summaryrefslogtreecommitdiff
path: root/data/templates/frr/bgp.frr.tmpl
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/frr/bgp.frr.tmpl')
-rw-r--r--data/templates/frr/bgp.frr.tmpl968
1 files changed, 967 insertions, 1 deletions
diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl
index cd6f31c93..d011a1e85 100644
--- a/data/templates/frr/bgp.frr.tmpl
+++ b/data/templates/frr/bgp.frr.tmpl
@@ -1 +1,967 @@
-!
+{% set conf_bgp = nbgp -%}
+{% for asn in nbgp -%}
+!
+router bgp {{ asn }}
+ no bgp default ipv4-unicast
+
+{#- set 'conf_bgp[asn].parameters' as bgp_params #}
+{%- set bgp_params = conf_bgp[asn].parameters %}
+{%- set bgp_afi = conf_bgp[asn].address_family %}
+
+{#- START Global ASN address-family section; set protocol bgp xxx address-family #}
+{%- if 'address_family' in conf_bgp[asn] %}
+{%- for type in bgp_afi %}
+{%- if type == "ipv4_unicast" %}
+ !
+ address-family ipv4 unicast
+{# need to check #}
+{%- if 'aggregate_address' in bgp_afi[type] %}
+{%- for ip in bgp_afi[type].aggregate_address %}
+{%- if ( ('as_set' and 'summary_only') in bgp_afi[type].aggregate_address[ip] ) %}
+ aggregate-address {{ ip }} as-set summary-only
+{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %}
+ aggregate-address {{ ip }} as-set
+{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %}
+ aggregate-address {{ ip }} summary-only
+{%- else %}
+ aggregate-address {{ ip }}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+{# END aggregate address#}
+{#- redistribute #}
+{# need to check. dont work.
+ 'metric' and 'route_map' match also only 'route_map'
+ 'table' parameter also include in protocol, its not what I want #}
+{%- if 'redistribute' in bgp_afi[type] %}
+{%- if 'table' in bgp_afi[type].redistribute %}
+ redistribute table {{bgp_afi[type].redistribute.table}}
+{%- endif %}
+{%- for protocol in bgp_afi[type].redistribute %}
+{%- if ( ('metric' and 'route_map') in bgp_afi[type].redistribute[protocol] ) %}
+ redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
+{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %}
+ redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}}
+{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %}
+ redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
+{%- else %}
+ redistribute {{protocol}}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+{#- END redistribute #}
+
+{%- if 'network' in bgp_afi[type] %}
+{%- for net in bgp_afi[type].network %}
+ network {{ net }}
+{%- endfor %}
+{%- endif %}
+ exit-address-family
+ !
+{%- endif %}
+
+{%- if type == "ipv6_unicast" %}
+ !
+ address-family ipv6 unicast
+{%- if 'aggregate_address' in bgp_afi[type] %}
+{%- for ip in bgp_afi[type].aggregate_address %}
+{%- if ( ('as_set' and 'summary_only') in bgp_afi[type].aggregate_address[ip] ) %}
+ aggregate-address {{ ip }} as-set summary-only
+{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %}
+ aggregate-address {{ ip }} as-set
+{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %}
+ aggregate-address {{ ip }} summary-only
+{%- else %}
+ aggregate-address {{ ip }}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+{# END aggregate address#}
+
+{#- redistribute #}
+{# need to check. doesn't work. 'metric' and 'route_map' match also only 'route_map' #}
+{%- if 'redistribute' in bgp_afi[type] %}
+{%- if 'table' in bgp_afi[type].redistribute %}
+ redistribute table {{bgp_afi[type].redistribute.table}}
+{%- endif %}
+{%- for protocol in bgp_afi[type].redistribute %}
+{%- if ( ('metric' and 'route_map') in bgp_afi[type].redistribute[protocol] ) %}
+ redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
+{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %}
+ redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}}
+{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %}
+ redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
+{%- else %}
+ redistribute {{protocol}}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+{#- END redistribute #}
+
+{%- if 'network' in bgp_afi[type] %}
+{%- for net in bgp_afi[type].network %}
+ network {{ net }}
+{%- endfor %}
+{%- endif %}
+ exit-address-family
+!
