summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-erspan.py108
-rwxr-xr-xsrc/conf_mode/interfaces-tunnel.py30
-rwxr-xr-xsrc/conf_mode/protocols_bgp.py37
-rwxr-xr-xsrc/conf_mode/protocols_isis.py19
-rwxr-xr-xsrc/conf_mode/protocols_ospf.py19
-rwxr-xr-xsrc/conf_mode/protocols_ospfv3.py14
-rwxr-xr-xsrc/conf_mode/protocols_rip.py32
-rwxr-xr-xsrc/conf_mode/protocols_ripng.py30
-rwxr-xr-xsrc/conf_mode/protocols_static.py4
-rwxr-xr-xsrc/conf_mode/vrf.py21
10 files changed, 126 insertions, 188 deletions
diff --git a/src/conf_mode/interfaces-erspan.py b/src/conf_mode/interfaces-erspan.py
deleted file mode 100755
index 97ae3cf55..000000000
--- a/src/conf_mode/interfaces-erspan.py
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2018-2020 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-import os
-
-from sys import exit
-from copy import deepcopy
-from netifaces import interfaces
-
-from vyos.config import Config
-from vyos.configdict import dict_merge
-from vyos.configdict import get_interface_dict
-from vyos.configdict import node_changed
-from vyos.configdict import leaf_node_changed
-from vyos.configverify import verify_mtu_ipv6
-from vyos.configverify import verify_tunnel
-from vyos.ifconfig import Interface
-from vyos.ifconfig import ERSpanIf
-from vyos.ifconfig import ER6SpanIf
-from vyos.template import is_ipv4
-from vyos.template import is_ipv6
-from vyos.util import dict_search
-from vyos import ConfigError
-from vyos import airbag
-airbag.enable()
-
-def get_config(config=None):
- """
- Retrive CLI config as dictionary. Dictionary can never be empty, as at least
- the interface name will be added or a deleted flag
- """
- if config:
- conf = config
- else:
- conf = Config()
- base = ['interfaces', 'erspan']
- erspan = get_interface_dict(conf, base)
-
- tmp = leaf_node_changed(conf, ['encapsulation'])
- if tmp:
- erspan.update({'encapsulation_changed': {}})
-
- return erspan
-
-def verify(erspan):
- if 'deleted' in erspan:
- return None
-
- if 'encapsulation' not in erspan:
- raise ConfigError('Unable to detect the following ERSPAN tunnel encapsulation'\
- '{ifname}!'.format(**erspan))
-
- verify_mtu_ipv6(erspan)
- verify_tunnel(erspan)
-
- key = dict_search('parameters.ip.key',erspan)
- if key == None:
- raise ConfigError('parameters.ip.key is mandatory for ERSPAN tunnel')
-
-
-def generate(erspan):
- return None
-
-def apply(erspan):
- if 'deleted' in erspan or 'encapsulation_changed' in erspan:
- if erspan['ifname'] in interfaces():
- tmp = Interface(erspan['ifname'])
- tmp.remove()
- if 'deleted' in erspan:
- return None
-
- dispatch = {
- 'erspan': ERSpanIf,
- 'ip6erspan': ER6SpanIf
- }
-
- # We need to re-map the tunnel encapsulation proto to a valid interface class
- encap = erspan['encapsulation']
- klass = dispatch[encap]
-
- erspan_tunnel = klass(**erspan)
- erspan_tunnel.change_options()
- erspan_tunnel.update(erspan)
-
- return None
-
-if __name__ == '__main__':
- try:
- c = get_config()
- generate(c)
- verify(c)
- apply(c)
- except ConfigError as e:
- print(e)
- exit(1)
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index cab94a5b0..4e6c8a9ab 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -61,6 +61,9 @@ def get_config(config=None):
nhrp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True)
if nhrp: tunnel.update({'nhrp' : list(nhrp.keys())})
+ if 'encapsulation' in tunnel and tunnel['encapsulation'] not in ['erspan', 'ip6erspan']:
+ del tunnel['parameters']['erspan']
+
return tunnel
def verify(tunnel):
@@ -72,14 +75,28 @@ def verify(tunnel):
return None
- if 'encapsulation' not in tunnel:
- error = 'Must configure encapsulation for "{ifname}"!'
