From 8274e9706adf33544e4c990134e65a0ddee976d8 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 25 Jul 2022 20:51:37 +0200
Subject: bgp: T4560: neighbor/peer-group local-as option is only allowed for
 eBGP

---
 src/conf_mode/protocols_bgp.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index 5aa643476..7d3687094 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -213,6 +213,12 @@ def verify(bgp):
                     if 'source_interface' in peer_config['interface']:
                         raise ConfigError(f'"source-interface" option not allowed for neighbor "{peer}"')
 
+            # Local-AS allowed only for EBGP peers
+            if 'local_as' in peer_config:
+                remote_as = verify_remote_as(peer_config, bgp)
+                if remote_as == bgp['local_as']:
+                    raise ConfigError(f'local-as configured for "{peer}", allowed only for eBGP peers!')
+
             for afi in ['ipv4_unicast', 'ipv4_multicast', 'ipv4_labeled_unicast', 'ipv4_flowspec',
                         'ipv6_unicast', 'ipv6_multicast', 'ipv6_labeled_unicast', 'ipv6_flowspec',
                         'l2vpn_evpn']:
-- 
cgit v1.2.3