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+{#- END Global ASN address-family section; set protocols bgp 65001 address-family #}
+
+{#- set protocols nbgp xxxx maximum-paths ibgp x, Generated by default for afi_4 #}
+{#- We don't have this parameter in afi_6. But this is supported in the FRR #}
+{%- if 'maximum_paths' in conf_bgp[asn] %}
+{%- if 'ebgp' in conf_bgp[asn].maximum_paths %}
+ !
+ address-family ipv4 unicast
+ maximum-paths {{ conf_bgp[asn].maximum_paths.ebgp }}
+ exit-address-family
+ !
+{%- endif %}
+{%- if 'ibgp' in conf_bgp[asn].maximum_paths %}
+ !
+ address-family ipv4 unicast
+ maximum-paths ibgp {{ conf_bgp[asn].maximum_paths.ibgp }}
+ exit-address-family
+ !
+{%- endif %}
+{%- endif %}
+
+{#- START peer-group; set protocol bgp xxx peer-group #}
+{%- if 'peer_group' in conf_bgp[asn] %}
+{%- for pr_group in conf_bgp[asn].peer_group %}
+{%- set conf_peer_group = conf_bgp[asn].peer_group[pr_group] %}
+ neighbor {{pr_group}} peer-group
+
+{#- First parameter for peer-group - remote-as #}
+{%- if 'remote_as' in conf_peer_group %}
+ neighbor {{ pr_group }} remote-as {{ conf_peer_group.remote_as }}
+{%- endif %}
+
+{%- if 'bfd' in conf_peer_group %}
+ neighbor {{ pr_group }} bfd
+{%- endif %}
+
+{%- if 'capability' in conf_peer_group %}
+{%- if 'dynamic' in conf_peer_group.capability %}
+ neighbor {{ pr_group }} capability dynamic
+{%- endif %}
+{%- if 'extended_nexthop' in conf_peer_group.capability %}
+ neighbor {{ pr_group }} capability extended-nexthop
+{%- endif %}
+{%- endif %}
+
+{%- if 'description' in conf_peer_group %}
+ neighbor {{ pr_group }} description {{ conf_peer_group.description }}
+{%- endif %}
+
+{%- if 'disable_capability_negotiation' in conf_peer_group %}
+ neighbor {{ pr_group }} disable-capability-negotiation
+{%- endif %}
+
+{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #}
+{%- if 'disable_send_community' in conf_peer_group %}
+ !
+{%- endif %}
+
+{%- if 'ebgp_multihop' in conf_peer_group %}
+ neighbor {{ pr_group }} ebgp-multihop {{conf_peer_group.ebgp_multihop}}
+{%- endif %}
+
+{%- if 'local_as' in conf_peer_group %}
+{%- for loc_asn in conf_peer_group.local_as %}
+{%- if 'no_prepend' in conf_peer_group.local_as[loc_asn] %}
+ neighbor {{ pr_group }} local-as {{loc_asn}} no-prepend
+{%- else %}
+ neighbor {{ pr_group }} local-as {{loc_asn}}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+
+{%- if 'override_capability' in conf_peer_group %}
+ neighbor {{ pr_group }} override-capability
+{%- endif %}
+
+{%- if 'passive' in conf_peer_group %}
+ neighbor {{ pr_group }} passive
+{%- endif %}
+
+{%- if 'password' in conf_peer_group %}
+ neighbor {{ pr_group }} password {{ conf_peer_group.password }}
+{%- endif %}
+
+{%- if 'shutdown' in conf_peer_group %}
+ neighbor {{ pr_group }} shutdown
+{%- endif %}
+
+{%- if 'ttl_security' in conf_peer_group %}
+{%- if 'hops' in conf_peer_group.ttl_security %}
+ neighbor {{ pr_group }} ttl-security hops {{conf_peer_group.ttl_security.hops}}
+{%- endif %}
+{%- endif %}
+
+{%- if 'update_source' in conf_peer_group %}
+ neighbor {{ pr_group }} update-source {{ conf_peer_group.update_source }}
+{%- endif %}
+
+{# START peer-group afi; set protocols bgp xxx peer-group FOO address-family #}
+{%- if 'address_family' in conf_peer_group %}
+{%- for afi in conf_peer_group.address_family %}
+{%- if afi == "ipv4_unicast" %}
+ !
