[bgp-cfgd] BGP allow list enhancement (#11586)
Why I did it 2 things are missing in current allow-prefix list implementation. In some usecase, need to tell the BGP neighbor and have different allow-prefix list for different neighbors, which is not supported. for the prefix list, can't support flexible le and ge. How I did it To enhance the bgp allow-prefix list feature to have: To include the neighbor type info for the allow-prefix list. To support flexible le and ge length for allow-prefix list. How to verify it 4 new unit test cases are added in this PR to cover changes.
This commit is contained in:
parent
8ab448a852
commit
00d512577e
@ -14,8 +14,11 @@ class BGPAllowListMgr(Manager):
|
|||||||
ALLOW_ADDRESS_PL_NAME_TMPL = "ALLOW_ADDRESS_%d_%s" # template for a name for the ALLOW_ADDRESS prefix-list ???
|
ALLOW_ADDRESS_PL_NAME_TMPL = "ALLOW_ADDRESS_%d_%s" # template for a name for the ALLOW_ADDRESS prefix-list ???
|
||||||
EMPTY_COMMUNITY = "empty"
|
EMPTY_COMMUNITY = "empty"
|
||||||
PL_NAME_TMPL = "PL_ALLOW_LIST_DEPLOYMENT_ID_%d_COMMUNITY_%s_V%s"
|
PL_NAME_TMPL = "PL_ALLOW_LIST_DEPLOYMENT_ID_%d_COMMUNITY_%s_V%s"
|
||||||
|
PL_NAME_TMPL_WITH_NEIGH = "PL_ALLOW_LIST_DEPLOYMENT_ID_%d_NEIGHBOR_%s_COMMUNITY_%s_V%s"
|
||||||
COMMUNITY_NAME_TMPL = "COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_%d_COMMUNITY_%s"
|
COMMUNITY_NAME_TMPL = "COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_%d_COMMUNITY_%s"
|
||||||
|
COMMUNITY_NAME_TMPL_WITH_NEIGH = "COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_%d_NEIGHBOR_%s_COMMUNITY_%s"
|
||||||
RM_NAME_TMPL = "ALLOW_LIST_DEPLOYMENT_ID_%d_V%s"
|
RM_NAME_TMPL = "ALLOW_LIST_DEPLOYMENT_ID_%d_V%s"
|
||||||
|
RM_NAME_TMPL_WITH_NEIGH = "ALLOW_LIST_DEPLOYMENT_ID_%d_NEIGHBOR_%s_V%s"
|
||||||
ROUTE_MAP_ENTRY_WITH_COMMUNITY_START = 10
|
ROUTE_MAP_ENTRY_WITH_COMMUNITY_START = 10
|
||||||
ROUTE_MAP_ENTRY_WITH_COMMUNITY_END = 29990
|
ROUTE_MAP_ENTRY_WITH_COMMUNITY_END = 29990
|
||||||
ROUTE_MAP_ENTRY_WITHOUT_COMMUNITY_START = 30000
|
ROUTE_MAP_ENTRY_WITHOUT_COMMUNITY_START = 30000
|
||||||
@ -38,7 +41,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
db,
|
db,
|
||||||
table,
|
table,
|
||||||
)
|
)
|
||||||
self.key_re = re.compile(r"^DEPLOYMENT_ID\|\d+\|\S+$|^DEPLOYMENT_ID\|\d+$")
|
self.key_re = re.compile(r"^DEPLOYMENT_ID\|\d+\|\S+$|^DEPLOYMENT_ID\|\d+$|^DEPLOYMENT_ID\|\d+\|\S+\|NEIGHBOR_TYPE\|\S+$|^DEPLOYMENT_ID\|\d+\|NEIGHBOR_TYPE\|\S+")
|
||||||
self.enabled = self.__get_enabled()
|
self.enabled = self.__get_enabled()
|
||||||
self.prefix_match_tag = self.__get_routemap_tag()
|
self.prefix_match_tag = self.__get_routemap_tag()
|
||||||
self.__load_constant_lists()
|
self.__load_constant_lists()
|
||||||
@ -55,8 +58,14 @@ class BGPAllowListMgr(Manager):
|
|||||||
return True
|
return True
|
||||||
if not self.__set_handler_validate(key, data):
|
if not self.__set_handler_validate(key, data):
|
||||||
return True
|
return True
|
||||||
|
if 'NEIGHBOR_TYPE' in key:
|
||||||
|
keys = key.split('|NEIGHBOR_TYPE|', 1)
|
||||||
|
deployment_id = keys[0].replace("DEPLOYMENT_ID|", "")
|
||||||
|
neighbor_type, community_value = keys[1].split('|', 1) if '|' in keys[1] else (keys[1], BGPAllowListMgr.EMPTY_COMMUNITY)
|
||||||
|
else:
|
||||||
key = key.replace("DEPLOYMENT_ID|", "")
|
key = key.replace("DEPLOYMENT_ID|", "")
|
||||||
deployment_id, community_value = key.split('|', 1) if '|' in key else (key, BGPAllowListMgr.EMPTY_COMMUNITY)
|
deployment_id, community_value = key.split('|', 1) if '|' in key else (key, BGPAllowListMgr.EMPTY_COMMUNITY)
|
||||||
|
neighbor_type = ''
|
||||||
deployment_id = int(deployment_id)
|
deployment_id = int(deployment_id)
|
||||||
prefixes_v4 = []
|
prefixes_v4 = []
|
||||||
prefixes_v6 = []
|
prefixes_v6 = []
|
||||||