- raise ConfigError(error.format(**tunnel))
+ verify_tunnel(tunnel)
+
+ if tunnel['encapsulation'] in ['erspan', 'ip6erspan']:
+ if dict_search('parameters.ip.key', tunnel) == None:
+ raise ConfigError('ERSPAN requires ip key parameter!')
+
+ # this is a default field
+ ver = int(tunnel['parameters']['erspan']['version'])
+ if ver == 1:
+ if 'hw_id' in tunnel['parameters']['erspan']:
+ raise ConfigError('ERSPAN version 1 does not support hw-id!')
+ if 'direction' in tunnel['parameters']['erspan']:
+ raise ConfigError('ERSPAN version 1 does not support direction!')
+ elif ver == 2:
+ if 'idx' in tunnel['parameters']['erspan']:
+ raise ConfigError('ERSPAN version 2 does not index parameter!')
+ if 'direction' not in tunnel['parameters']['erspan']:
+ raise ConfigError('ERSPAN version 2 requires direction to be set!')
verify_mtu_ipv6(tunnel)
verify_address(tunnel)
verify_vrf(tunnel)
- verify_tunnel(tunnel)
if 'source_interface' in tunnel:
verify_interface_exists(tunnel['source_interface'])
@@ -92,7 +109,6 @@ def verify(tunnel):
if tunnel['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']:
raise ConfigError('Can not disable PMTU discovery for given encapsulation')
-
def generate(tunnel):
return None
@@ -108,8 +124,8 @@ def apply(tunnel):
encap = dict_search('linkinfo.info_kind', tmp)
remote = dict_search('linkinfo.info_data.remote', tmp)
- if ('deleted' in tunnel or 'encapsulation_changed' in tunnel or
- encap in ['gretap', 'ip6gretap'] or remote in ['any']):
+ if ('deleted' in tunnel or 'encapsulation_changed' in tunnel or encap in
+ ['gretap', 'ip6gretap', 'erspan', 'ip6erspan'] or remote in ['any']):
if interface in interfaces():
tmp = Interface(interface)
tmp.remove()
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 73cfa9b83..a76aec30b 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -21,7 +21,10 @@ from sys import argv
from vyos.config import Config
from vyos.configdict import dict_merge
+from vyos.configverify import verify_prefix_list
+from vyos.configverify import verify_route_map
from vyos.template import is_ip
+from vyos.template import is_interface
from vyos.template import render_to_string
from vyos.util import call
from vyos.util import dict_search
@@ -58,11 +61,13 @@ def get_config(config=None):
bgp.update({'deleted' : ''})
return bgp
- # We also need some additional information from the config,
- # prefix-lists and route-maps for instance.
- base = ['policy']
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
- # Merge policy dict into bgp dict
+ # We also need some additional information from the config, prefix-lists
+ # and route-maps for instance. They will be used in verify().
+ #
+ # XXX: one MUST always call this without the key_mangling() option! See
+ # vyos.configverify.verify_common_route_maps() for more information.