+ address-family ipv4 unicast
+
+{%- if 'allowas_in' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'number' in conf_peer_group.address_family.ipv4_unicast.allowas_in %}
+ neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv4_unicast.allowas_in.number }}
+{%- else %}
+ neighbor {{ pr_group }} allowas-in
+{%- endif %}
+{%- endif %}
+
+{#- START Single Params for peer-group; set protocols bgp xxx peer-group FOO address-family ipv4-unicast #}
+
+{%- if 'remove_private_as' in conf_peer_group.address_family.ipv4_unicast %}
+ neighbor {{ pr_group }} remove-private-AS
+{%- endif %}
+
+{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv4_unicast %}
+ neighbor {{ pr_group }} route-reflector-client
+{%- endif %}
+
+{%- if 'weight' in conf_peer_group.address_family.ipv4_unicast %}
+ neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv4_unicast.weight }}
+{%- endif %}
+{#- END single params for peer-group #}
+
+{#- Checks need to be done as-path|med|next-hop #}
+{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %}
+ neighbor {{ pr_group }} attribute-unchanged as-path
+{%- else %}
+ neighbor {{ pr_group }} attribute-unchanged as-path next-hop med
+{%- endif %}
+{%- endif %}
+{#- END attribute-unchanged #}
+
+{%- if 'capability' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'receive' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %}
+ neighbor {{ pr_group }} capability orf prefix-list receive
+{%- endif %}
+{%- if 'send' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %}
+ neighbor {{ pr_group }} capability orf prefix-list send
+{%- endif %}
+{%- endif %}
+
+{%- if 'default_originate' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast.default_originate %}
+ neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv4_unicast.default_originate.route_map }}
+{%- else %}
+ neighbor {{ pr_group }} default-originate
+{%- endif %}
+{%- endif %}
+
+{%- if 'distribute_list' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.distribute_list %}
+ neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.distribute_list %}
+ neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'filter_list' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.filter_list %}
+ neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.filter_list %}
+ neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv4_unicast %}
+ neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv4_unicast.maximum_prefix }}
+{%- endif %}
+
+{#- https://phabricator.vyos.net/T1817 #}
+{%- if 'nexthop_self' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'force' in conf_peer_group.address_family.ipv4_unicast.nexthop_self %}
+ neighbor {{ pr_group }} next-hop-self force
+ neighbor {{ pr_group }} next-hop-self
+{%- else %}
+ neighbor {{ pr_group }} next-hop-self
+{%- endif %}
+{%- endif %}
+
+{%- if 'route_server_client' in conf_peer_group.address_family.ipv4_unicast %}
+ neighbor {{ pr_group }} route-server-client
+{%- endif %}
+
+{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.route_map %}
+ neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.route_map %}
+ neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.import}} in
+{%- endif %}
+{%- endif %}
+{%- if 'prefix_list' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.prefix_list %}
+ neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.prefix_list %}
+ neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv4_unicast %}
+{%- if 'inbound' is defined %}
+ neighbor {{ pr_group }} soft-reconfiguration inbound
+{%- endif %}
+{%- endif %}
+
+{#- Need to check. https://phabricator.vyos.net/T2387#73900 #}
+{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv4_unicast %}
+ neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv4_unicast.unsuppress_map}}
+{%- endif %}
+ neighbor {{ pr_group }} activate
+ exit-address-family
+ !
+{%- endif %}
+
+{%- if afi == "ipv6_unicast" %}
+ !