@ -65,7 +74,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
if "prefixes_v6" in data:
|
if "prefixes_v6" in data:
|
||||||
prefixes_v6 = str(data['prefixes_v6']).split(",")
|
prefixes_v6 = str(data['prefixes_v6']).split(",")
|
||||||
default_action_community = self.__get_default_action_community(data)
|
default_action_community = self.__get_default_action_community(data)
|
||||||
self.__update_policy(deployment_id, community_value, prefixes_v4, prefixes_v6, default_action_community)
|
self.__update_policy(deployment_id, community_value, prefixes_v4, prefixes_v6, default_action_community, neighbor_type)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def __set_handler_validate(self, key, data):
|
def __set_handler_validate(self, key, data):
|
||||||
@ -85,13 +94,13 @@ class BGPAllowListMgr(Manager):
|
|||||||
prefixes_v6 = []
|
prefixes_v6 = []
|
||||||
if "prefixes_v4" in data:
|
if "prefixes_v4" in data:
|
||||||
prefixes_v4 = str(data["prefixes_v4"]).split(",")
|
prefixes_v4 = str(data["prefixes_v4"]).split(",")
|
||||||
if not all(TemplateFabric.is_ipv4(prefix) for prefix in prefixes_v4):
|
if not all(TemplateFabric.is_ipv4(re.split('ge|le', prefix)[0]) for prefix in prefixes_v4):
|
||||||
arguments = "prefixes_v4", str(data["prefixes_v4"])
|
arguments = "prefixes_v4", str(data["prefixes_v4"])
|
||||||
log_err("BGPAllowListMgr::Received BGP ALLOWED 'SET' message with invalid input[%s]:'%s'" % arguments)
|
log_err("BGPAllowListMgr::Received BGP ALLOWED 'SET' message with invalid input[%s]:'%s'" % arguments)
|
||||||
return False
|
return False
|
||||||
if "prefixes_v6" in data:
|
if "prefixes_v6" in data:
|
||||||
prefixes_v6 = str(data["prefixes_v6"]).split(",")
|
prefixes_v6 = str(data["prefixes_v6"]).split(",")
|
||||||
if not all(TemplateFabric.is_ipv6(prefix) for prefix in prefixes_v6):
|
if not all(TemplateFabric.is_ipv6(re.split('ge|le', prefix)[0]) for prefix in prefixes_v6):
|
||||||
arguments = "prefixes_v6", str(data["prefixes_v6"])
|
arguments = "prefixes_v6", str(data["prefixes_v6"])
|
||||||
log_err("BGPAllowListMgr::Received BGP ALLOWED 'SET' message with invalid input[%s]:'%s'" % arguments)
|
log_err("BGPAllowListMgr::Received BGP ALLOWED 'SET' message with invalid input[%s]:'%s'" % arguments)
|
||||||
return False
|
return False
|
||||||
@ -113,10 +122,18 @@ class BGPAllowListMgr(Manager):
|
|||||||
return
|
return
|
||||||
if not self.__del_handler_validate(key):
|
if not self.__del_handler_validate(key):
|
||||||
return
|
return
|
||||||
key = key.replace('DEPLOYMENT_ID|', '')
|
|
||||||
deployment_id, community = key.split('|', 1) if '|' in key else (key, BGPAllowListMgr.EMPTY_COMMUNITY)
|
if 'NEIGHBOR_TYPE' in key:
|
||||||
|
keys = key.split('|NEIGHBOR_TYPE|', 1)
|
||||||
|
deployment_id = keys[0].replace("DEPLOYMENT_ID|", "")
|
||||||
|
neighbor_type, community_value = keys[1].split('|', 1) if '|' in keys[1] else (keys[1], BGPAllowListMgr.EMPTY_COMMUNITY)
|
||||||
|
else:
|
||||||
|
key = key.replace("DEPLOYMENT_ID|", "")
|
||||||
|
deployment_id, community_value = key.split('|', 1) if '|' in key else (key, BGPAllowListMgr.EMPTY_COMMUNITY)
|
||||||
|
neighbor_type = ''
|
||||||
|
|
||||||
deployment_id = int(deployment_id)
|
deployment_id = int(deployment_id)
|
||||||
self.__remove_policy(deployment_id, community)
|
self.__remove_policy(deployment_id, community_value, neighbor_type)
|
||||||
|
|
||||||
def __del_handler_validate(self, key):
|
def __del_handler_validate(self, key):
|
||||||
"""
|
"""
|
||||||
@ -129,7 +146,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def __update_policy(self, deployment_id, community_value, prefixes_v4, prefixes_v6, default_action):
|
def __update_policy(self, deployment_id, community_value, prefixes_v4, prefixes_v6, default_action, neighbor_type):
