From 25d369d084921d79c4d993740df81e0de0974cf5 Mon Sep 17 00:00:00 2001 From: Pavel Shirshov Date: Thu, 12 Nov 2020 23:07:42 +0000 Subject: [PATCH] Merged PR 3775385: Updates and fixes of BGP policies from Ivan's team Pavel Shirshov: 1. Add send-community to all T0 templates (Ivan request) 2. Renumber route-map entries starting from 100 with step 100 (Done by Andrew Eaton mostly) 3. Add route-map filters for every peer-group., Required for TSA Andrew Eaton: 1. Adding UPSTREAM_PREFIX community list. 2. Policy changes true up the configs for SONiC with that of Arista and Nexus T1 NDM Templates. 3. Policy intends to override AS path length by setting local preference on routes learned from downstream peers. 4. There are certain failure scenarios where traffic will take longs paths or get blackholed if we don't do this. --- .../templates/msft.dynamic/policies.conf.j2 | 4 +- .../msft.general/v4.leaf.msee/policy.conf.j2 | 49 +++++++++-------- .../msft.general/v4.leaf.spine/policy.conf.j2 | 8 +-- .../v4.leaf.tor.all/policy.conf.j2 | 49 +++++++++-------- .../v4.leaf.tor.tycoon/policy.conf.j2 | 20 ++++--- .../v4.mgmttor/peer-group.conf.j2 | 3 ++ .../msft.general/v4.mgmttor/policy.conf.j2 | 4 +- .../msft.general/v4.tor/peer-group.conf.j2 | 3 ++ .../msft.general/v4.tor/policy.conf.j2 | 4 +- .../msft.general/v6.leaf.msee/policy.conf.j2 | 44 ++++++++------- .../msft.general/v6.leaf.spine/policy.conf.j2 | 11 ++-- .../v6.leaf.tor.all/policy.conf.j2 | 54 +++++++++++-------- .../v6.leaf.tor.dnsagg/policy.conf.j2 | 14 +++-- .../v6.leaf.tor.tycoon/policy.conf.j2 | 28 ++++++---- .../v6.mgmttor/peer-group.conf.j2 | 2 + .../msft.general/v6.mgmttor/policy.conf.j2 | 5 +- .../msft.general/v6.tor/peer-group.conf.j2 | 2 + .../msft.general/v6.tor/policy.conf.j2 | 6 ++- .../templates/msft.monitors/policies.conf.j2 | 4 +- .../policies.conf/result_all.conf | 4 +- .../result_v4.mgmttor_all.conf | 3 ++ .../peer-group.conf/result_v4.tor_all.conf | 3 ++ .../result_v6.mgmttor_all.conf | 2 + .../peer-group.conf/result_v6.tor_all.conf | 2 + .../result_v4.leaf.msee_all.conf | 49 +++++++++-------- .../result_v4.leaf.spine_all.conf | 8 +-- .../result_v4.leaf.tor.all_all.conf | 49 +++++++++-------- .../result_v4.leaf.tor.tycoon_all.conf | 19 ++++--- .../policies.conf/result_v4.mgmttor_all.conf | 4 ++ .../policies.conf/result_v4.tor_all.conf | 4 ++ .../result_v6.leaf.msee_all.conf | 44 ++++++++------- .../result_v6.leaf.spine_all.conf | 11 ++-- .../result_v6.leaf.tor.all_all.conf | 54 +++++++++++-------- .../result_v6.leaf.tor.dnsagg_all.conf | 13 +++-- .../result_v6.leaf.tor.dnsagg_all_fpn.conf | 13 +++-- .../result_v6.leaf.tor.tycoon_all.conf | 28 ++++++---- .../policies.conf/result_v6.mgmttor_all.conf | 6 ++- .../policies.conf/result_v6.tor_all.conf | 6 ++- .../policies.conf/result_all.conf | 4 +- 39 files changed, 400 insertions(+), 240 deletions(-) diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.dynamic/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.dynamic/policies.conf.j2 index 009eabfd4136..ce5861f6470d 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.dynamic/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.dynamic/policies.conf.j2 @@ -3,9 +3,9 @@ ! {% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] in ['ToRRouter', 'BackEndToRRouter'] %} ! -route-map FROM_BGP_SPEAKER permit 10 +route-map FROM_BGP_SPEAKER permit 100 ! -route-map TO_BGP_SPEAKER deny 10 +route-map TO_BGP_SPEAKER deny 100 ! {% endif %} ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 index bcdb4c4d79ed..400b8a09d797 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 @@ -1,38 +1,45 @@ ! ! template: bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 ip prefix-list IPV4_18_OR_LONGER permit 0.0.0.0/0 ge 18 ! -route-map FROM_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 20 - match community LEAK_COMMUNITY - match ip address prefix-list IPV4_18_OR_LONGER - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 30 - match ip address prefix-list IPV4_18_OR_LONGER +route-map FROM_TIER0_V4 permit 300 + match community LEAK_COMMUNITY + match ip address prefix-list IPV4_18_OR_LONGER + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V4 deny 1000 +route-map FROM_TIER0_V4 permit 400 + match ip address prefix-list IPV4_18_OR_LONGER ! -route-map TO_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 deny 10000 ! -route-map TO_TIER0_V4 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX ! -route-map TO_TIER0_V4 