+ tmp = conf.get_config_dict(['policy'])
+ # Merge policy dict into "regular" config dict
bgp = dict_merge(tmp, bgp)
return bgp
@@ -128,7 +133,12 @@ def verify(bgp):
# Only checks for ipv4 and ipv6 neighbors
# Check if neighbor address is assigned as system interface address
if is_ip(peer) and is_addr_assigned(peer):
- raise ConfigError(f'Can\'t configure local address as neighbor "{peer}"')
+ raise ConfigError(f'Can not configure a local address as neighbor "{peer}"')
+ elif is_interface(peer):
+ if 'peer_group' in peer_config:
+ raise ConfigError(f'peer-group must be set under the interface node of "{peer}"')
+ if 'remote_as' in peer_config:
+ raise ConfigError(f'remote-as must be set under the interface node of "{peer}"')
for afi in ['ipv4_unicast', 'ipv6_unicast', 'l2vpn_evpn']:
# Bail out early if address family is not configured
@@ -142,24 +152,15 @@ def verify(bgp):
if tmp not in afi_config['prefix_list']:
# bail out early
continue
- # get_config_dict() mangles all '-' characters to '_' this is legitimate, thus all our
- # compares will run on '_' as also '_' is a valid name for a prefix-list
- prefix_list = afi_config['prefix_list'][tmp].replace('-', '_')
if afi == 'ipv4_unicast':
- if dict_search(f'policy.prefix_list.{prefix_list}', bgp) == None:
- raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!')
+ verify_prefix_list(afi_config['prefix_list'][tmp], bgp)
elif afi == 'ipv6_unicast':
- if dict_search(f'policy.prefix_list6.{prefix_list}', bgp) == None:
- raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!')
+ verify_prefix_list(afi_config['prefix_list'][tmp], bgp, version='6')
if 'route_map' in afi_config:
for tmp in ['import', 'export']:
if tmp in afi_config['route_map']:
- # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our
- # compares will run on '_' as also '_' is a valid name for a route-map
- route_map = afi_config['route_map'][tmp].replace('-', '_')
- if dict_search(f'policy.route_map.{route_map}', bgp) == None:
- raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!')
+ verify_route_map(afi_config['route_map'][tmp], bgp)
if 'route_reflector_client' in afi_config:
if 'remote_as' in peer_config and bgp['local_as'] != peer_config['remote_as']:
diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py
index 571520cfe..8b75f9873 100755
--- a/src/conf_mode/protocols_isis.py
+++ b/src/conf_mode/protocols_isis.py
@@ -22,6 +22,7 @@ from sys import argv
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
+from vyos.configverify import verify_common_route_maps
from vyos.configverify import verify_interface_exists
from vyos.util import call
from vyos.util import dict_search
@@ -70,10 +71,12 @@ def get_config(config=None):
return isis
# We also need some additional information from the config, prefix-lists
- # and route-maps for instance. They will be used in verify()
- base = ['policy']
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
- # Merge policy dict into OSPF dict
+ # and route-maps for instance. They will be used in verify().
+ #
+ # XXX: one MUST always call this without the key_mangling() option! See
+ # vyos.configverify.verify_common_route_maps() for more information.
+ tmp = conf.get_config_dict(['policy'])
+ # Merge policy dict into "regular" config dict
isis = dict_merge(tmp, isis)
return isis
@@ -91,6 +94,8 @@ def verify(isis):
if int(tmp[-1]) != 0:
raise ConfigError('Last byte of IS-IS network entity title must always be 0!')
+ verify_common_route_maps(isis)
+
# If interface not set
if 'interface' not in isis:
raise ConfigError('Interface used for routing updates is mandatory!')
@@ -141,12 +146,6 @@ def verify(isis):
raise ConfigError(f'"protocols isis {process} redistribute {afi} {proto} {redistr_level}" ' \
f'can not be used with \"protocols isis {process} level {proc_level}\"')
- if 'route_map' in redistr_config:
- name = redistr_config['route_map']
- tmp = name.replace('-', '_')
- if dict_search(f'policy.route_map.{tmp}', isis) == None:
- raise ConfigError(f'Route-map {name} does not exist!')