|
||||||
"""
|
"""
|
||||||
Update "allow list" policy with parameters
|
Update "allow list" policy with parameters
|
||||||
:param deployment_id: deployment id which policy will be changed
|
:param deployment_id: deployment id which policy will be changed
|
||||||
@ -139,12 +156,13 @@ class BGPAllowListMgr(Manager):
|
|||||||
:param default_action: the default action for the policy. should be either 'permit' or 'deny'
|
:param default_action: the default action for the policy. should be either 'permit' or 'deny'
|
||||||
"""
|
"""
|
||||||
# update all related entries with the information
|
# update all related entries with the information
|
||||||
info = deployment_id, community_value, str(prefixes_v4), str(prefixes_v6)
|
info = deployment_id, community_value, str(prefixes_v4), str(prefixes_v6), neighbor_type
|
||||||
msg = "BGPAllowListMgr::Updating 'Allow list' policy."
|
msg = "BGPAllowListMgr::Updating 'Allow list' policy."
|
||||||
msg += " deployment_id '%s'. community: '%s'"
|
msg += " deployment_id '%s'. community: '%s'"
|
||||||
msg += " prefix_v4 '%s'. prefix_v6: '%s'"
|
msg += " prefix_v4 '%s'. prefix_v6: '%s'"
|
||||||
|
msg += " neighbor_type %s"
|
||||||
log_info(msg % info)
|
log_info(msg % info)
|
||||||
names = self.__generate_names(deployment_id, community_value)
|
names = self.__generate_names(deployment_id, community_value, neighbor_type)
|
||||||
self.cfg_mgr.update()
|
self.cfg_mgr.update()
|
||||||
cmds = []
|
cmds = []
|
||||||
cmds += self.__update_prefix_list(self.V4, names['pl_v4'], prefixes_v4)
|
cmds += self.__update_prefix_list(self.V4, names['pl_v4'], prefixes_v4)
|
||||||
@ -156,14 +174,14 @@ class BGPAllowListMgr(Manager):
|
|||||||
cmds += self.__update_default_route_map_entry(names['rm_v6'], default_action)
|
cmds += self.__update_default_route_map_entry(names['rm_v6'], default_action)
|
||||||
if cmds:
|
if cmds:
|
||||||
self.cfg_mgr.push_list(cmds)
|
self.cfg_mgr.push_list(cmds)
|
||||||
peer_groups = self.__find_peer_group_by_deployment_id(deployment_id)
|
peer_groups = self.__find_peer_group(deployment_id, neighbor_type)
|
||||||
self.cfg_mgr.restart_peer_groups(peer_groups)
|
self.cfg_mgr.restart_peer_groups(peer_groups)
|
||||||
log_debug("BGPAllowListMgr::__update_policy. The peers configuration scheduled for updates")
|
log_debug("BGPAllowListMgr::__update_policy. The peers configuration scheduled for updates")
|
||||||
else:
|
else:
|
||||||
log_debug("BGPAllowListMgr::__update_policy. Nothing to update")
|
log_debug("BGPAllowListMgr::__update_policy. Nothing to update")
|
||||||
log_info("BGPAllowListMgr::Done")
|
log_info("BGPAllowListMgr::Done")
|
||||||
|
|
||||||
def __remove_policy(self, deployment_id, community_value):
|
def __remove_policy(self, deployment_id, community_value, neighbor_type):
|
||||||
"""
|
"""
|
||||||
Remove "allow list" policy for given deployment_id and community_value
|
Remove "allow list" policy for given deployment_id and community_value
|
||||||
:param deployment_id: deployment id which policy will be removed
|
:param deployment_id: deployment id which policy will be removed
|
||||||
@ -177,7 +195,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
log_info(msg % info)
|
log_info(msg % info)
|
||||||
|
|
||||||
default_action = self.__get_default_action_community()
|
default_action = self.__get_default_action_community()
|
||||||
names = self.__generate_names(deployment_id, community_value)
|
names = self.__generate_names(deployment_id, community_value, neighbor_type)
|
||||||
self.cfg_mgr.update()
|
self.cfg_mgr.update()
|
||||||
cmds = []
|
cmds = []
|
||||||
cmds += self.__remove_allow_route_map_entry(self.V4, names['pl_v4'], names['community'], names['rm_v4'])
|
cmds += self.__remove_allow_route_map_entry(self.V4, names['pl_v4'], names['community'], names['rm_v4'])