+ address-family ipv6 unicast
+
+{%- if 'allowas_in' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'number' in conf_peer_group.address_family.ipv6_unicast.allowas_in %}
+ neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv6_unicast.allowas_in.number }}
+{%- else %}
+ neighbor {{ pr_group }} allowas-in
+{%- endif %}
+{%- endif %}
+
+{#- START Single Params for peer-group afi6; set protocols bgp xxx peer-group FOO address-family ipv6-unicast #}
+{%- if 'remove_private_as' in conf_peer_group.address_family.ipv6_unicast %}
+ neighbor {{ pr_group }} remove-private-AS
+{%- endif %}
+
+{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv6_unicast %}
+ neighbor {{ pr_group }} route-reflector-client
+{%- endif %}
+
+{%- if 'weight' in conf_peer_group.address_family.ipv6_unicast %}
+ neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv6_unicast.weight }}
+{%- endif %}
+{#- END single params for peer-group afi6 #}
+
+{#- Checks need to be done as-path|med|next-hop #}
+{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %}
+ neighbor {{ pr_group }} attribute-unchanged as-path
+{%- else %}
+ neighbor {{ pr_group }} attribute-unchanged as-path next-hop med
+{%- endif %}
+{%- endif %}
+
+{%- if 'capability' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'receive' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %}
+ neighbor {{ pr_group }} capability orf prefix-list receive
+{%- endif %}
+{%- if 'send' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %}
+ neighbor {{ pr_group }} capability orf prefix-list send
+{%- endif %}
+{%- endif %}
+
+{%- if 'default_originate' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast.default_originate %}
+ neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv6_unicast.default_originate.route_map }}
+{%- else %}
+ neighbor {{ pr_group }} default-originate
+{%- endif %}
+{%- endif %}
+
+{%- if 'distribute_list' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.distribute_list %}
+ neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.distribute_list %}
+ neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'filter_list' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.filter_list %}
+ neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.filter_list %}
+ neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv6_unicast %}
+ neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv6_unicast.maximum_prefix }}
+{%- endif %}
+
+{#- https://phabricator.vyos.net/T1817 #}
+{%- if 'nexthop_self' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'force' in conf_peer_group.address_family.ipv6_unicast.nexthop_self %}
+ neighbor {{ pr_group }} next-hop-self force
+ neighbor {{ pr_group }} next-hop-self
+{%- else %}
+ neighbor {{ pr_group }} next-hop-self
+{%- endif %}
+{%- endif %}
+
+{%- if 'route_server_client' in conf_peer_group.address_family.ipv6_unicast %}
+ neighbor {{ pr_group }} route-server-client
+{%- endif %}
+
+{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.route_map %}
+ neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.route_map %}
+ neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.import}} in
+{%- endif %}
+{%- endif %}
+{%- if 'prefix_list' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.prefix_list %}
+ neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.prefix_list %}
+ neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv6_unicast %}
+{%- if 'inbound' is defined %}
+ neighbor {{ pr_group }} soft-reconfiguration inbound
+{%- endif %}
+{%- endif %}
+
+{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #}
+{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv6_unicast %}
+ neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv6_unicast.unsuppress_map}}
+{%- endif %}
+ neighbor {{ pr_group }} activate
+ exit-address-family
+ !
+{%- endif %}
+
+{%- endfor %}
+{%- endif %}
+{# END peer-group afi; set protocols bgp xxx peer-group FOO address-family #}
+
+{%- endfor %}
+{%- endif %}
+{#- END peer-group; set protocol bgp xxx peer-group #}
+
+{#- START peer section; set protocol bgp xxx neighbor #}
+{%- for peer in conf_bgp[asn].neighbor %}
+{#- set peer-group as conf_peer #}
+{%- set conf_peer = conf_bgp[asn].neighbor[peer] %}
+
+{#- First parameter for peer-group - remote-as #}
+{%- if 'remote_as' in conf_peer %}
+ neighbor {{ peer }} remote-as {{ conf_peer.remote_as }}
+{%- endif %}
+
+{%- if 'advertisement_interval' in conf_peer %}
+ neighbor {{ peer }} advertisement-interval {{ conf_peer.advertisement_interval }}
+{%- endif %}
+
+{%- if 'bfd' in conf_peer %}
+{%- if 'check_control_plane_failure' in conf_peer.bfd %}
+ neighbor {{ peer }} bfd
+ neighbor {{ peer }} bfd check-control-plane-failure
+{%- else %}
+ neighbor {{ peer }} bfd
+{%- endif %}
+{%- endif %}
+
+{%- if 'capability' in conf_peer %}
+{%- if 'dynamic' in conf_peer.capability %}
+ neighbor {{ peer }} capability dynamic
+{%- endif %}
+{%- if 'extended_nexthop' in conf_peer.capability %}
+ neighbor {{ peer }} capability extended-nexthop
+{%- endif %}
+{%- endif %}
+
+{%- if 'description' in conf_peer %}
+ neighbor {{ peer }} description {{ conf_peer.description }}
+{%- endif %}
+
+{%- if 'disable_capability_negotiation' in conf_peer %}
+ neighbor {{ peer }} disable-capability-negotiation
+{%- endif %}
+
+{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #}
+{%- if 'disable_send_community' in conf_peer %}
+ !
