Added Support for BGP allow list feature to have route-map action of setting tag (#10731)
What I did: Added support to create route-map action set tag <user define value> when the the allow prefix list matches. The tag can ben define by user in constants.yml. Why I did: Since for Allow List feature we call from base route-map allow-list route-map having set tag option provides way for base route-map to do match tag and take any further action if needed. Adding tag provide metadata that can used by base route-map
This commit is contained in:
parent
937bf09c92
commit
4fd629c021
@ -40,6 +40,7 @@ class BGPAllowListMgr(Manager):
|
|||||||
)
|
)
|
||||||
self.key_re = re.compile(r"^DEPLOYMENT_ID\|\d+\|\S+$|^DEPLOYMENT_ID\|\d+$")
|
self.key_re = re.compile(r"^DEPLOYMENT_ID\|\d+\|\S+$|^DEPLOYMENT_ID\|\d+$")
|
||||||
self.enabled = self.__get_enabled()
|
self.enabled = self.__get_enabled()
|
||||||
|
self.prefix_match_tag = self.__get_routemap_tag()
|
||||||
self.__load_constant_lists()
|
self.__load_constant_lists()
|
||||||
|
|
||||||
def set_handler(self, key, data):
|
def set_handler(self, key, data):
|
||||||
@ -396,6 +397,8 @@ class BGPAllowListMgr(Manager):
|
|||||||
]
|
]
|
||||||
if not community_name.endswith(self.EMPTY_COMMUNITY):
|
if not community_name.endswith(self.EMPTY_COMMUNITY):
|
||||||
cmds.append(" match community %s" % community_name)
|
cmds.append(" match community %s" % community_name)
|
||||||
|
elif self.prefix_match_tag:
|
||||||
|
cmds.append(" set tag %s" % self.prefix_match_tag)
|
||||||
return cmds
|
return cmds
|
||||||
|
|
||||||
def __update_default_route_map_entry(self, route_map_name, default_action_community):
|
def __update_default_route_map_entry(self, route_map_name, default_action_community):
|
||||||
@ -612,6 +615,20 @@ class BGPAllowListMgr(Manager):
|
|||||||
inside_name = result.group(1)
|
inside_name = result.group(1)
|
||||||
return rm_2_call
|
return rm_2_call
|
||||||
|
|
||||||
|
def __get_routemap_tag(self):
|
||||||
|
"""
|
||||||
|
Find if any user define tag is provided to be used when allow prefifx list is matched
|
||||||
|
:return: string: prefix mix tag if define in constants.yml else None
|
||||||
|
"""
|
||||||
|
prefix_match_tag = None
|
||||||
|
if 'bgp' in self.constants and \
|
||||||
|
'allow_list' in self.constants["bgp"] and \
|
||||||
|
'prefix_match_tag' in \
|
||||||
|
self.constants["bgp"]["allow_list"]:
|
||||||
|
prefix_match_tag = \
|
||||||
|
self.constants["bgp"]["allow_list"]["prefix_match_tag"]
|
||||||
|
return prefix_match_tag
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def __get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call):
|
def __get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call):
|
||||||
"""
|
"""
|
||||||
|
@ -26,8 +26,26 @@ global_constants = {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
global_constants_with_prefix_match_tag = {
|
||||||
|
"bgp": {
|
||||||
|
"allow_list": {
|
||||||
|
"enabled": True,
|
||||||
|
"default_pl_rules": {
|
||||||
|
"v4": [ "deny 0.0.0.0/0 le 17" ],
|
||||||
|
"v6": [
|
||||||
|
"deny 0::/0 le 59",
|
||||||
|
"deny 0::/0 ge 65"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"default_action": "permit",
|
||||||
|
"drop_community": "123:123",
|
||||||
|
"prefix_match_tag": "1001"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
|
||||||
def set_del_test(op, args, currect_config, expected_config, update_global_default_action=None):
|
def set_del_test(op, args, currect_config, expected_config, update_global_default_action=None, update_constant_prefix_match_tag=False):
|
||||||
from bgpcfgd.managers_allow_list import BGPAllowListMgr
|
from bgpcfgd.managers_allow_list import BGPAllowListMgr
|
||||||
set_del_test.push_list_called = False
|
set_del_test.push_list_called = False
|
||||||
def push_list(args):
|
def push_list(args):
|
||||||
@ -45,7 +63,7 @@ def set_del_test(op, args, currect_config, expected_config, update_global_defaul
|
|||||||
'directory': Directory(),
|
'directory': Directory(),
|
||||||
'cfg_mgr': cfg_mgr,
|
'cfg_mgr': cfg_mgr,
|
||||||
