From 8274e9706adf33544e4c990134e65a0ddee976d8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 25 Jul 2022 20:51:37 +0200 Subject: bgp: T4560: neighbor/peer-group local-as option is only allowed for eBGP --- src/conf_mode/protocols_bgp.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/conf_mode') diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 5aa643476..7d3687094 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -213,6 +213,12 @@ def verify(bgp): if 'source_interface' in peer_config['interface']: raise ConfigError(f'"source-interface" option not allowed for neighbor "{peer}"') + # Local-AS allowed only for EBGP peers + if 'local_as' in peer_config: + remote_as = verify_remote_as(peer_config, bgp) + if remote_as == bgp['local_as']: + raise ConfigError(f'local-as configured for "{peer}", allowed only for eBGP peers!') + for afi in ['ipv4_unicast', 'ipv4_multicast', 'ipv4_labeled_unicast', 'ipv4_flowspec', 'ipv6_unicast', 'ipv6_multicast', 'ipv6_labeled_unicast', 'ipv6_flowspec', 'l2vpn_evpn']: -- cgit v1.2.3