permit 30 - match community UPSTREAM_PREFIX - set community no-export additive +route-map TO_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V4 permit 1000 +route-map TO_TIER0_V4 permit 300 + match community UPSTREAM_PREFIX + set community no-export additive +! +route-map TO_TIER0_V4 permit 10000 ! ! end of template: bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.spine/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.spine/policy.conf.j2 index dd3a806294a6..f07333360eb2 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.spine/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.spine/policy.conf.j2 @@ -1,15 +1,15 @@ ! ! template: bgpd/templates/msft.general/v4.leaf/policy.conf.j2 ! -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! -route-map FROM_TIER2_V4 permit 10 +route-map FROM_TIER2_V4 permit 100 set community 8075:54000 additive ! -route-map TO_TIER2_V4 deny 5 +route-map TO_TIER2_V4 deny 100 match community UPSTREAM_PREFIX ! -route-map TO_TIER2_V4 permit 10 +route-map TO_TIER2_V4 permit 10000 ! ! ! end of template: bgpd/templates/msft.general/v4.leaf/policy.conf.j2 diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 index 45d7a290694a..f30d03790a43 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 @@ -1,38 +1,45 @@ ! ! template: bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 ip prefix-list IPV4_18_OR_LONGER permit 0.0.0.0/0 ge 18 ! -route-map FROM_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 20 - match community LEAK_COMMUNITY - match ip address prefix-list IPV4_18_OR_LONGER - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 30 - match ip address prefix-list IPV4_18_OR_LONGER +route-map FROM_TIER0_V4 permit 300 + match community LEAK_COMMUNITY + match ip address prefix-list IPV4_18_OR_LONGER + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V4 deny 1000 +route-map FROM_TIER0_V4 permit 400 + match ip address prefix-list IPV4_18_OR_LONGER ! -route-map TO_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 deny 10000 ! -route-map TO_TIER0_V4 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX ! -route-map TO_TIER0_V4 permit 30 - match community UPSTREAM_PREFIX - set community no-export additive +route-map TO_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V4 permit 1000 +route-map TO_TIER0_V4 permit 300 + match community UPSTREAM_PREFIX + set community no-export additive +! +route-map TO_TIER0_V4 permit 10000 ! ! end of template: bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.tycoon/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.tycoon/policy.conf.j2 index 6e67b00811f2..aecc7b902f00 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.tycoon/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.leaf.tor.tycoon/policy.conf.j2 @@ -1,9 +1,10 @@ ! ! template: bgpd/templates/msft.general/v4.leaf.tor.tycoon/policy.conf.j2 ! -ip community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 -ip community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 -ip community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 +bgp community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 +bgp community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 +bgp community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 ip prefix-list IPV4_30_OR_LONGER permit 0.0.0.0/0 ge 30 @@ -11,22 +12,27 @@ ip prefix-list IPV4_27_OR_LONGER permit 0.0.0.0/0 ge 27 ! route-map TO_TYCOON_ER_V4 permit 100 match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX ! route-map TO_TYCOON_ER_V4 deny 10000 ! -route-map FROM_TYCOON_ER_V4 deny 100 +route-map FROM_TYCOON_ER_V4 permit 100 match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TYCOON_ER_V4 permit 200 +route-map FROM_TYCOON_ER_V4 deny 200 + match community LEAK_COMMUNITY +! +route-map FROM_TYCOON_ER_V4 permit 300 match community TYCOON_ER_COMMUNITY match ip address prefix-list IPV4_30_OR_LONGER ! -route-map FROM_TYCOON_ER_V4 permit 300 +route-map FROM_TYCOON_ER_V4 permit 400 match community SDN_APPLIANCE_COMMUNITY match ip address prefix-list IPV4_27_OR_LONGER ! route-map FROM_TYCOON_ER_V4 deny 10000 ! -! ! end of template: bgpd/templates/msft.general/v4.leaf.tor.tycoon/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2 index 4afce918e8c5..bc16c4654df2 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2 @@ -6,6 +6,9 @@ neighbor TIER1_V4 activate neighbor TIER1_V4 soft-reconfiguration inbound neighbor TIER1_V4 allowas-in 1 + neighbor TIER1_V4 