+{%- endif %}
+
+{%- if 'ebgp_multihop' in conf_peer %}
+ neighbor {{ peer }} ebgp-multihop {{conf_peer.ebgp_multihop}}
+{%- endif %}
+
+{#- Need to check. 'Peer-group' needs to define before this section #}
+{%- if 'interface' in conf_peer %}
+{%- if 'peer_group' in conf_peer.interface %}
+ neighbor {{ peer }} interface peer-group {{conf_peer.interface.peer_group}}
+{%- endif %}
+{%- if 'remote_as' in conf_peer.interface %}
+ neighbor {{ peer }} interface remote-as {{conf_peer.interface.remote_as}}
+{%- endif %}
+{%- if 'v6only' in conf_peer.interface %}
+{%- if 'peer_group' in conf_peer.interface.v6only %}
+ neighbor {{ peer }} peer-group {{conf_peer.interface.peer_group}}
+{%- endif %}
+{%- if 'remote_as' in conf_peer.interface.v6only %}
+ neighbor {{ peer }} interface v6only remote-as {{conf_peer.interface.v6only.remote_as}}
+{%- endif %}
+{%- endif %}
+{%- endif %}
+
+{%- if 'local_as' in conf_peer %}
+{%- for loc_asn in conf_peer.local_as %}
+{%- if 'no_prepend' in conf_peer.local_as[loc_asn] %}
+ neighbor {{ peer }} local-as {{loc_asn}} no-prepend
+{%- else %}
+ neighbor {{ peer }} local-as {{loc_asn}}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
+
+{%- if 'override_capability' in conf_peer %}
+ neighbor {{ peer }} override-capability
+{%- endif %}
+
+{%- if 'passive' in conf_peer %}
+ neighbor {{ peer }} passive
+{%- endif %}
+
+{%- if 'password' in conf_peer %}
+ neighbor {{ peer }} password {{ conf_peer.password }}
+{%- endif %}
+
+{%- if 'peer_group' in conf_peer %}
+ neighbor {{ peer }} peer-group {{ conf_peer.peer_group }}
+{%- endif %}
+
+{%- if 'port' in conf_peer %}
+ neighbor {{ peer }} port {{ conf_peer.port }}
+{%- endif %}
+
+{%- if 'shutdown' in conf_peer %}
+ neighbor {{ peer }} shutdown
+{%- endif %}
+
+{%- if 'strict_capability_match' in conf_peer %}
+ neighbor {{ peer }} strict-capability-match
+{%- endif %}
+
+{#- Need to check #}
+{%- if 'timers' in conf_peer %}
+{%- if ( ('connect' and 'holdtime' and 'keepalive') in conf_peer.timers ) %}
+ neighbor {{ peer }} timers {{conf_peer.timers.keepalive}} {{conf_peer.timers.holdtime}}
+ neighbor {{ peer }} timers connect {{conf_peer.timers.connect}}
+{%- endif %}
+{%- endif %}
+
+{%- if 'ttl_security' in conf_peer %}
+{%- if 'hops' in conf_peer.ttl_security %}
+ neighbor {{ peer }} ttl-security hops {{conf_peer.ttl_security.hops}}
+{%- endif %}
+{%- endif %}
+
+{%- if 'update_source' in conf_peer %}
+ neighbor {{ peer }} update-source {{ conf_peer.update_source }}
+{%- endif %}
+
+{#- START address family for peer; set protocols bgp xxx neighbor x.x.x.x address-family ipvX-unicast #}
+{%- if 'address_family' in conf_peer %}
+{%- for afi in conf_peer.address_family %}
+{%- if afi == "ipv4_unicast" %}
+ !
