +   'metric' and 'route_map' match also only 'route_map' +   'table' parameter also include in protocol, its not what I want #} +{%-  if 'redistribute' in bgp_afi[type] %} +{%-    if 'table' in bgp_afi[type].redistribute %} + redistribute table {{bgp_afi[type].redistribute.table}} +{%-    endif %} +{%-    for protocol in bgp_afi[type].redistribute %} +{%-      if ( ('metric' and 'route_map') in bgp_afi[type].redistribute[protocol] ) %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%-      elif 'metric' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}}  +{%-      elif 'route_map' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%-      else %}  + redistribute {{protocol}} +{%-      endif %} +{%-    endfor %} +{%-  endif %} +{#- END redistribute #} + +{%-  if 'network' in bgp_afi[type] %} +{%-    for net in bgp_afi[type].network %} +  network {{ net }} +{%-    endfor %} +{%-       endif %} + exit-address-family + ! +{%-  endif %} + +{%-  if type == "ipv6_unicast" %} + ! + address-family ipv6 unicast +{%- if 'aggregate_address' in bgp_afi[type] %} +{%-   for ip in bgp_afi[type].aggregate_address %} +{%-      if ( ('as_set' and 'summary_only') in bgp_afi[type].aggregate_address[ip]  ) %} +  aggregate-address {{ ip }} as-set summary-only +{%-      elif 'as_set' in bgp_afi[type].aggregate_address[ip]  %} +  aggregate-address {{ ip  }} as-set +{%-      elif 'summary_only' in bgp_afi[type].aggregate_address[ip]  %} +  aggregate-address {{ ip }} summary-only +{%-      else %} +  aggregate-address {{ ip }} +{%-      endif %} +{%-   endfor %} +{%- endif %} +{# END aggregate address#} + +{#- redistribute #} +{# need to check. doesn't work. 'metric' and 'route_map' match also only 'route_map' #} +{%-  if 'redistribute' in bgp_afi[type] %} +{%-    if 'table' in bgp_afi[type].redistribute %} + redistribute table {{bgp_afi[type].redistribute.table}} +{%-    endif %} +{%-    for protocol in bgp_afi[type].redistribute %} +{%-      if ( ('metric' and 'route_map') in bgp_afi[type].redistribute[protocol] ) %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%-      elif 'metric' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}}  +{%-      elif 'route_map' in bgp_afi[type].redistribute[protocol] %} + redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}} +{%-      else %}  + redistribute {{protocol}} +{%-      endif %} +{%-    endfor %} +{%-  endif %} +{#- END redistribute #} + +{%-       if 'network' in bgp_afi[type] %} +{%-         for net in bgp_afi[type].network %} +  network {{ net }} +{%-         endfor %} +{%-       endif %} + exit-address-family +! +{%-     endif %} +{%-   endfor %} +{%- endif %} +{#- END Global ASN address-family section; set protocols bgp 65001 address-family #} + +{#- set protocols nbgp xxxx maximum-paths ibgp x, Generated by default for afi_4 #} +{#- We don't have this parameter in afi_6. But this is supported in the FRR #} +{%- if 'maximum_paths' in conf_bgp[asn] %} +{%-   if 'ebgp' in conf_bgp[asn].maximum_paths %} + ! + address-family ipv4 unicast +  maximum-paths {{ conf_bgp[asn].maximum_paths.ebgp }} + exit-address-family + ! +{%-   endif %} +{%-   if 'ibgp' in conf_bgp[asn].maximum_paths %} + ! + address-family ipv4 unicast +  maximum-paths ibgp {{ conf_bgp[asn].maximum_paths.ibgp }} + exit-address-family + ! +{%-   endif %} +{%- endif %} + +{#- START peer-group; set protocol bgp xxx peer-group #} +{%- if 'peer_group' in conf_bgp[asn] %} +{%-   for pr_group in conf_bgp[asn].peer_group %} +{%- set conf_peer_group = conf_bgp[asn].peer_group[pr_group] %} + neighbor {{pr_group}} peer-group + +{#- First parameter for peer-group - remote-as #} +{%- if 'remote_as' in conf_peer_group %} + neighbor {{ pr_group }} remote-as {{ conf_peer_group.remote_as }} +{%- endif %} + +{%- if 'bfd' in conf_peer_group %} + neighbor {{ pr_group }} bfd +{%- endif %} + +{%- if 'capability' in conf_peer_group %} +{%-   if 'dynamic' in conf_peer_group.capability %} + neighbor {{ pr_group }} capability dynamic +{%-   endif %} +{%-   if 'extended_nexthop' in conf_peer_group.capability %} + neighbor {{ pr_group }} capability extended-nexthop +{%-   endif %} +{%- endif %} + +{%- if 'description' in conf_peer_group %} + neighbor {{ pr_group }} description {{ conf_peer_group.description }} +{%- endif %} + +{%- if 'disable_capability_negotiation' in conf_peer_group %} + neighbor {{ pr_group }} disable-capability-negotiation +{%- endif %} + +{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #} +{%- if 'disable_send_community' in conf_peer_group %} + ! +{%- endif %} + +{%- if 'ebgp_multihop' in conf_peer_group %} + neighbor {{ pr_group }} ebgp-multihop {{conf_peer_group.ebgp_multihop}} +{%- endif %} + +{%- if 'local_as' in conf_peer_group %} +{%-   for loc_asn in conf_peer_group.local_as %} +{%-     if 'no_prepend' in conf_peer_group.local_as[loc_asn] %} + neighbor {{ pr_group }} local-as {{loc_asn}} no-prepend +{%-     else %} + neighbor {{ pr_group }} local-as {{loc_asn}}  +{%-     endif %} +{%-   endfor %} +{%- endif %} + +{%- if 'override_capability' in conf_peer_group %} + neighbor {{ pr_group }} override-capability +{%- endif %} + +{%- if 'passive' in conf_peer_group %} + neighbor {{ pr_group }} passive +{%- endif %} + +{%- if 'password' in conf_peer_group %} + neighbor {{ pr_group }} password {{ conf_peer_group.password }} +{%- endif %} + +{%- if 'shutdown' in conf_peer_group %} + neighbor {{ pr_group }} shutdown +{%- endif %} + +{%- if 'ttl_security' in conf_peer_group %} +{%-   if 'hops' in conf_peer_group.ttl_security %} + neighbor {{ pr_group }} ttl-security hops {{conf_peer_group.ttl_security.hops}}  +{%-   endif %} +{%- endif %} + +{%- if 'update_source' in conf_peer_group %} + neighbor {{ pr_group }} update-source {{ conf_peer_group.update_source }} +{%- endif %} + +{# START peer-group afi; set protocols bgp xxx peer-group FOO address-family #} +{%- if 'address_family' in conf_peer_group %} +{%- for afi in conf_peer_group.address_family %} +{%-   if afi == "ipv4_unicast" %} + ! + address-family ipv4 unicast + +{%- if 'allowas_in' in conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'number' in conf_peer_group.address_family.ipv4_unicast.allowas_in %} +  neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv4_unicast.allowas_in.number }} +{%-   else %} +  neighbor {{ pr_group }} allowas-in +{%-   endif %} +{%- endif %} + +{#- START Single Params for peer-group; set protocols bgp xxx peer-group FOO address-family ipv4-unicast #} + +{%- if 'remove_private_as' in conf_peer_group.address_family.ipv4_unicast %} +  neighbor {{ pr_group }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv4_unicast %} +  neighbor {{ pr_group }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer_group.address_family.ipv4_unicast %} +  neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv4_unicast.weight }} +{%- endif %} +{#- END single params for peer-group #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %} +  neighbor {{ pr_group }} attribute-unchanged as-path +{%-   else %} +  neighbor {{ pr_group }} attribute-unchanged as-path next-hop med +{%-   endif %} +{%- endif %} +{#- END attribute-unchanged #} + +{%- if 'capability' in conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'receive' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %} +  neighbor {{ pr_group }} capability orf prefix-list receive +{%-   endif %} +{%-   if 'send' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %} +  neighbor {{ pr_group }} capability orf prefix-list send  +{%-   endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'route_map' in conf_peer_group.address_family.ipv4_unicast.default_originate %} +  neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv4_unicast.default_originate.route_map }} +{%-   else %} +  neighbor {{ pr_group }} default-originate  +{%-   endif %} +{%- endif %} + +{%- if 'distribute_list' in  conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv4_unicast.distribute_list  %} +  neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv4_unicast.distribute_list  %} +  neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'filter_list' in  conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv4_unicast.filter_list  %} +  neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv4_unicast.filter_list  %} +  neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv4_unicast %} +  neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv4_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'force' in conf_peer_group.address_family.ipv4_unicast.nexthop_self %} +  neighbor {{ pr_group }} next-hop-self force +  neighbor {{ pr_group }} next-hop-self +{%-   else %} +  neighbor {{ pr_group }} next-hop-self +{%-   endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer_group.address_family.ipv4_unicast %} +  neighbor {{ pr_group }} route-server-client +{%- endif %} + +{%- if 'route_map' in  conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv4_unicast.route_map  %} +  neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv4_unicast.route_map  %} +  neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.import}} in +{%-   endif %} +{%- endif %} +{%- if 'prefix_list' in  conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv4_unicast.prefix_list  %} +  neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv4_unicast.prefix_list  %} +  neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in  conf_peer_group.address_family.ipv4_unicast %} +{%-   if 'inbound' is defined %} +  neighbor {{ pr_group }} soft-reconfiguration inbound  +{%-   endif %} +{%- endif %} + +{#- Need to check. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv4_unicast %} +  neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv4_unicast.unsuppress_map}} +{%- endif %} +  neighbor {{ pr_group }} activate + exit-address-family + ! +{%-   endif %} + +{%-   if afi == "ipv6_unicast" %} + ! + address-family ipv6 unicast + +{%- if 'allowas_in' in conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'number' in conf_peer_group.address_family.ipv6_unicast.allowas_in %} +  neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv6_unicast.allowas_in.number }} +{%-   else %} +  neighbor {{ pr_group }} allowas-in +{%-   endif %} +{%- endif %} + +{#- START Single Params for peer-group afi6; set protocols bgp xxx peer-group FOO address-family ipv6-unicast #} +{%- if 'remove_private_as' in conf_peer_group.address_family.ipv6_unicast %} +  neighbor {{ pr_group }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv6_unicast %} +  neighbor {{ pr_group }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer_group.address_family.ipv6_unicast %} +  neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv6_unicast.weight }} +{%- endif %} +{#- END single params for peer-group afi6 #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %} +  neighbor {{ pr_group }} attribute-unchanged as-path +{%-   else %} +  neighbor {{ pr_group }} attribute-unchanged as-path next-hop med +{%-   endif %} +{%- endif %} + +{%- if 'capability' in conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'receive' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %} +  neighbor {{ pr_group }} capability orf prefix-list receive +{%-   endif %} +{%-   if 'send' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %} +  neighbor {{ pr_group }} capability orf prefix-list send  +{%-   endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'route_map' in conf_peer_group.address_family.ipv6_unicast.default_originate %} +  neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv6_unicast.default_originate.route_map }} +{%-   else %} +  neighbor {{ pr_group }} default-originate  +{%-   endif %} +{%- endif %} + +{%- if 'distribute_list' in  conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv6_unicast.distribute_list  %} +  neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv6_unicast.distribute_list  %} +  neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'filter_list' in  conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv6_unicast.filter_list  %} +  neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv6_unicast.filter_list  %} +  neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv6_unicast %} +  neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv6_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'force' in conf_peer_group.address_family.ipv6_unicast.nexthop_self %} +  neighbor {{ pr_group }} next-hop-self force +  neighbor {{ pr_group }} next-hop-self +{%-   else %} +  neighbor {{ pr_group }} next-hop-self +{%-   endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer_group.address_family.ipv6_unicast %} +  neighbor {{ pr_group }} route-server-client +{%- endif %} + +{%- if 'route_map' in  conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv6_unicast.route_map  %} +  neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv6_unicast.route_map  %} +  neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.import}} in +{%-   endif %} +{%- endif %} +{%- if 'prefix_list' in  conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer_group.address_family.ipv6_unicast.prefix_list  %} +  neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer_group.address_family.ipv6_unicast.prefix_list  %} +  neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in  conf_peer_group.address_family.ipv6_unicast %} +{%-   if 'inbound' is defined %} +  neighbor {{ pr_group }} soft-reconfiguration inbound  +{%-   endif %} +{%- endif %} + +{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv6_unicast %} +  neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv6_unicast.unsuppress_map}} +{%- endif %} +  neighbor {{ pr_group }} activate + exit-address-family + ! +{%-   endif %} + +{%- endfor %} +{%- endif %} +{# END peer-group afi; set protocols bgp xxx peer-group FOO address-family #} + +{%-   endfor %} +{%- endif %} +{#- END peer-group; set protocol bgp xxx peer-group #} + +{#- START peer section; set protocol bgp xxx neighbor #} +{%-  for peer in conf_bgp[asn].neighbor %} +{#- set peer-group as conf_peer #} +{%- set conf_peer = conf_bgp[asn].neighbor[peer] %} + +{#- First parameter for peer-group - remote-as #} +{%- if 'remote_as' in conf_peer %} + neighbor {{ peer }} remote-as {{ conf_peer.remote_as }} +{%- endif %} + +{%- if 'advertisement_interval' in conf_peer %} + neighbor {{ peer }} advertisement-interval {{ conf_peer.advertisement_interval }} +{%- endif %} + +{%- if 'bfd' in conf_peer %} +{%-   if 'check_control_plane_failure' in conf_peer.bfd %} + neighbor {{ peer }} bfd + neighbor {{ peer }} bfd check-control-plane-failure +{%-   else %} + neighbor {{ peer }} bfd +{%-   endif %} +{%- endif %} + +{%- if 'capability' in conf_peer %} +{%-   if 'dynamic' in conf_peer.capability %} + neighbor {{ peer }} capability dynamic +{%-   endif %} +{%-   if 'extended_nexthop' in conf_peer.capability %} + neighbor {{ peer }} capability extended-nexthop +{%-   endif %} +{%- endif %} + +{%- if 'description' in conf_peer %} + neighbor {{ peer }} description {{ conf_peer.description }} +{%- endif %} + +{%- if 'disable_capability_negotiation' in conf_peer %} + neighbor {{ peer }} disable-capability-negotiation +{%- endif %} + +{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #} +{%- if 'disable_send_community' in conf_peer %} + ! +{%- endif %} + +{%- if 'ebgp_multihop' in conf_peer %} + neighbor {{ peer }} ebgp-multihop {{conf_peer.ebgp_multihop}} +{%- endif %} + +{#- Need to check. 'Peer-group' needs to define before this section #} +{%- if 'interface' in conf_peer %} +{%-   if 'peer_group' in conf_peer.interface %} + neighbor {{ peer }} interface peer-group {{conf_peer.interface.peer_group}} +{%-   endif %} +{%-   if 'remote_as' in conf_peer.interface %} + neighbor {{ peer }} interface remote-as {{conf_peer.interface.remote_as}} +{%-   endif %} +{%-   if 'v6only' in conf_peer.interface %} +{%-     if 'peer_group' in conf_peer.interface.v6only %} + neighbor {{ peer }} peer-group {{conf_peer.interface.peer_group}} +{%-     endif %} +{%-     if 'remote_as' in conf_peer.interface.v6only %} + neighbor {{ peer }} interface v6only remote-as {{conf_peer.interface.v6only.remote_as}} +{%-     endif %} +{%-   endif %} +{%- endif %} + +{%- if 'local_as' in conf_peer %} +{%-   for loc_asn in conf_peer.local_as %} +{%-     if 'no_prepend' in conf_peer.local_as[loc_asn] %} + neighbor {{ peer }} local-as {{loc_asn}} no-prepend +{%-     else %} + neighbor {{ peer }} local-as {{loc_asn}}  +{%-     endif %} +{%-   endfor %} +{%- endif %} + +{%- if 'override_capability' in conf_peer %} + neighbor {{ peer }} override-capability +{%- endif %} + +{%- if 'passive' in conf_peer %} + neighbor {{ peer }} passive +{%- endif %} + +{%- if 'password' in conf_peer %} + neighbor {{ peer }} password {{ conf_peer.password }} +{%- endif %} + +{%- if 'peer_group' in conf_peer %} + neighbor {{ peer }} peer-group {{ conf_peer.peer_group }} +{%- endif %} + +{%- if 'port' in conf_peer %} + neighbor {{ peer }} port {{ conf_peer.port }} +{%- endif %} + +{%- if 'shutdown' in conf_peer %} + neighbor {{ peer }} shutdown +{%- endif %} + +{%- if 'strict_capability_match' in conf_peer %} + neighbor {{ peer }} strict-capability-match +{%- endif %} + +{#- Need to check #} +{%- if 'timers' in conf_peer %} +{%-   if ( ('connect' and 'holdtime' and 'keepalive') in conf_peer.timers ) %} + neighbor {{ peer }} timers {{conf_peer.timers.keepalive}} {{conf_peer.timers.holdtime}} + neighbor {{ peer }} timers connect {{conf_peer.timers.connect}}  +{%-   endif %} +{%- endif %} + +{%- if 'ttl_security' in conf_peer %} +{%-   if 'hops' in conf_peer.ttl_security %} + neighbor {{ peer }} ttl-security hops {{conf_peer.ttl_security.hops}}  +{%-   endif %} +{%- endif %} + +{%- if 'update_source' in conf_peer %} + neighbor {{ peer }} update-source {{ conf_peer.update_source }} +{%- endif %} + +{#- START address family for peer; set protocols bgp xxx neighbor x.x.x.x address-family ipvX-unicast #} +{%- if 'address_family' in conf_peer %} +{%- for afi in conf_peer.address_family %} +{%-   if afi == "ipv4_unicast" %} + ! + address-family ipv4 unicast + +{%- if 'allowas_in' in conf_peer.address_family.ipv4_unicast %} +{%-   if 'number' in conf_peer.address_family.ipv4_unicast.allowas_in %} +  neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv4_unicast.allowas_in.number }} +{%-   else %} +  neighbor {{ peer }} allowas-in +{%-   endif %} +{%- endif %} + +{#- START Single Params for neighbor;  #} +{%- if 'as_override' in conf_peer.address_family.ipv4_unicast %} +  neighbor {{ peer }} as-override +{%- endif %} + +{%- if 'remove_private_as' in conf_peer.address_family.ipv4_unicast %} +  neighbor {{ peer }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer.address_family.ipv4_unicast %} +  neighbor {{ peer }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer.address_family.ipv4_unicast %} +  neighbor {{ peer }} weight {{ conf_peer.address_family.ipv4_unicast.weight }} +{%- endif %} +{#- END single params for neighbor #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer.address_family.ipv4_unicast %} +{%-   if 'as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %} +  neighbor {{ peer }} attribute-unchanged as-path +{%-   else %} +  neighbor {{ peer }} attribute-unchanged as-path next-hop med +{%-   endif %} +{%- endif %} +{#- END attribute-unchanged #} + +{%- if 'capability' in conf_peer.address_family.ipv4_unicast %} +{%-   if 'receive' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %} +  neighbor {{ peer }} capability orf prefix-list receive +{%-   endif %} +{%-   if 'send' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %} +  neighbor {{ peer }} capability orf prefix-list send  +{%-   endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer.address_family.ipv4_unicast %} +{%-   if 'route_map' in conf_peer.address_family.ipv4_unicast.default_originate %} +  neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv4_unicast.default_originate.route_map }} +{%-   else %} +  neighbor {{ peer }} default-originate  +{%-   endif %} +{%- endif %} + +{%- if 'distribute_list' in  conf_peer.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv4_unicast.distribute_list  %} +  neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv4_unicast.distribute_list  %} +  neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'filter_list' in  conf_peer.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv4_unicast.filter_list  %} +  neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv4_unicast.filter_list  %} +  neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer.address_family.ipv4_unicast %} +  neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv4_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer.address_family.ipv4_unicast %} +{%-   if 'force' in conf_peer.address_family.ipv4_unicast.nexthop_self %} +  neighbor {{ peer }} next-hop-self force +  neighbor {{ peer }} next-hop-self +{%-   else %} +  neighbor {{ peer }} next-hop-self +{%-   endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer.address_family.ipv4_unicast %} +  neighbor {{ peer }} route-server-client +{%- endif %} + +{%- if 'route_map' in  conf_peer.