-
# Segment routing checks
if dict_search('segment_routing.global_block', isis):
high_label_value = dict_search('segment_routing.global_block.high_label_value', isis)
diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py
index 30cc33dcf..a97d5b5ed 100755
--- a/src/conf_mode/protocols_ospf.py
+++ b/src/conf_mode/protocols_ospf.py
@@ -22,7 +22,8 @@ from sys import argv
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
-from vyos.configverify import verify_route_maps
+from vyos.configverify import verify_common_route_maps
+from vyos.configverify import verify_route_map
from vyos.configverify import verify_interface_exists
from vyos.template import render_to_string
from vyos.util import call
@@ -130,10 +131,12 @@ def get_config(config=None):
ospf['interface'][interface])
# We also need some additional information from the config, prefix-lists
- # and route-maps for instance. They will be used in verify()
- base = ['policy']
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
- # Merge policy dict into OSPF dict
+ # and route-maps for instance. They will be used in verify().
+ #
+ # XXX: one MUST always call this without the key_mangling() option! See
+ # vyos.configverify.verify_common_route_maps() for more information.
+ tmp = conf.get_config_dict(['policy'])
+ # Merge policy dict into "regular" config dict
ospf = dict_merge(tmp, ospf)
return ospf
@@ -142,7 +145,11 @@ def verify(ospf):
if not ospf:
return None
- verify_route_maps(ospf)
+ verify_common_route_maps(ospf)
+
+ # As we can have a default-information route-map, we need to validate it!
+ route_map_name = dict_search('default_information.originate.route_map', ospf)
+ if route_map_name: verify_route_map(route_map_name, ospf)
if 'interface' in ospf:
for interface in ospf['interface']:
diff --git a/src/conf_mode/protocols_ospfv3.py b/src/conf_mode/protocols_ospfv3.py
index 42b6462e3..4ab7b65a3 100755
--- a/src/conf_mode/protocols_ospfv3.py
+++ b/src/conf_mode/protocols_ospfv3.py
@@ -20,7 +20,7 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import dict_merge
-from vyos.configverify import verify_route_maps
+from vyos.configverify import verify_common_route_maps
from vyos.template import render_to_string
from vyos.util import call
from vyos.ifconfig import Interface
@@ -45,10 +45,12 @@ def get_config(config=None):
return ospfv3
# We also need some additional information from the config, prefix-lists
- # and route-maps for instance. They will be used in verify()
- base = ['policy']
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
- # Merge policy dict into OSPF dict
+ # and route-maps for instance. They will be used in verify().
+ #
+ # XXX: one MUST always call this without the key_mangling() option! See
+ # vyos.configverify.verify_common_route_maps() for more information.
+ tmp = conf.get_config_dict(['policy'])
+ # Merge policy dict into "regular" config dict
ospfv3 = dict_merge(tmp, ospfv3)
return ospfv3
@@ -57,7 +59,7 @@ def verify(ospfv3):
if not ospfv3:
return None
- verify_route_maps(ospfv3)
+ verify_common_route_maps(ospfv3)
if 'interface' in ospfv3:
for ifname, if_config in ospfv3['interface'].items():
diff --git a/src/conf_mode/protocols_rip.py b/src/conf_mode/protocols_rip.py
index e7eafd059..b48289dec 100755
--- a/src/conf_mode/protocols_rip.py
+++ b/src/conf_mode/protocols_rip.py
@@ -20,7 +20,9 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import dict_merge
-from vyos.configverify import verify_route_maps
+from vyos.configverify import verify_common_route_maps
+from vyos.configverify import verify_access_list
+from vyos.configverify import verify_prefix_list
from vyos.util import call
from vyos.util import dict_search
from vyos.xml import defaults
@@ -51,10 +53,12 @@ def get_config(config=None):
rip = dict_merge(default_values, rip)
# We also need some additional information from the config, prefix-lists
- # and route-maps for instance. They will be used in verify()
- base = ['policy']
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
- # Merge policy dict into OSPF dict
+ # and route-maps for instance. They will be used in verify().
+ #
+ # XXX: one MUST always call this without the key_mangling() option! See
+ # vyos.configverify.verify_common_route_maps() for more information.