|
||||||
@ -189,7 +207,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
cmds += self.__update_default_route_map_entry(names['rm_v6'], default_action)
|
cmds += self.__update_default_route_map_entry(names['rm_v6'], default_action)
|
||||||
if cmds:
|
if cmds:
|
||||||
self.cfg_mgr.push_list(cmds)
|
self.cfg_mgr.push_list(cmds)
|
||||||
peer_groups = self.__find_peer_group_by_deployment_id(deployment_id)
|
peer_groups = self.__find_peer_group(deployment_id, neighbor_type)
|
||||||
self.cfg_mgr.restart_peer_groups(peer_groups)
|
self.cfg_mgr.restart_peer_groups(peer_groups)
|
||||||
log_debug("BGPAllowListMgr::__remove_policy. 'Allow list' policy was scheduled for removal")
|
log_debug("BGPAllowListMgr::__remove_policy. 'Allow list' policy was scheduled for removal")
|
||||||
else:
|
else:
|
||||||
@ -197,13 +215,14 @@ class BGPAllowListMgr(Manager):
|
|||||||
log_info('BGPAllowListMgr::Done')
|
log_info('BGPAllowListMgr::Done')
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def __generate_names(deployment_id, community_value):
|
def __generate_names(deployment_id, community_value, neighbor_type):
|
||||||
"""
|
"""
|
||||||
Generate prefix-list names for a given peer_ip and community value
|
Generate prefix-list names for a given peer_ip and community value
|
||||||
:param deployment_id: deployment_id for which we're going to filter prefixes
|
:param deployment_id: deployment_id for which we're going to filter prefixes
|
||||||
:param community_value: community, which we want to use to filter prefixes
|
:param community_value: community, which we want to use to filter prefixes
|
||||||
:return: a dictionary with names
|
:return: a dictionary with names
|
||||||
"""
|
"""
|
||||||
|
if not neighbor_type:
|
||||||
if community_value == BGPAllowListMgr.EMPTY_COMMUNITY:
|
if community_value == BGPAllowListMgr.EMPTY_COMMUNITY:
|
||||||
community_name = BGPAllowListMgr.EMPTY_COMMUNITY
|
community_name = BGPAllowListMgr.EMPTY_COMMUNITY
|
||||||
else:
|
else:
|
||||||
@ -214,9 +233,24 @@ class BGPAllowListMgr(Manager):
|
|||||||
"rm_v4": BGPAllowListMgr.RM_NAME_TMPL % (deployment_id, '4'),
|
"rm_v4": BGPAllowListMgr.RM_NAME_TMPL % (deployment_id, '4'),
|
||||||
"rm_v6": BGPAllowListMgr.RM_NAME_TMPL % (deployment_id, '6'),
|
"rm_v6": BGPAllowListMgr.RM_NAME_TMPL % (deployment_id, '6'),
|
||||||
"community": community_name,
|
"community": community_name,
|
||||||
|
'neigh_type': neighbor_type,
|
||||||
}
|
}
|
||||||
arguments = deployment_id, community_value, str(names)
|
arguments = deployment_id, community_value, str(names)
|
||||||
log_debug("BGPAllowListMgr::__generate_names. deployment_id: %d, community: %s. names: %s" % arguments)
|
log_debug("BGPAllowListMgr::__generate_names. deployment_id: %d, community: %s. names: %s" % arguments)
|
||||||
|
else:
|
||||||
|
if community_value == BGPAllowListMgr.EMPTY_COMMUNITY:
|
||||||
|
community_name = BGPAllowListMgr.EMPTY_COMMUNITY
|
||||||
|
else:
|
||||||
|
community_name = BGPAllowListMgr.COMMUNITY_NAME_TMPL_WITH_NEIGH % (deployment_id, neighbor_type, community_value)
|
||||||
|
names = {
|
||||||
|
"pl_v4": BGPAllowListMgr.PL_NAME_TMPL_WITH_NEIGH % (deployment_id, neighbor_type, community_value, '4'),
|
||||||
|
"pl_v6": BGPAllowListMgr.PL_NAME_TMPL_WITH_NEIGH % (deployment_id, neighbor_type, community_value, '6'),
|
||||||
|
"rm_v4": BGPAllowListMgr.RM_NAME_TMPL_WITH_NEIGH % (deployment_id, neighbor_type, '4'),
|
||||||
|
"rm_v6": BGPAllowListMgr.RM_NAME_TMPL_WITH_NEIGH % (deployment_id, neighbor_type, '6'),
|
||||||
|
"community": community_name,
|
||||||
|
}
|
||||||
|
arguments = deployment_id, neighbor_type, community_value, str(names)
|
||||||
|
log_debug("BGPAllowListMgr::__generate_names. deployment_id: %d, neighbor_type: %s, community: %s. names: %s" % arguments)