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv4_unicast.route_map  %} +  neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv4_unicast.route_map  %} +  neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.import}} in +{%-   endif %} +{%- endif %} +{%- if 'prefix_list' in  conf_peer.address_family.ipv4_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv4_unicast.prefix_list  %} +  neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv4_unicast.prefix_list  %} +  neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in  conf_peer.address_family.ipv4_unicast %} +{%-   if 'inbound' is defined %} +  neighbor {{ peer }} soft-reconfiguration inbound  +{%-   endif %} +{%- endif %} + +{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer.address_family.ipv4_unicast %} +  neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv4_unicast.unsuppress_map}} +{%- endif %} +  neighbor {{ peer }} activate + exit-address-family + ! +{%-   endif %} + +{%-   if afi == "ipv6_unicast" %} + ! + address-family ipv6 unicast + +{%- if 'allowas_in' in conf_peer.address_family.ipv6_unicast %} +{%-   if 'number' in conf_peer.address_family.ipv6_unicast.allowas_in %} +  neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv6_unicast.allowas_in.number }} +{%-   else %} +  neighbor {{ peer }} allowas-in +{%-   endif %} +{%- endif %} + +{#- START Single Params for neighbor #} +{%- if 'as_override' in conf_peer.address_family.ipv6_unicast %} +  neighbor {{ peer }} as-override +{%- endif %} + +{%- if 'remove_private_as' in conf_peer.address_family.ipv6_unicast %} +  neighbor {{ peer }} remove-private-AS +{%- endif %} + +{%- if 'route_reflector_client' in conf_peer.address_family.ipv6_unicast %} +  neighbor {{ peer }} route-reflector-client +{%- endif %} + +{%- if 'weight' in conf_peer.address_family.ipv6_unicast %} +  neighbor {{ peer }} weight {{ conf_peer.address_family.ipv6_unicast.weight }} +{%- endif %} +{#- END single params for neighbor #} + +{#- Checks need to be done as-path|med|next-hop #} +{%- if 'attribute_unchanged' in conf_peer.address_family.ipv6_unicast %} +{%-   if 'as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %} +  neighbor {{ peer }} attribute-unchanged as-path +{%-   else %} +  neighbor {{ peer }} attribute-unchanged as-path next-hop med +{%-   endif %} +{%- endif %} +{#- END attribute-unchanged #} + +{%- if 'capability' in conf_peer.address_family.ipv6_unicast %} +{%-   if 'receive' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %} +  neighbor {{ peer }} capability orf prefix-list receive +{%-   endif %} +{%-   if 'send' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %} +  neighbor {{ peer }} capability orf prefix-list send  +{%-   endif %} +{%- endif %} + +{%- if 'default_originate' in conf_peer.address_family.ipv6_unicast %} +{%-   if 'route_map' in conf_peer.address_family.ipv6_unicast.default_originate %} +  neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv6_unicast.default_originate.route_map }} +{%-   else %} +  neighbor {{ peer }} default-originate  +{%-   endif %} +{%- endif %} + +{%- if 'distribute_list' in  conf_peer.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv6_unicast.distribute_list  %} +  neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv6_unicast.distribute_list  %} +  neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'filter_list' in  conf_peer.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv6_unicast.filter_list  %} +  neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv6_unicast.filter_list  %} +  neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'maximum_prefix' in conf_peer.address_family.ipv6_unicast %} +  neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv6_unicast.maximum_prefix }} +{%- endif %} + +{#- https://phabricator.vyos.net/T1817 #} +{%- if 'nexthop_self' in conf_peer.address_family.ipv6_unicast %} +{%-   if 'force' in conf_peer.address_family.ipv6_unicast.nexthop_self %} +  neighbor {{ peer }} next-hop-self force +  neighbor {{ peer }} next-hop-self +{%-   else %} +  neighbor {{ peer }} next-hop-self +{%-   endif %} +{%- endif %} + +{%- if 'route_server_client' in conf_peer.address_family.ipv6_unicast %} +  neighbor {{ peer }} route-server-client +{%- endif %} + +{%- if 'route_map' in  conf_peer.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv6_unicast.route_map  %} +  neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv6_unicast.route_map  %} +  neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.import}} in +{%-   endif %} +{%- endif %} +{%- if 'prefix_list' in  conf_peer.address_family.ipv6_unicast %} +{%-   if 'export' in conf_peer.address_family.ipv6_unicast.prefix_list  %} +  neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.export}} out +{%-   endif %} +{%-   if 'import' in conf_peer.address_family.ipv6_unicast.prefix_list  %} +  neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.import}} in +{%-   endif %} +{%- endif %} + +{%- if 