From 118a0cfd061ba563ec80cbe3892cb470038835ce Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Thu, 27 Jun 2024 22:46:58 +0300 Subject: [PATCH 1/2] bgpd: Ignore RFC8212 for BGP Confederations RFC 8212 should be restricted for eBGP peers. Signed-off-by: Donatas Abraitis (cherry picked from commit fa2cc09d45d3f843564f7bd1e02346373c5741a8) --- bgpd/bgp_route.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index a150795f0a..5fb1b05ef9 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -6024,7 +6024,8 @@ void bgp_set_stale_route(struct peer *peer, afi_t afi, safi_t safi) bool bgp_outbound_policy_exists(struct peer *peer, struct bgp_filter *filter) { - if (peer->sort == BGP_PEER_IBGP || peer->sub_sort == BGP_PEER_EBGP_OAD) + if (peer->sort == BGP_PEER_CONFED || peer->sort == BGP_PEER_IBGP || + peer->sub_sort == BGP_PEER_EBGP_OAD) return true; if (peer->sort == BGP_PEER_EBGP && @@ -6037,7 +6038,8 @@ bool bgp_outbound_policy_exists(struct peer *peer, struct bgp_filter *filter) bool bgp_inbound_policy_exists(struct peer *peer, struct bgp_filter *filter) { - if (peer->sort == BGP_PEER_IBGP || peer->sub_sort == BGP_PEER_EBGP_OAD) + if (peer->sort == BGP_PEER_CONFED || peer->sort == BGP_PEER_IBGP || + peer->sub_sort == BGP_PEER_EBGP_OAD) return true; if (peer->sort == BGP_PEER_EBGP From 926554df2053d4b13ea265a3e934ccda9a4ee7b8 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Thu, 27 Jun 2024 22:53:24 +0300 Subject: [PATCH 2/2] tests: Test if RFC 8212 is not involved for BGP confederations Signed-off-by: Donatas Abraitis (cherry picked from commit dd6a679e3a0e9415827643942bcc103c48a89adb) --- tests/topotests/bgp_confed1/r2/bgpd.conf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/topotests/bgp_confed1/r2/bgpd.conf b/tests/topotests/bgp_confed1/r2/bgpd.conf index fe13dfe729..ba2da4160e 100644 --- a/tests/topotests/bgp_confed1/r2/bgpd.conf +++ b/tests/topotests/bgp_confed1/r2/bgpd.conf @@ -4,7 +4,6 @@ !debug bgp updates out ! router bgp 200 - no bgp ebgp-requires-policy bgp confederation identifier 300 bgp confederation peers 300 neighbor 192.0.2.1 remote-as 100 @@ -12,7 +11,9 @@ router bgp 200 ! address-family ipv4 unicast network 203.0.113.16/28 + neighbor 192.0.2.1 route-map any in + neighbor 192.0.2.1 route-map any out neighbor 192.0.2.18 default-originate exit-address-family ! - +route-map any permit 10