|
||||||
return names
|
return names
|
||||||
|
|
||||||
def __update_prefix_list(self, af, pl_name, allow_list):
|
def __update_prefix_list(self, af, pl_name, allow_list):
|
||||||
@ -630,7 +664,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
return prefix_match_tag
|
return prefix_match_tag
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def __get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call):
|
def __get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call, neighbor_type):
|
||||||
"""
|
"""
|
||||||
Get peer_groups which are assigned to deployment_id
|
Get peer_groups which are assigned to deployment_id
|
||||||
:deployment_id: deployment_id number
|
:deployment_id: deployment_id number
|
||||||
@ -639,14 +673,17 @@ class BGPAllowListMgr(Manager):
|
|||||||
:rm_2_call: a dictionary: key - name of a route-map, value - name of a route-map call defined for the route-map
|
:rm_2_call: a dictionary: key - name of a route-map, value - name of a route-map call defined for the route-map
|
||||||
"""
|
"""
|
||||||
ret = set()
|
ret = set()
|
||||||
|
if not neighbor_type:
|
||||||
target_allow_list_prefix = 'ALLOW_LIST_DEPLOYMENT_ID_%d_V' % deployment_id
|
target_allow_list_prefix = 'ALLOW_LIST_DEPLOYMENT_ID_%d_V' % deployment_id
|
||||||
|
else:
|
||||||
|
target_allow_list_prefix = 'ALLOW_LIST_DEPLOYMENT_ID_%d_NEIGHBOR_%s_V' % (deployment_id, neighbor_type)
|
||||||
for peer_group, route_map in pg_2_rm.items():
|
for peer_group, route_map in pg_2_rm.items():
|
||||||
if route_map in rm_2_call:
|
if route_map in rm_2_call:
|
||||||
if rm_2_call[route_map].startswith(target_allow_list_prefix):
|
if rm_2_call[route_map].startswith(target_allow_list_prefix):
|
||||||
ret.add(peer_group)
|
ret.add(peer_group)
|
||||||
return list(ret)
|
return list(ret)
|
||||||
|
|
||||||
def __find_peer_group_by_deployment_id(self, deployment_id):
|
def __find_peer_group(self, deployment_id, neighbor_type):
|
||||||
"""
|
"""
|
||||||
Deduce peer-group names which are connected to devices with requested deployment_id
|
Deduce peer-group names which are connected to devices with requested deployment_id
|
||||||
:param deployment_id: deployment_id number
|
:param deployment_id: deployment_id number
|
||||||
@ -656,7 +693,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
peer_groups = self.__extract_peer_group_names()
|
peer_groups = self.__extract_peer_group_names()
|
||||||
pg_2_rm = self.__get_peer_group_to_route_map(peer_groups)
|
pg_2_rm = self.__get_peer_group_to_route_map(peer_groups)
|
||||||
rm_2_call = self.__get_route_map_calls(set(pg_2_rm.values()))
|
rm_2_call = self.__get_route_map_calls(set(pg_2_rm.values()))
|
||||||
ret = self.__get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call)
|
ret = self.__get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call, neighbor_type)
|
||||||
return list(ret)
|
return list(ret)
|
||||||
|
|
||||||
def __get_enabled(self):
|
def __get_enabled(self):
|
||||||
@ -706,6 +743,9 @@ class BGPAllowListMgr(Manager):
|
|||||||
res = []
|
res = []
|
||||||
prefix_mask_default = 32 if af == self.V4 else 128
|
prefix_mask_default = 32 if af == self.V4 else 128
|
||||||
for prefix in allow_list:
|
for prefix in allow_list:
|
||||||
|
if 'le' in prefix or 'ge' in prefix:
|
||||||
|
res.append("permit %s" % prefix)
|
||||||
|
else:
|
||||||
prefix_mask = int(prefix.split("/")[1])
|
prefix_mask = int(prefix.split("/")[1])
|
||||||
if prefix_mask == prefix_mask_default:
|
if prefix_mask == prefix_mask_default:
|
||||||
res.append("permit %s" % prefix)
|
res.append("permit %s" % prefix)
|
||||||
|
@ -866,6 +866,131 @@ def test_set_handler_no_community_update_prefixes_remove():
|
