Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Support for BGP allow list feature to have route-map action of setting tag #10731

Merged
merged 18 commits into from
May 20, 2022
Merged

Added Support for BGP allow list feature to have route-map action of setting tag #10731

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
4766fcf
[submodule update] sonic-db-syncd
abdosi Apr 3, 2021
9746bb3
Merge remote-tracking branch 'upsteam/master'
abdosi Apr 5, 2021
061821d
Merge remote-tracking branch 'upsteam/master'
abdosi Apr 6, 2021
9e61e53
Merge remote-tracking branch 'upsteam/master'
abdosi Apr 21, 2021
5c3a87f
Merge remote-tracking branch 'upsteam/master'
abdosi Apr 28, 2021
5775c20
Merge remote-tracking branch 'upsteam/master'
abdosi May 14, 2021
3c20361
Merge remote-tracking branch 'upsteam/master'
abdosi May 29, 2021
cc1210d
Merge remote-tracking branch 'upsteam/master'
abdosi Aug 17, 2021
7bae398
Merge remote-tracking branch 'upsteam/master'
abdosi Sep 29, 2021
7126f88
Merge remote-tracking branch 'upsteam/master'
abdosi Oct 13, 2021
63c037c
Merge remote-tracking branch 'upsteam/master'
abdosi Nov 17, 2021
2eb13c6
Merge remote-tracking branch 'upsteam/master'
abdosi Dec 28, 2021
6f09dea
Merge remote-tracking branch 'upsteam/master'
abdosi Jan 13, 2022
cec65fc
Merge remote-tracking branch 'upsteam/master'
abdosi Apr 1, 2022
54f0ea3
Merge remote-tracking branch 'upsteam/master'
abdosi Apr 19, 2022
d1eeb39
Merge remote-tracking branch 'upsteam/master'
abdosi Apr 21, 2022
9a3598e
Merge remote-tracking branch 'upsteam/master'
abdosi May 2, 2022
1832869
Added support to create route-map action `set tag <user define value>`
abdosi May 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions src/sonic-bgpcfgd/bgpcfgd/managers_allow_list.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ def __init__(self, common_objs, db, table):
)
self.key_re = re.compile(r"^DEPLOYMENT_ID\|\d+\|\S+$|^DEPLOYMENT_ID\|\d+$")
self.enabled = self.__get_enabled()
self.prefix_match_tag = self.__get_routemap_tag()
StormLiangMS marked this conversation as resolved.
Show resolved Hide resolved
self.__load_constant_lists()

def set_handler(self, key, data):
Expand Down Expand Up @@ -396,6 +397,8 @@ def __update_allow_route_map_entry(self, af, allow_address_pl_name, community_na
]
if not community_name.endswith(self.EMPTY_COMMUNITY):
cmds.append(" match community %s" % community_name)
elif self.prefix_match_tag:
cmds.append(" set tag %s" % self.prefix_match_tag)
return cmds

def __update_default_route_map_entry(self, route_map_name, default_action_community):
Expand Down Expand Up @@ -612,6 +615,20 @@ def __get_route_map_calls(self, rms):
inside_name = result.group(1)
return rm_2_call

def __get_routemap_tag(self):
"""
Find if any user define tag is provided to be used when allow prefifx list is matched
:return: string: prefix mix tag if define in constants.yml else None
"""
prefix_match_tag = None
if 'bgp' in self.constants and \
'allow_list' in self.constants["bgp"] and \
'prefix_match_tag' in \
self.constants["bgp"]["allow_list"]:
prefix_match_tag = \
self.constants["bgp"]["allow_list"]["prefix_match_tag"]
return prefix_match_tag

@staticmethod
def __get_peer_group_to_restart(deployment_id, pg_2_rm, rm_2_call):
"""
Expand Down
87 changes: 85 additions & 2 deletions src/sonic-bgpcfgd/tests/test_allow_list.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,26 @@
}
}

global_constants_with_prefix_match_tag = {
"bgp": {
"allow_list": {
"enabled": True,
"default_pl_rules": {
"v4": [ "deny 0.0.0.0/0 le 17" ],
"v6": [
"deny 0::/0 le 59",
"deny 0::/0 ge 65"
]
},
"default_action": "permit",
"drop_community": "123:123",
"prefix_match_tag": "1001"
}
}
}

@patch.dict("sys.modules", swsscommon=swsscommon_module_mock)
def set_del_test(op, args, currect_config, expected_config, update_global_default_action=None):
def set_del_test(op, args, currect_config, expected_config, update_global_default_action=None, update_constant_prefix_match_tag=False):
from bgpcfgd.managers_allow_list import BGPAllowListMgr
set_del_test.push_list_called = False
def push_list(args):
Expand All @@ -45,7 +63,7 @@ def push_list(args):
'directory': Directory(),
'cfg_mgr': cfg_mgr,
'tf': TemplateFabric(),
'constants': deepcopy(global_constants),
'constants': deepcopy(global_constants) if not update_constant_prefix_match_tag else deepcopy(global_constants_with_prefix_match_tag)
}

mgr = BGPAllowListMgr(common_objs, "CONFIG_DB", "BGP_ALLOWED_PREFIXES")
Expand Down Expand Up @@ -92,6 +110,39 @@ def test_set_handler_with_community():
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
]
)

def test_set_handler_with_community_and_prefix_match_tag():
set_del_test(
"SET",
("DEPLOYMENT_ID|5|1010:2020", {
"prefixes_v4": "10.20.30.0/24,30.50.0.0/16",
"prefixes_v6": "fc00:20::/64,fc00:30::/64",
}),
[
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 65535',
' set community 123:123 additive',
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 65535',
' set community 123:123 additive'
],
[
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 10 deny 0.0.0.0/0 le 17',
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 20 permit 10.20.30.0/24 le 32',
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4 seq 30 permit 30.50.0.0/16 le 32',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 10 deny ::/0 le 59',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 20 deny ::/0 ge 65',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 30 permit fc00:20::/64 le 128',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6 seq 40 permit fc00:30::/64 le 128',
'bgp community-list standard COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020 permit 1010:2020',
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 10',
' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V4',
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 10',
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020_V6',
' match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_1010:2020',
],
None, True
)

def test_set_handler_with_community_and_permit_action():
set_del_test(
"SET",
Expand Down Expand Up @@ -188,6 +239,38 @@ def test_set_handler_no_community():
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6',
]
)

def test_set_handler_no_community_and_prefix_match_tag():
set_del_test(
"SET",
("DEPLOYMENT_ID|5", {
"prefixes_v4": "20.20.30.0/24,40.50.0.0/16",
"prefixes_v6": "fc01:20::/64,fc01:30::/64",
}),
[
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 65535',
' set community 123:123 additive',
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 65535',
' set community 123:123 additive',
],
[
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 10 deny 0.0.0.0/0 le 17',
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 20 permit 20.20.30.0/24 le 32',
'ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4 seq 30 permit 40.50.0.0/16 le 32',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 10 deny ::/0 le 59',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 20 deny ::/0 ge 65',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 30 permit fc01:20::/64 le 128',
'ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6 seq 40 permit fc01:30::/64 le 128',
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V4 permit 30000',
' match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V4',
' set tag 1001',
'route-map ALLOW_LIST_DEPLOYMENT_ID_5_V6 permit 30000',
' match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_5_COMMUNITY_empty_V6',
' set tag 1001',
],
None,True
)

def test_set_handler_no_community_with_permit_action():
set_del_test(
"SET",
Expand Down