From c8ea6949a4d0837118e0b185c288a0bebcad419b Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Thu, 27 Jun 2024 22:46:58 +0300 Subject: [PATCH 1/2] bgpd: Ignore RFC8212 for BGP Confederations RFC 8212 should be restricted for eBGP peers. Signed-off-by: Donatas Abraitis (cherry picked from commit fa2cc09d45d3f843564f7bd1e02346373c5741a8) # Conflicts: # bgpd/bgp_route.c --- bgpd/bgp_route.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 3c4367cdac5e..c53c0bb87f44 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -5878,7 +5878,12 @@ void bgp_set_stale_route(struct peer *peer, afi_t afi, safi_t safi) bool bgp_outbound_policy_exists(struct peer *peer, struct bgp_filter *filter) { +<<<<<<< HEAD if (peer->sort == BGP_PEER_IBGP) +======= + if (peer->sort == BGP_PEER_CONFED || peer->sort == BGP_PEER_IBGP || + peer->sub_sort == BGP_PEER_EBGP_OAD) +>>>>>>> fa2cc09d45 (bgpd: Ignore RFC8212 for BGP Confederations) return true; if (peer->sort == BGP_PEER_EBGP && @@ -5891,7 +5896,12 @@ bool bgp_outbound_policy_exists(struct peer *peer, struct bgp_filter *filter) bool bgp_inbound_policy_exists(struct peer *peer, struct bgp_filter *filter) { +<<<<<<< HEAD if (peer->sort == BGP_PEER_IBGP) +======= + if (peer->sort == BGP_PEER_CONFED || peer->sort == BGP_PEER_IBGP || + peer->sub_sort == BGP_PEER_EBGP_OAD) +>>>>>>> fa2cc09d45 (bgpd: Ignore RFC8212 for BGP Confederations) return true; if (peer->sort == BGP_PEER_EBGP From 7d6796ec67dfebd46f3ff03d69a6b69cab3c4a95 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Thu, 27 Jun 2024 22:53:24 +0300 Subject: [PATCH 2/2] tests: Test if RFC 8212 is not involved for BGP confederations Signed-off-by: Donatas Abraitis (cherry picked from commit dd6a679e3a0e9415827643942bcc103c48a89adb) --- tests/topotests/bgp_confed1/r2/bgpd.conf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/topotests/bgp_confed1/r2/bgpd.conf b/tests/topotests/bgp_confed1/r2/bgpd.conf index fe13dfe72994..ba2da4160e3d 100644 --- a/tests/topotests/bgp_confed1/r2/bgpd.conf +++ b/tests/topotests/bgp_confed1/r2/bgpd.conf @@ -4,7 +4,6 @@ !debug bgp updates out ! router bgp 200 - no bgp ebgp-requires-policy bgp confederation identifier 300 bgp confederation peers 300 neighbor 192.0.2.1 remote-as 100 @@ -12,7 +11,9 @@ router bgp 200 ! address-family ipv4 unicast network 203.0.113.16/28 + neighbor 192.0.2.1 route-map any in + neighbor 192.0.2.1 route-map any out neighbor 192.0.2.18 default-originate exit-address-family ! - +route-map any permit 10