|||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_set_handler_with_neighbor_type():
|
||||||
|
set_del_test(
|
||||||
|
"SET",
|
||||||
|
("DEPLOYMENT_ID|5|NEIGHBOR_TYPE|OpticalLonghaulTerminal", {
|
||||||
|
"prefixes_v4": "10.62.64.0/22 ge 30,"\
|
||||||
|
"10.1.44.0/23 ge 30,"\
|
||||||
|
"10.17.92.0/23 ge 30,"\
|
||||||
|
"10.73.92.0/23 ge 30,"\
|
||||||
|
"10.26.170.0/24 ge 30,"\
|
||||||
|
"10.26.171.0/24 ge 30,"\
|
||||||
|
"10.26.255.0/24 ge 30",
|
||||||
|
"prefixes_v6": "fc01:20::/64",
|
||||||
|
}),
|
||||||
|
[
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 10 deny 0.0.0.0/0 le 17',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 20 permit 20.20.30.0/24 le 32',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 30 permit 40.50.0.0/16 le 32',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6 seq 10 deny ::/0 le 59',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6 seq 20 deny ::/0 ge 65',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6 seq 30 permit fc01:20::/64 le 128',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6 seq 40 permit fc01:30::/64 le 128',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V4 permit 30000',
|
||||||
|
' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V6 permit 30000',
|
||||||
|
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V4 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V6 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
""
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'no ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 10 deny 0.0.0.0/0 le 17',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 20 permit 10.62.64.0/22 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 30 permit 10.1.44.0/23 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 40 permit 10.17.92.0/23 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 50 permit 10.73.92.0/23 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 60 permit 10.26.170.0/24 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 70 permit 10.26.171.0/24 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V4 seq 80 permit 10.26.255.0/24 ge 30',
|
||||||
|
'no ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6 seq 10 deny ::/0 le 59',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6 seq 20 deny ::/0 ge 65',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_empty_V6 seq 30 permit fc01:20::/64 le 128',
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_set_handler_with_neighbor_type_and_community():
|
||||||
|
set_del_test(
|
||||||
|
"SET",
|
||||||
|
("DEPLOYMENT_ID|5|NEIGHBOR_TYPE|OpticalLonghaulTerminal|1010:2020", {
|
||||||
|
"prefixes_v4": "10.62.64.0/22 ge 30,"\
|
||||||
|
"10.1.44.0/23 ge 30,"\
|
||||||
|
"10.17.92.0/23 ge 30,"\
|
||||||
|
"10.73.92.0/23 ge 30,"\
|
||||||
|
"10.26.170.0/24 ge 30,"\
|
||||||
|
"10.26.171.0/24 ge 30,"\
|
||||||
|
"10.26.255.0/24 ge 30",
|
||||||
|
"prefixes_v6": "fc01:20::/64",
|
||||||
|
}),
|
||||||
|
[
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 10 deny 0.0.0.0/0 le 17',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 20 permit 20.20.30.0/24 le 32',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 30 permit 40.50.0.0/16 le 32',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6 seq 10 deny ::/0 le 59',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6 seq 20 deny ::/0 ge 65',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6 seq 30 permit fc01:20::/64 le 128',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6 seq 40 permit fc01:30::/64 le 128',
|
||||||
|
'bgp community-list standard COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020 permit 1010:2020',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V4 permit 10',
|
||||||
|
' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4',
