437ad95646
implements a new feature: "BGP Allow list." This feature allows us to control which IP prefixes are going to be advertised via ebgp from the routes received from EBGP neighbors.
58 lines
1.6 KiB
Django/Jinja
58 lines
1.6 KiB
Django/Jinja
!
|
|
! template: bgpd/templates/general/policies.conf.j2
|
|
!
|
|
!
|
|
!
|
|
{% if constants.bgp.allow_list is defined and constants.bgp.allow_list.enabled is defined and constants.bgp.allow_list.enabled %}
|
|
{% if constants.bgp.allow_list.default_action is defined and constants.bgp.allow_list.default_action.strip() == 'deny' %}
|
|
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
|
|
set community no-export additive
|
|
!
|
|
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
|
|
set community no-export additive
|
|
{% else %}
|
|
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
|
|
set community {{ constants.bgp.allow_list.drop_community }} additive
|
|
!
|
|
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
|
|
set community {{ constants.bgp.allow_list.drop_community }} additive
|
|
{% endif %}
|
|
!
|
|
route-map FROM_BGP_PEER_V4 permit 2
|
|
call ALLOW_LIST_DEPLOYMENT_ID_0_V4
|
|
on-match next
|
|
!
|
|
route-map FROM_BGP_PEER_V6 permit 2
|
|
call ALLOW_LIST_DEPLOYMENT_ID_0_V6
|
|
on-match next
|
|
!
|
|
{% endif %}
|
|
!
|
|
!
|
|
!
|
|
route-map FROM_BGP_PEER_V4 permit 100
|
|
!
|
|
route-map TO_BGP_PEER_V4 permit 100
|
|
!
|
|
!
|
|
route-map FROM_BGP_PEER_V6 permit 1
|
|
set ipv6 next-hop prefer-global
|
|
!
|
|
route-map FROM_BGP_PEER_V6 permit 100
|
|
!
|
|
route-map TO_BGP_PEER_V6 permit 100
|
|
!
|
|
{% if CONFIG_DB__DEVICE_METADATA['localhost']['sub_role'] == 'BackEnd' %}
|
|
route-map FROM_BGP_PEER_V4_INT permit 2
|
|
set originator-id {{ loopback0_ipv4 | ip }}
|
|
!
|
|
route-map FROM_BGP_PEER_V6_INT permit 1
|
|
set ipv6 next-hop prefer-global
|
|
!
|
|
route-map FROM_BGP_PEER_V6_INT permit 2
|
|
set originator-id {{ loopback0_ipv4 | ip }}
|
|
{% endif %}
|
|
!
|
|
! end of template: bgpd/templates/general/policies.conf.j2
|
|
!
|