'tf': TemplateFabric(),
|
'tf': TemplateFabric(),
|
||||||
'constants': deepcopy(global_constants),
|
'constants': deepcopy(global_constants) if not update_constant_prefix_match_tag else deepcopy(global_constants_with_prefix_match_tag)
|
||||||
}
|
}
|
||||||
|
|
||||||
mgr = BGPAllowListMgr(common_objs, "CONFIG_DB", "BGP_ALLOWED_PREFIXES")
|
mgr = BGPAllowListMgr(common_objs, "CONFIG_DB", "BGP_ALLOWED_PREFIXES")
|
||||||
@ -92,6 +110,39 @@ def test_set_handler_with_community():
|
|||||||
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
|
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_set_handler_with_community_and_prefix_match_tag():
|
||||||
|
set_del_test(
|
||||||
|
"SET",
|
||||||
|
("DEPLOYMENT_ID|5|1010:2020", {
|
||||||
|
"prefixes_v4": "10.20.30.0/24,30.50.0.0/16",
|
||||||
|
"prefixes_v6": "fc00:20::/64,fc00:30::/64",
|
||||||
|
}),
|
||||||
|
[
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 65535',
|
||||||
|
' set community 123:123 additive'
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 10 deny 0.0.0.0/0 le 17',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 20 permit 10.20.30.0/24 le 32',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 30 permit 30.50.0.0/16 le 32',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 10 deny ::/0 le 59',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 20 deny ::/0 ge 65',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 30 permit fc00:20::/64 le 128',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 40 permit fc00:30::/64 le 128',
|
||||||
|
'bgp community-list standard COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020 permit 1010:2020',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 10',
|
||||||
|
' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4',
|
||||||
|
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 10',
|
||||||
|
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6',
|
||||||
|
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
|
||||||
|
],
|
||||||
|
None, True
|
||||||
|
)
|
||||||
|
|
||||||
def test_set_handler_with_community_and_permit_action():
|
def test_set_handler_with_community_and_permit_action():
|
||||||
set_del_test(
|
set_del_test(
|
||||||
"SET",
|
"SET",
|
||||||
@ -188,6 +239,38 @@ def test_set_handler_no_community():
|
|||||||
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6',
|
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6',
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_set_handler_no_community_and_prefix_match_tag():
|
||||||
|
set_del_test(
|
||||||
|
"SET",
|
||||||
|
("DEPLOYMENT_ID|5", {
|
||||||
|
"prefixes_v4": "20.20.30.0/24,40.50.0.0/16",
|
||||||
|
"prefixes_v6": "fc01:20::/64,fc01:30::/64",
|
||||||
|
}),
|
||||||
|
[
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 65535',
|
||||||
|
' set community 123:123 additive',
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 10 deny 0.0.0.0/0 le 17',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 20 permit 20.20.30.0/24 le 32',
|
||||||
|
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 30 permit 40.50.0.0/16 le 32',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 10 deny ::/0 le 59',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 20 deny ::/0 ge 65',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 30 permit fc01:20::/64 le 128',
|
||||||
|
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 40 permit fc01:30::/64 le 128',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 30000',
|
||||||
|
' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4',
|
||||||
|
' set tag 1001',
|
||||||
|
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 30000',
|
||||||
|
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6',
|
||||||
|
' set tag 1001',
|
||||||
|
],
|
||||||
|
None,True
|
||||||
|
)
|
||||||
|
|
||||||
def test_set_handler_no_community_with_permit_action():
|
def test_set_handler_no_community_with_permit_action():
|
||||||
set_del_test(
|
set_del_test(
|
||||||
"SET",
|
"SET",
|
||||||
|
Loading…
Reference in New Issue
Block a user