+ address-family ipv4 unicast
+
+{%- if 'allowas_in' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'number' in conf_peer.address_family.ipv4_unicast.allowas_in %}
+ neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv4_unicast.allowas_in.number }}
+{%- else %}
+ neighbor {{ peer }} allowas-in
+{%- endif %}
+{%- endif %}
+
+{#- START Single Params for neighbor; #}
+{%- if 'as_override' in conf_peer.address_family.ipv4_unicast %}
+ neighbor {{ peer }} as-override
+{%- endif %}
+
+{%- if 'remove_private_as' in conf_peer.address_family.ipv4_unicast %}
+ neighbor {{ peer }} remove-private-AS
+{%- endif %}
+
+{%- if 'route_reflector_client' in conf_peer.address_family.ipv4_unicast %}
+ neighbor {{ peer }} route-reflector-client
+{%- endif %}
+
+{%- if 'weight' in conf_peer.address_family.ipv4_unicast %}
+ neighbor {{ peer }} weight {{ conf_peer.address_family.ipv4_unicast.weight }}
+{%- endif %}
+{#- END single params for neighbor #}
+
+{#- Checks need to be done as-path|med|next-hop #}
+{%- if 'attribute_unchanged' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %}
+ neighbor {{ peer }} attribute-unchanged as-path
+{%- else %}
+ neighbor {{ peer }} attribute-unchanged as-path next-hop med
+{%- endif %}
+{%- endif %}
+{#- END attribute-unchanged #}
+
+{%- if 'capability' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'receive' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %}
+ neighbor {{ peer }} capability orf prefix-list receive
+{%- endif %}
+{%- if 'send' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %}
+ neighbor {{ peer }} capability orf prefix-list send
+{%- endif %}
+{%- endif %}
+
+{%- if 'default_originate' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'route_map' in conf_peer.address_family.ipv4_unicast.default_originate %}
+ neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv4_unicast.default_originate.route_map }}
+{%- else %}
+ neighbor {{ peer }} default-originate
+{%- endif %}
+{%- endif %}
+
+{%- if 'distribute_list' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv4_unicast.distribute_list %}
+ neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv4_unicast.distribute_list %}
+ neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'filter_list' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv4_unicast.filter_list %}
+ neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv4_unicast.filter_list %}
+ neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'maximum_prefix' in conf_peer.address_family.ipv4_unicast %}
+ neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv4_unicast.maximum_prefix }}
+{%- endif %}
+
+{#- https://phabricator.vyos.net/T1817 #}
+{%- if 'nexthop_self' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'force' in conf_peer.address_family.ipv4_unicast.nexthop_self %}
+ neighbor {{ peer }} next-hop-self force
+ neighbor {{ peer }} next-hop-self
+{%- else %}
+ neighbor {{ peer }} next-hop-self
+{%- endif %}
+{%- endif %}
+
+{%- if 'route_server_client' in conf_peer.address_family.ipv4_unicast %}
+ neighbor {{ peer }} route-server-client
+{%- endif %}
+
+{%- if 'route_map' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv4_unicast.route_map %}
+ neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv4_unicast.route_map %}
+ neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.import}} in
+{%- endif %}
+{%- endif %}
+{%- if 'prefix_list' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv4_unicast.prefix_list %}
+ neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv4_unicast.prefix_list %}
+ neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv4_unicast %}
+{%- if 'inbound' is defined %}
+ neighbor {{ peer }} soft-reconfiguration inbound
+{%- endif %}
+{%- endif %}
+
+{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #}
+{%- if 'unsuppress_map' in conf_peer.address_family.ipv4_unicast %}
+ neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv4_unicast.unsuppress_map}}
+{%- endif %}
+ neighbor {{ peer }} activate
+ exit-address-family
+ !
+{%- endif %}
+
+{%- if afi == "ipv6_unicast" %}
+ !
