From e1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c Mon Sep 17 00:00:00 2001 From: Cheeze_It Date: Wed, 4 Nov 2020 12:25:53 -0700 Subject: mpls-conf: T915: Add TTL security for static LDP neighbors The commit has to do with the addition of TTL security for LDP neighbors. The code was 90% done by Viascheslav. I modified it a little bit to get it to properly work. We added more parameters to the neighbors dynamic loop. Once this is merged then we should be able to add more for the dynamic neighbor statements. The way that this works is to have either TTL disabled, or to add the amount of hops accepted for the neighbor. --- data/templates/frr/ldpd.frr.tmpl | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'data') diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl index 81a992165..3cdce8c70 100644 --- a/data/templates/frr/ldpd.frr.tmpl +++ b/data/templates/frr/ldpd.frr.tmpl @@ -9,9 +9,23 @@ router-id {{ router_id }} {% endif -%} {% for neighbor_id in old_ldp.neighbors -%} no neighbor {{neighbor_id}} password {{old_ldp.neighbors[neighbor_id].password}} +{% if 'ttl_security' is defined -%} +{% if 'disable' in old_ldp.neighbors[neighbor_id].ttl_security %} +no neighbor {{neighbor_id}} ttl-security disable +{% else -%} +no neighbor {{neighbor_id}} ttl-security hops {{old_ldp.neighbors[neighbor_id].ttl_security}} +{% endif -%} +{% endif -%} {% endfor -%} {% for neighbor_id in ldp.neighbors -%} neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}} +{% if 'ttl_security' is defined -%} +{% if 'disable' in ldp.neighbors[neighbor_id].ttl_security %} +neighbor {{neighbor_id}} ttl-security disable +{% else -%} +neighbor {{neighbor_id}} ttl-security hops {{ldp.neighbors[neighbor_id].ttl_security}} +{% endif -%} +{% endif -%} {% endfor -%} ! address-family ipv4 -- cgit v1.2.3