|
||||||
|
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V6 permit 10',
|
||||||
|
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6',
|
||||||
|
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V4 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V6 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
""
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'no ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 10 deny 0.0.0.0/0 le 17',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 20 permit 10.62.64.0/22 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 30 permit 10.1.44.0/23 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 40 permit 10.17.92.0/23 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 50 permit 10.73.92.0/23 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 60 permit 10.26.170.0/24 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 70 permit 10.26.171.0/24 ge 30',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V4 seq 80 permit 10.26.255.0/24 ge 30',
|
||||||
|
'no ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6 seq 10 deny ::/0 le 59',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6 seq 20 deny ::/0 ge 65',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_COMMUNITY_1010:2020_V6 seq 30 permit fc01:20::/64 le 128',
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_del_handler_with_neighbor_type_community_no_data():
|
||||||
|
set_del_test(
|
||||||
|
"DEL",
|
||||||
|
("DEPLOYMENT_ID|5|NEIGHBOR_TYPE|OpticalLonghaulTerminal|1010:2020",),
|
||||||
|
[
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V4 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V6 permit 65535',
|
||||||
|
' set community 123:123 additive'
|
||||||
|
],
|
||||||
|
[]
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_del_handler_with_neighbor_type_no_data():
|
||||||
|
set_del_test(
|
||||||
|
"DEL",
|
||||||
|
("DEPLOYMENT_ID|5|NEIGHBOR_TYPE|OpticalLonghaulTerminal",),
|
||||||
|
[
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V4 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_NEIGHBOR_OpticalLonghaulTerminal_V6 permit 65535',
|
||||||
|
' set community 123:123 additive'
|
||||||
|
],
|
||||||
|
[]
|
||||||
|
)
|
||||||
|
|
||||||
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
||||||
def test___set_handler_validate():
|
def test___set_handler_validate():
|
||||||
from bgpcfgd.managers_allow_list import BGPAllowListMgr
|
from bgpcfgd.managers_allow_list import BGPAllowListMgr
|
||||||
@ -894,7 +1019,7 @@ def test___set_handler_validate():
|
|||||||
})
|
})
|
||||||
|
|
||||||
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
||||||
def test___find_peer_group_by_deployment_id():
|
def test___find_peer_group():
|
||||||
from bgpcfgd.managers_allow_list import BGPAllowListMgr
|
from bgpcfgd.managers_allow_list import BGPAllowListMgr
|
||||||
cfg_mgr = MagicMock()
|
cfg_mgr = MagicMock()
|
||||||
cfg_mgr.update.return_value = None
|
cfg_mgr.update.return_value = None
|
||||||
@ -984,7 +1109,7 @@ def test___find_peer_group_by_deployment_id():
|
|||||||
'constants': global_constants,
|
'constants': global_constants,
|
||||||
}
|
}
|
||||||
mgr = BGPAllowListMgr(common_objs, "CONFIG_DB", "BGP_ALLOWED_PREFIXES")
|
mgr = BGPAllowListMgr(common_objs, "CONFIG_DB", "BGP_ALLOWED_PREFIXES")
|
||||||
values = mgr._BGPAllowListMgr__find_peer_group_by_deployment_id(0)
|
values = mgr._BGPAllowListMgr__find_peer_group(0, '')
|
||||||
assert set(values) == {'PEER_V4_INT', 'PEER_V6_INT', 'PEER_V6', 'PEER_V4'}
|
assert set(values) == {'PEER_V4_INT', 'PEER_V6_INT', 'PEER_V6', 'PEER_V4'}
|
||||||
|
|
||||||
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
||||||
|
Loading…
Reference in New Issue
Block a user