+ address-family ipv6 unicast
+
+{%- if 'allowas_in' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'number' in conf_peer.address_family.ipv6_unicast.allowas_in %}
+ neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv6_unicast.allowas_in.number }}
+{%- else %}
+ neighbor {{ peer }} allowas-in
+{%- endif %}
+{%- endif %}
+
+{#- START Single Params for neighbor #}
+{%- if 'as_override' in conf_peer.address_family.ipv6_unicast %}
+ neighbor {{ peer }} as-override
+{%- endif %}
+
+{%- if 'remove_private_as' in conf_peer.address_family.ipv6_unicast %}
+ neighbor {{ peer }} remove-private-AS
+{%- endif %}
+
+{%- if 'route_reflector_client' in conf_peer.address_family.ipv6_unicast %}
+ neighbor {{ peer }} route-reflector-client
+{%- endif %}
+
+{%- if 'weight' in conf_peer.address_family.ipv6_unicast %}
+ neighbor {{ peer }} weight {{ conf_peer.address_family.ipv6_unicast.weight }}
+{%- endif %}
+{#- END single params for neighbor #}
+
+{#- Checks need to be done as-path|med|next-hop #}
+{%- if 'attribute_unchanged' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %}
+ neighbor {{ peer }} attribute-unchanged as-path
+{%- else %}
+ neighbor {{ peer }} attribute-unchanged as-path next-hop med
+{%- endif %}
+{%- endif %}
+{#- END attribute-unchanged #}
+
+{%- if 'capability' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'receive' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %}
+ neighbor {{ peer }} capability orf prefix-list receive
+{%- endif %}
+{%- if 'send' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %}
+ neighbor {{ peer }} capability orf prefix-list send
+{%- endif %}
+{%- endif %}
+
+{%- if 'default_originate' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'route_map' in conf_peer.address_family.ipv6_unicast.default_originate %}
+ neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv6_unicast.default_originate.route_map }}
+{%- else %}
+ neighbor {{ peer }} default-originate
+{%- endif %}
+{%- endif %}
+
+{%- if 'distribute_list' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv6_unicast.distribute_list %}
+ neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv6_unicast.distribute_list %}
+ neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'filter_list' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv6_unicast.filter_list %}
+ neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv6_unicast.filter_list %}
+ neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'maximum_prefix' in conf_peer.address_family.ipv6_unicast %}
+ neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv6_unicast.maximum_prefix }}
+{%- endif %}
+
+{#- https://phabricator.vyos.net/T1817 #}
+{%- if 'nexthop_self' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'force' in conf_peer.address_family.ipv6_unicast.nexthop_self %}
+ neighbor {{ peer }} next-hop-self force
+ neighbor {{ peer }} next-hop-self
+{%- else %}
+ neighbor {{ peer }} next-hop-self
+{%- endif %}
+{%- endif %}
+
+{%- if 'route_server_client' in conf_peer.address_family.ipv6_unicast %}
+ neighbor {{ peer }} route-server-client
+{%- endif %}
+
+{%- if 'route_map' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv6_unicast.route_map %}
+ neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv6_unicast.route_map %}
+ neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.import}} in
+{%- endif %}
+{%- endif %}
+{%- if 'prefix_list' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'export' in conf_peer.address_family.ipv6_unicast.prefix_list %}
+ neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.export}} out
+{%- endif %}
+{%- if 'import' in conf_peer.address_family.ipv6_unicast.prefix_list %}
+ neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.import}} in
+{%- endif %}
+{%- endif %}
+
+{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv6_unicast %}
+{%- if 'inbound' is defined %}
+ neighbor {{ peer }} soft-reconfiguration inbound
+{%- endif %}
+{%- endif %}
+
+{#- Checks need to be done. https://phabricator.vyos.net/T2387#73900 #}
+{%- if 'unsuppress_map' in conf_peer.address_family.ipv6_unicast %}
+ neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv6_unicast.unsuppress_map}}
+{%- endif %}
+ neighbor {{ peer }} activate
+ exit-address-family
+ !