+ tmp = conf.get_config_dict(['policy'])
+ # Merge policy dict into "regular" config dict
rip = dict_merge(tmp, rip)
return rip
@@ -63,21 +67,19 @@ def verify(rip):
if not rip:
return None
+ verify_common_route_maps(rip)
+
acl_in = dict_search('distribute_list.access_list.in', rip)
- if acl_in and acl_in not in (dict_search('policy.access_list', rip) or []):
- raise ConfigError(f'Inbound ACL "{acl_in}" does not exist!')
+ if acl_in: verify_access_list(acl_in, rip)
acl_out = dict_search('distribute_list.access_list.out', rip)
- if acl_out and acl_out not in (dict_search('policy.access_list', rip) or []):
- raise ConfigError(f'Outbound ACL "{acl_out}" does not exist!')
+ if acl_out: verify_access_list(acl_out, rip)
- prefix_list_in = dict_search('distribute_list.prefix_list.in', rip)
- if prefix_list_in and prefix_list_in.replace('-','_') not in (dict_search('policy.prefix_list', rip) or []):
- raise ConfigError(f'Inbound prefix-list "{prefix_list_in}" does not exist!')
+ prefix_list_in = dict_search('distribute_list.prefix-list.in', rip)
+ if prefix_list_in: verify_prefix_list(prefix_list_in, rip)
prefix_list_out = dict_search('distribute_list.prefix_list.out', rip)
- if prefix_list_out and prefix_list_out.replace('-','_') not in (dict_search('policy.prefix_list', rip) or []):
- raise ConfigError(f'Outbound prefix-list "{prefix_list_out}" does not exist!')
+ if prefix_list_out: verify_prefix_list(prefix_list_out, rip)
if 'interface' in rip:
for interface, interface_options in rip['interface'].items():
@@ -89,8 +91,6 @@ def verify(rip):
raise ConfigError(f'You can not have "split-horizon poison-reverse" enabled ' \
f'with "split-horizon disable" for "{interface}"!')
- verify_route_maps(rip)
-
def generate(rip):
if not rip:
rip['new_frr_config'] = ''
diff --git a/src/conf_mode/protocols_ripng.py b/src/conf_mode/protocols_ripng.py
index 140133bd0..06a9e97df 100755
--- a/src/conf_mode/protocols_ripng.py
+++ b/src/conf_mode/protocols_ripng.py
@@ -20,7 +20,9 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import dict_merge
-from vyos.configverify import verify_route_maps
+from vyos.configverify import verify_common_route_maps
+from vyos.configverify import verify_access_list
+from vyos.configverify import verify_prefix_list
from vyos.util import call
from vyos.util import dict_search
from vyos.xml import defaults
@@ -51,10 +53,12 @@ def get_config(config=None):
ripng = dict_merge(default_values, ripng)
# We also need some additional information from the config, prefix-lists
- # and route-maps for instance. They will be used in verify()
- base = ['policy']
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'))
- # Merge policy dict into OSPF dict
+ # and route-maps for instance. They will be used in verify().
+ #
+ # XXX: one MUST always call this without the key_mangling() option! See
+ # vyos.configverify.verify_common_route_maps() for more information.
+ tmp = conf.get_config_dict(['policy'])
+ # Merge policy dict into "regular" config dict
ripng = dict_merge(tmp, ripng)
return ripng
@@ -63,21 +67,19 @@ def verify(ripng):
if not ripng:
return None
+ verify_common_route_maps(ripng)
+
acl_in = dict_search('distribute_list.access_list.in', ripng)
- if acl_in and acl_in not in (dict_search('policy.access_list6', ripng) or []):
- raise ConfigError(f'Inbound access-list6 "{acl_in}" does not exist!')
+ if acl_in: verify_access_list(acl_in, ripng, version='6')
acl_out = dict_search('distribute_list.access_list.out', ripng)
- if acl_out and acl_out not in (dict_search('policy.access_list6', ripng) or []):
- raise ConfigError(f'Outbound access-list6 "{acl_out}" does not exist!')
