Add community to prefixes, which must be dropped.

pavel-shirshov · pavel-shirshov · commit 3ad2cf727876 · 2020-05-11T16:22:36.000-07:00
diff --git a/dockers/docker-fpm-quagga/bgpd.conf.j2 b/dockers/docker-fpm-quagga/bgpd.conf.j2
@@ -150,8 +150,14 @@ route-map FROM_PEER_V6 permit 10
 !
 {% if allow_list_enabled %}
 route-map ALLOW_LIST_V4 {{ allow_list_default_action }} 65535
+{%   if allow_list_default_action.strip() == 'permit' %}
+  set community {{ allow_list_drop_prefix }} additive
+{%   endif %}
 !
 route-map ALLOW_LIST_V6 {{ allow_list_default_action }} 65535
+{%   if allow_list_default_action.strip() == 'permit' %}
+  set community {{ allow_list_drop_prefix }} additive
+{%   endif %}
 !
 ip prefix-list ALLOW_ADDRESS_ALLOW_ALL_V4 seq 10 permit any
 !
diff --git a/files/image_config/asn/deployment_id_asn_map.yml b/files/image_config/asn/deployment_id_asn_map.yml
@@ -3,3 +3,4 @@ deployment_id_asn_map:
 
 allow_list_enabled: true
 allow_list_default_action: permit   # or deny
+allow_list_drop_prefix: 5060:12345  # value of the community to identify a prefix to drop. Make sense only with allow_list_default_action equal to 'permit'
diff --git a/src/sonic-config-engine/tests/sample_output/bgpd_quagga.conf b/src/sonic-config-engine/tests/sample_output/bgpd_quagga.conf
@@ -65,8 +65,10 @@ route-map FROM_PEER_V6 permit 1
 route-map FROM_PEER_V6 permit 10
 !
 route-map ALLOW_LIST_V4 permit 65535
+  set community 5060:12345 additive
 !
 route-map ALLOW_LIST_V6 permit 65535
+  set community 5060:12345 additive
 !
 ip prefix-list ALLOW_ADDRESS_ALLOW_ALL_V4 seq 10 permit any
 !

Original file line number	Diff line number	Diff line change
`@@ -150,8 +150,14 @@ route-map FROM_PEER_V6 permit 10`
`150`	`150`	`!`
`151`	`151`	`{% if allow_list_enabled %}`
`152`	`152`	`route-map ALLOW_LIST_V4 {{ allow_list_default_action }} 65535`
	`153`	`+{% if allow_list_default_action.strip() == 'permit' %}`
	`154`	`+ set community {{ allow_list_drop_prefix }} additive`
	`155`	`+{% endif %}`
`153`	`156`	`!`
`154`	`157`	`route-map ALLOW_LIST_V6 {{ allow_list_default_action }} 65535`
	`158`	`+{% if allow_list_default_action.strip() == 'permit' %}`
	`159`	`+ set community {{ allow_list_drop_prefix }} additive`
	`160`	`+{% endif %}`
`155`	`161`	`!`
`156`	`162`	`ip prefix-list ALLOW_ADDRESS_ALLOW_ALL_V4 seq 10 permit any`
`157`	`163`	`!`
Original file line number	Diff line number	Diff line change
`@@ -3,3 +3,4 @@ deployment_id_asn_map:`
`3`	`3`
`4`	`4`	`allow_list_enabled: true`
`5`	`5`	`allow_list_default_action: permit # or deny`
	`6`	`+allow_list_drop_prefix: 5060:12345 # value of the community to identify a prefix to drop. Make sense only with allow_list_default_action equal to 'permit'`
Original file line number	Diff line number	Diff line change
`@@ -65,8 +65,10 @@ route-map FROM_PEER_V6 permit 1`
`65`	`65`	`route-map FROM_PEER_V6 permit 10`
`66`	`66`	`!`
`67`	`67`	`route-map ALLOW_LIST_V4 permit 65535`
	`68`	`+ set community 5060:12345 additive`
`68`	`69`	`!`
`69`	`70`	`route-map ALLOW_LIST_V6 permit 65535`
	`71`	`+ set community 5060:12345 additive`
`70`	`72`	`!`
`71`	`73`	`ip prefix-list ALLOW_ADDRESS_ALLOW_ALL_V4 seq 10 permit any`
`72`	`74`	`!`