'soft_reconfiguration' in  conf_peer.address_family.ipv6_unicast %} +{%-   if 'inbound' is defined %} +  neighbor {{ peer }} soft-reconfiguration inbound  +{%-   endif %} +{%- endif %} + +{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #} +{%- if 'unsuppress_map' in conf_peer.address_family.ipv6_unicast %} +  neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv6_unicast.unsuppress_map}} +{%- endif %} +  neighbor {{ peer }} activate + exit-address-family + ! +{%-   endif %} + +{%- endfor %} +{%- endif %} +{#- END address family for peer #} + +{%-  endfor %} +{#- END peer section; set protocols bgp xxx neighbor #} + +{#- START parameters section; set protocol bgp xxx parameters #} +{%- if 'always_compare_med' in bgp_params %} + bgp always-compare-med +{%- endif %} + +{%- if 'bestpath' in bgp_params %} +{%-   if 'compare_routerid' in bgp_params.bestpath %} + bgp bestpath compare-routerid +{%-   endif %} +{%-   if 'as_path' in bgp_params.bestpath %} +{%-     if 'confed' in bgp_params.bestpath.as_path %} + bgp bestpath as-path confed +{%-     endif %} +{%-     if 'ignore' in bgp_params.bestpath.as_path %} + bgp bestpath as-path ignore +{%-     endif %} +{%-     if 'multipath_relax' in bgp_params.bestpath.as_path %} + bgp bestpath as-path multipath-relax +{%-     endif %} +{%-   endif %} +{%-   if 'med' in bgp_params.bestpath %} +{%-     if ( ('confed' and 'missing_as_worst') in bgp_params.bestpath.med ) %} + bgp bestpath med confed missing-as-worst +{%-     elif 'confed' in bgp_params.bestpath.med %} + bgp bestpath med confed +{%-     elif 'missing_as_worst' in bgp_params.bestpath.med %} + bgp bestpath med missing-as-worst +{%-     endif%} +{%-   endif %} +{%- endif %} + +{%- if 'cluster_id' in bgp_params %} + bgp cluster-id {{ bgp_params.cluster_id }} +{%- endif %} + +{%- if 'confederation' in bgp_params %} +{%-   if 'identifier' in bgp_params.confederation %} + bgp confederation identifier {{ bgp_params.confederation.identifier }} +{%-   endif %} +{%-   if 'peers' in bgp_params.confederation %} + bgp confederation peers {{ bgp_params.confederation.peers }} +{%-   endif %} +{%- endif %} + +{#- Doesn't work in current FRR configuration (bgp dampening 16 751 2001 61) #} +{%- if 'dampening' in bgp_params %} +{%-   if ( ('half_life' and 'max_suppress_time' and 're_use' and 'start_suppress_time') in bgp_params.dampening ) %} + bgp dampening {{ bgp_params.dampening.half_life }} {{ bgp_params.dampening.re_use }} {{ bgp_params.dampening.start_suppress_time }} {{ bgp_params.dampening.max_suppress_time }} +{%-   endif %} +{%- endif %} + +{%- if 'default' in bgp_params %} +{%-   if 'local_pref' in bgp_params.default %} + bgp default local-preference {{ bgp_params.default.local_pref }} +{%-   endif %} +{#- We use this is parameter as default in template (5-th string) #} +{%-   if 'no_ipv4_unicast' in bgp_params.default %} + no bgp default ipv4-unicast +{%-   endif %} +{%- endif %} + +{%- if 'deterministic_med' in bgp_params %} + bgp deterministic-med  +{%- endif %} + +{%- if 'distance' in bgp_params %} +{%-   if 'global' in bgp_params.distance %} +{%-     if ( ('external' and 'internal' and 'local') in bgp_params.distance.global ) %} + ! + address-family ipv4 unicast +  distance bgp {{ bgp_params.distance.global.external }} {{ bgp_params.distance.global.internal }} {{ bgp_params.distance.global.local }} + exit-address-family +! +{%-     endif %} +{%-   endif %} +{%-   if 'prefix' in bgp_params.distance %} + ! + address-family ipv4 unicast +{%- for prfx in bgp_params.distance.prefix %} +  distance {{ bgp_params.distance.prefix[prfx].distance }} {{ prfx }} +{%- endfor %} + exit-address-family +! +{%-   endif %} +{%- endif %} + +{%- if 'graceful_restart' in bgp_params %} +{%-   if 'stalepath_time' in bgp_params.graceful_restart %} + bgp graceful-restart stalepath-time {{ bgp_params.graceful_restart.stalepath_time }} +{%-   endif %} +{%- endif %} + +{%- if 'log_neighbor_changes' in bgp_params %} + bgp log-neighbor-changes +{%- endif %} + +{%- if 'network_import_check' in bgp_params %} + bgp network import-check  +{%- endif %} + +{%- if 'no_client_to_client_reflection' in bgp_params %} + no bgp client-to-client reflection +{%- endif %} + +{%- if 'no_fast_external_failover' in bgp_params %} + no bgp fast-external-failover +{%- endif %} + +{#- END parameters; set protocols bgp xxx parameters #} + +{%- if 'timers' in conf_bgp[asn] %} +{%-   if ( ('holdtime' and 'keepalive') in conf_bgp[asn].timers ) %} + timers bgp {{conf_bgp[asn].timers.keepalive}} {{conf_bgp[asn].timers.holdtime}} +{%-   endif %} +{%- endif %} + +{%- if 'route_map' in conf_bgp[asn] %} +! +ip protocol bgp route-map {{conf_bgp[asn].route_map}} +{%- endif %} +! +{%- endfor -%} +{#- END asn; router bgp xxx #} diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 3aa76d866..1978adff5 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -14,83 +14,72 @@  # You should have received a copy of the GNU General Public License  # along with this program.  