+ if acl_out: verify_access_list(acl_out, ripng, version='6')
prefix_list_in = dict_search('distribute_list.prefix_list.in', ripng)
- if prefix_list_in and prefix_list_in.replace('-','_') not in (dict_search('policy.prefix_list6', ripng) or []):
- raise ConfigError(f'Inbound prefix-list6 "{prefix_list_in}" does not exist!')
+ if prefix_list_in: verify_prefix_list(prefix_list_in, ripng, version='6')
prefix_list_out = dict_search('distribute_list.prefix_list.out', ripng)
- if prefix_list_out and prefix_list_out.replace('-','_') not in (dict_search('policy.prefix_list6', ripng) or []):
- raise ConfigError(f'Outbound prefix-list6 "{prefix_list_out}" does not exist!')
+ if prefix_list_out: verify_prefix_list(prefix_list_out, ripng, version='6')
if 'interface' in ripng:
for interface, interface_options in ripng['interface'].items():
@@ -89,8 +91,6 @@ def verify(ripng):
raise ConfigError(f'You can not have "split-horizon poison-reverse" enabled ' \
f'with "split-horizon disable" for "{interface}"!')
- verify_route_maps(ripng)
-
def generate(ripng):
if not ripng:
ripng['new_frr_config'] = ''
diff --git a/src/conf_mode/protocols_static.py b/src/conf_mode/protocols_static.py
index 7ae952af8..b5b2d6641 100755
--- a/src/conf_mode/protocols_static.py
+++ b/src/conf_mode/protocols_static.py
@@ -20,7 +20,7 @@ from sys import exit
from sys import argv
from vyos.config import Config
-from vyos.configverify import verify_route_maps
+from vyos.configverify import verify_common_route_maps
from vyos.configverify import verify_vrf
from vyos.template import render_to_string
from vyos.util import call
@@ -52,7 +52,7 @@ def get_config(config=None):
return static
def verify(static):
- verify_route_maps(static)
+ verify_common_route_maps(static)
for route in ['route', 'route6']:
# if there is no route(6) key in the dictionary we can immediately
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index 414e514c5..a39da8991 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -23,14 +23,18 @@ from vyos.config import Config
from vyos.configdict import node_changed
from vyos.ifconfig import Interface
from vyos.template import render
+from vyos.template import render_to_string
from vyos.util import call
from vyos.util import cmd
from vyos.util import dict_search
from vyos.util import get_interface_config
from vyos import ConfigError
+from vyos import frr
from vyos import airbag
airbag.enable()
+frr_daemon = 'zebra'
+
config_file = r'/etc/iproute2/rt_tables.d/vyos-vrf.conf'
def list_rules():
@@ -123,6 +127,7 @@ def verify(vrf):
def generate(vrf):
render(config_file, 'vrf/vrf.conf.tmpl', vrf)
+ vrf['new_frr_config'] = render_to_string('frr/vrf.frr.tmpl', vrf)
return None
def apply(vrf):
@@ -210,6 +215,22 @@ def apply(vrf):
if 1000 in [r.get('priority') for r in list_rules() if r.get('priority') == 1000]:
call(f'ip {af} rule del pref 1000')
+ # add configuration to FRR
+ frr_cfg = frr.FRRConfig()
+ frr_cfg.load_configuration(frr_daemon)
+ frr_cfg.modify_section(f'^vrf [a-zA-Z-]*$', '')
+ frr_cfg.add_before(r'(interface .*|line vty)', vrf['new_frr_config'])
+ frr_cfg.commit_configuration(frr_daemon)
+
+ # If FRR config is blank, rerun the blank commit x times due to frr-reload
+ # behavior/bug not properly clearing out on one commit.
+ if vrf['new_frr_config'] == '':
+ for a in range(5):
+ frr_cfg.commit_configuration(frr_daemon)
+
+ # Save configuration to /run/frr/config/frr.conf
+ frr.save_configuration()
+
return None
if __name__ == '__main__':