+{%- endif %}
+
+{%- endfor %}
+{%- endif %}
+{#- END address family for peer #}
+
+{%- endfor %}
+{#- END peer section; set protocols bgp xxx neighbor #}
+
+{#- START parameters section; set protocol bgp xxx parameters #}
+{%- if 'always_compare_med' in bgp_params %}
+ bgp always-compare-med
+{%- endif %}
+
+{%- if 'bestpath' in bgp_params %}
+{%- if 'compare_routerid' in bgp_params.bestpath %}
+ bgp bestpath compare-routerid
+{%- endif %}
+{%- if 'as_path' in bgp_params.bestpath %}
+{%- if 'confed' in bgp_params.bestpath.as_path %}
+ bgp bestpath as-path confed
+{%- endif %}
+{%- if 'ignore' in bgp_params.bestpath.as_path %}
+ bgp bestpath as-path ignore
+{%- endif %}
+{%- if 'multipath_relax' in bgp_params.bestpath.as_path %}
+ bgp bestpath as-path multipath-relax
+{%- endif %}
+{%- endif %}
+{%- if 'med' in bgp_params.bestpath %}
+{%- if ( ('confed' and 'missing_as_worst') in bgp_params.bestpath.med ) %}
+ bgp bestpath med confed missing-as-worst
+{%- elif 'confed' in bgp_params.bestpath.med %}
+ bgp bestpath med confed
+{%- elif 'missing_as_worst' in bgp_params.bestpath.med %}
+ bgp bestpath med missing-as-worst
+{%- endif%}
+{%- endif %}
+{%- endif %}
+
+{%- if 'cluster_id' in bgp_params %}
+ bgp cluster-id {{ bgp_params.cluster_id }}
+{%- endif %}
+
+{%- if 'confederation' in bgp_params %}
+{%- if 'identifier' in bgp_params.confederation %}
+ bgp confederation identifier {{ bgp_params.confederation.identifier }}
+{%- endif %}
+{%- if 'peers' in bgp_params.confederation %}
+ bgp confederation peers {{ bgp_params.confederation.peers }}
+{%- endif %}
+{%- endif %}
+
+{#- Doesn't work in current FRR configuration (bgp dampening 16 751 2001 61) #}
+{%- if 'dampening' in bgp_params %}
+{%- if ( ('half_life' and 'max_suppress_time' and 're_use' and 'start_suppress_time') in bgp_params.dampening ) %}
+ bgp dampening {{ bgp_params.dampening.half_life }} {{ bgp_params.dampening.re_use }} {{ bgp_params.dampening.start_suppress_time }} {{ bgp_params.dampening.max_suppress_time }}
+{%- endif %}
+{%- endif %}
+
+{%- if 'default' in bgp_params %}
+{%- if 'local_pref' in bgp_params.default %}
+ bgp default local-preference {{ bgp_params.default.local_pref }}
+{%- endif %}
+{#- We use this is parameter as default in template (5-th string) #}
+{%- if 'no_ipv4_unicast' in bgp_params.default %}
+ no bgp default ipv4-unicast
+{%- endif %}
+{%- endif %}
+
+{%- if 'deterministic_med' in bgp_params %}
+ bgp deterministic-med
+{%- endif %}
+
+{%- if 'distance' in bgp_params %}
+{%- if 'global' in bgp_params.distance %}
+{%- if ( ('external' and 'internal' and 'local') in bgp_params.distance.global ) %}
+ !
+ address-family ipv4 unicast
+ distance bgp {{ bgp_params.distance.global.external }} {{ bgp_params.distance.global.internal }} {{ bgp_params.distance.global.local }}
+ exit-address-family
+!
+{%- endif %}
+{%- endif %}
+{%- if 'prefix' in bgp_params.distance %}
+ !
+ address-family ipv4 unicast
+{%- for prfx in bgp_params.distance.prefix %}
+ distance {{ bgp_params.distance.prefix[prfx].distance }} {{ prfx }}
+{%- endfor %}
+ exit-address-family
+!
+{%- endif %}
+{%- endif %}
+
+{%- if 'graceful_restart' in bgp_params %}
+{%- if 'stalepath_time' in bgp_params.graceful_restart %}
+ bgp graceful-restart stalepath-time {{ bgp_params.graceful_restart.stalepath_time }}
+{%- endif %}
+{%- endif %}
+
+{%- if 'log_neighbor_changes' in bgp_params %}
+ bgp log-neighbor-changes
+{%- endif %}
+
+{%- if 'network_import_check' in bgp_params %}
+ bgp network import-check
+{%- endif %}
+
+{%- if 'no_client_to_client_reflection' in bgp_params %}
+ no bgp client-to-client reflection
+{%- endif %}
+
+{%- if 'no_fast_external_failover' in bgp_params %}
+ no bgp fast-external-failover
+{%- endif %}
+
+{#- END parameters; set protocols bgp xxx parameters #}
+
+{%- if 'timers' in conf_bgp[asn] %}
+{%- if ( ('holdtime' and 'keepalive') in conf_bgp[asn].timers ) %}
+ timers bgp {{conf_bgp[asn].timers.keepalive}} {{conf_bgp[asn].timers.holdtime}}
+{%- endif %}
+{%- endif %}
+
+{%- if 'route_map' in conf_bgp[asn] %}
+!
+ip protocol bgp route-map {{conf_bgp[asn].route_map}}
+{%- endif %}
+!
+{%- endfor -%}
+{#- END asn; router bgp xxx #}