If not, see <http://www.gnu.org/licenses/>. -import jmespath +import os -from copy import deepcopy  from sys import exit  from vyos.config import Config +from vyos.util import call  from vyos.template import render +from vyos.template import render_to_string +from vyos import frr  from vyos import ConfigError, airbag  airbag.enable()  config_file = r'/tmp/bgp.frr' -default_config_data = { -    'as_number':  '' -} -  def get_config(): -    bgp = deepcopy(default_config_data)      conf = Config() - -    # this lives in the "nbgp" tree until we switch over      base = ['protocols', 'nbgp'] +    bgp = conf.get_config_dict(base, key_mangling=('-', '_'))      if not conf.exists(base):          return None -    bgp = deepcopy(default_config_data) -    # Get full BGP configuration as dictionary - output the configuration for development -    # -    # vyos@vyos# commit -    # [ protocols nbgp 65000 ] -    # {'nbgp': {'65000': {'address-family': {'ipv4-unicast': {'aggregate-address': {'1.1.0.0/16': {}, -    #                                                                               '2.2.2.0/24': {}}}, -    #                                        'ipv6-unicast': {'aggregate-address': {'2001:db8::/32': {}}}}, -    #                     'neighbor': {'192.0.2.1': {'password': 'foo', -    #                                                'remote-as': '100'}}}}} -    # -    tmp = conf.get_config_dict(base) - -    # extract base key from dict as this is our AS number -    bgp['as_number'] = jmespath.search('nbgp | keys(@) [0]', tmp) - -    # adjust level of dictionary returned by get_config_dict() -    # by using jmesgpath and update dictionary -    bgp.update(jmespath.search('nbgp.* | [0]', tmp)) -      from pprint import pprint      pprint(bgp) -    # resulting in e.g. -    # vyos@vyos# commit -    # [ protocols nbgp 65000 ] -    # {'address-family': {'ipv4-unicast': {'aggregate-address': {'1.1.0.0/16': {}, -    #                                                            '2.2.2.0/24': {}}}, -    #                     'ipv6-unicast': {'aggregate-address': {'2001:db8::/32': {}}}}, -    #  'as_number': '65000', -    #  'neighbor': {'192.0.2.1': {'password': 'foo', 'remote-as': '100'}}, -    #  'timers': {'holdtime': '5'}}      return bgp  def verify(bgp): -    # bail out early - looks like removal from running config      if not bgp:          return None      return None  def generate(bgp): -    # bail out early - looks like removal from running config      if not bgp:          return None +    # render(config) not needed, its only for debug      render(config_file, 'frr/bgp.frr.tmpl', bgp) + +    bgp['new_frr_config'] = render_to_string('frr/bgp.frr.tmpl', bgp) +      return None  def apply(bgp): +    if bgp is None: +        return None + +    # Save original configration prior to starting any commit actions +    bgp['original_config'] = frr.get_configuration(daemon='bgpd') +    bgp['modified_config'] = frr.replace_section(bgp['original_config'], bgp['new_frr_config'], from_re='router bgp .*') + +    # Debugging +    print('--------- DEBUGGING ----------') +    print(f'Existing config:\n{bgp["original_config"]}\n\n') +    print(f'Replacement config:\n{bgp["new_frr_config"]}\n\n') +    print(f'Modified config:\n{bgp["modified_config"]}\n\n') + +    # Frr Mark configuration will test for syntax errors and exception out if any syntax errors are detected +    frr.mark_configuration(bgp['modified_config']) + +    # Commit the resulting new configuration to frr, this will render an frr.CommitError() Exception on fail +    frr.reload_configuration(bgp['modified_config'], daemon='bgpd') +      return None +  if __name__ == '__main__':      try:          c = get_config() | 