route-map FROM_TIER1_V4 in + neighbor TIER1_V4 route-map TO_TIER1_V4 out + neighbor TIER1_V4 send-community neighbor TIER1_V4`maximum-prefix 4000 90 warning-only exit-address-family ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 index 61c0216071f4..564dea456438 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 @@ -1,7 +1,9 @@ ! ! template: bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 ! - +route-map FROM_TIER1_V4 permit 100 +! +route-map TO_TIER1_V4 permit 100 ! ! end of template: bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/peer-group.conf.j2 index 8e242bdd7315..6c8701e7eeaa 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/peer-group.conf.j2 @@ -6,6 +6,9 @@ neighbor TIER1_V4 activate neighbor TIER1_V4 soft-reconfiguration inbound neighbor TIER1_V4 allowas-in 1 + neighbor TIER1_V4 route-map FROM_TIER1_V4 in + neighbor TIER1_V4 route-map TO_TIER1_V4 out + neighbor TIER1_V4 send-community neighbor TIER1_V4 maximum-prefix 12000 90 warning-only exit-address-family ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/policy.conf.j2 index 4ae23bce43ea..dcbdcb6b51e7 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.tor/policy.conf.j2 @@ -1,7 +1,9 @@ ! ! template: bgpd/templates/msft.general/v4.tor/policy.conf.j2 ! - +route-map FROM_TIER1_V4 permit 100 +! +route-map TO_TIER1_V4 permit 100 ! ! end of template: bgpd/templates/msft.general/v4.tor/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 index 9e72f36c9258..532236bcdb2c 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 @@ -1,41 +1,49 @@ ! ! template: bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 ! -route-map FROM_TIER0_V6 permit 1 +route-map FROM_TIER0_V6 permit 100 set ipv6 next-hop prefer-global + on-match next ! -route-map FROM_TIER0_V6 permit 10 - match community UPSTREAM_PREFIX - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_TIER0_V6 permit 200 + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 20 - match community LEAK_COMMUNITY - match ipv6 address prefix-list IPV6_64_ONLY - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V6 permit 300 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 30 - match ipv6 address prefix-list IPV6_64_ONLY +route-map FROM_TIER0_V6 permit 400 + match community LEAK_COMMUNITY + match ipv6 address prefix-list IPV6_64_ONLY + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V6 deny 1000 +route-map FROM_TIER0_V6 permit 500 + match ipv6 address prefix-list IPV6_64_ONLY ! -route-map TO_TIER0_V6 permit 10 +route-map FROM_TIER0_V6 deny 10000 +! +route-map TO_TIER0_V6 permit 100 match community UPSTREAM_PREFIX match ipv6 address prefix-list DEFAULT_IPV6 ! -route-map TO_TIER0_V6 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V6 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V6 permit 30 +route-map TO_TIER0_V6 permit 300 match community UPSTREAM_PREFIX set community no-export additive ! -route-map TO_TIER0_V6 permit 1000 +route-map TO_TIER0_V6 permit 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.spine/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.spine/policy.conf.j2 index b5b1e756d3ce..4a7a4d598021 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.spine/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.spine/policy.conf.j2 @@ -1,19 +1,20 @@ ! ! template: bgpd/templates/msft.general/v6.leaf/policy.conf.j2 ! -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! ! -route-map FROM_TIER2_V6 permit 1 +route-map FROM_TIER2_V6 permit 100 set ipv6 next-hop prefer-global + on-match next ! -route-map FROM_TIER2_V6 permit 10 +route-map FROM_TIER2_V6 permit 200 set community 8075:54000 additive ! -route-map TO_TIER2_V6 deny 5 +route-map TO_TIER2_V6 deny 100 match community UPSTREAM_PREFIX ! -route-map TO_TIER2_V6 permit 10 +route-map TO_TIER2_V6 permit 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 index 14825c37db12..4a5f0a4931a9 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 @@ -1,41 +1,49 @@ ! ! template: bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 ! -route-map FROM_TIER0_V6 permit 1 - set ipv6 next-hop prefer-global +route-map FROM_TIER0_V6 permit 100 + set ipv6 next-hop prefer-global + on-match next ! -route-map FROM_TIER0_V6 permit 10 - match community UPSTREAM_PREFIX - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_TIER0_V6 permit 200 + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 20 - match community LEAK_COMMUNITY - match ipv6 address prefix-list IPV6_64_ONLY - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V6 permit 300 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 30 - match ipv6 address prefix-list IPV6_64_ONLY +route-map FROM_TIER0_V6 permit 400 + match community LEAK_COMMUNITY + match ipv6 address prefix-list IPV6_64_ONLY + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V6 deny 1000 +route-map FROM_TIER0_V6 permit 500 + match ipv6 address prefix-list IPV6_64_ONLY ! -route-map TO_TIER0_V6 permit 10 - match community UPSTREAM_PREFIX - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_TIER0_V6 deny 10000 ! -route-map TO_TIER0_V6 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V6 permit 100 + match community UPSTREAM_PREFIX + match ipv6 address prefix-list DEFAULT_IPV6 ! -route-map TO_TIER0_V6 permit 30 - match community UPSTREAM_PREFIX - set community no-export additive +route-map TO_TIER0_V6 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V6 permit 1000 +route-map TO_TIER0_V6 permit 300 + match community UPSTREAM_PREFIX + set community no-export additive +! +route-map TO_TIER0_V6 permit 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.dnsagg/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.dnsagg/policy.conf.j2 index 61535d1345a1..e1a288e93cc4 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.dnsagg/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.dnsagg/policy.conf.j2 @@ -1,7 +1,9 @@ ! ! template: bgpd/templates/msft.general/v6.leaf.tor.dnsagg/policy.conf.j2 ! +! bgp community-list standard DNS_VIP_COMMUNITY permit 8075:9303 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 @@ -12,14 +14,20 @@ route-map TO_DNS_AGG_V6 permit 100 ! route-map TO_DNS_AGG_V6 deny 10000 ! -route-map FROM_DNS_AGG_V6 deny 100 - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_DNS_AGG_V6 permit 100 + set ipv6 next-hop prefer-global + on-match next ! route-map FROM_DNS_AGG_V6 permit 200 + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 +! +route-map FROM_DNS_AGG_V6 permit 300 match community DNS_VIP_COMMUNITY match ipv6 address prefix-list IPV6_60_OR_LONGER ! -route-map FROM_DNS_AGG_V6 permit 300 +route-map FROM_DNS_AGG_V6 permit 400 match ipv6 address prefix-list IPV6_64_ONLY ! route-map FROM_DNS_AGG_V6 deny 10000 diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 index daa79cbfe4da..836675da0ee2 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 @@ -1,32 +1,40 @@ ! ! template: bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 ! -ip community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 -ip community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 -ip community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 +bgp community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 +bgp community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 ! route-map TO_TYCOON_ER_V6 permit 100 match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX ! route-map TO_TYCOON_ER_V6 deny 10000 ! -route-map FROM_TYCOON_ER_V6 deny 100 - match ipv6 address prefix-list DEFAULT_IPV6 -! -route-map FROM_TYCOON_ER_V6 permit 1 +route-map FROM_TYCOON_ER_V6 permit 100 set ipv6 next-hop prefer-global + on-match next ! route-map FROM_TYCOON_ER_V6 permit 200 - match community TYCOON_ER_COMMUNITY - match ipv6 address prefix-list IPV6_64_ONLY + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TYCOON_ER_V6 permit 300 +route-map FROM_TYCOON_ER_V6 deny 300 + match community LEAK_COMMUNITY +! +route-map FROM_TYCOON_ER_V6 permit 400 match community SDN_APPLIANCE_COMMUNITY match ipv6 address prefix-list IPV6_64_ONLY ! +route-map FROM_TYCOON_ER_V6 permit 500 + match community TYCOON_ER_COMMUNITY + match ipv6 address prefix-list IPV6_64_ONLY +! route-map FROM_TYCOON_ER_V6 deny 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/peer-group.conf.j2 index 8126edc0eaf9..5615ef395fa2 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/peer-group.conf.j2 @@ -6,6 +6,8 @@ neighbor TIER1_V6 activate neighbor TIER1_V6 soft-reconfiguration inbound neighbor TIER1_V6 route-map FROM_TIER1_V6 in + neighbor TIER1_V6 route-map TO_TIER1_V6 out + neighbor TIER1_V6 send-community neighbor TIER1_V6 allowas-in 1 neighbor TIER1_V6`maximum-prefix 1000 90 warning-only exit-address-family diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 index 235bb7894633..ba35db4a9f9c 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 @@ -2,9 +2,12 @@ ! template: bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 ! ! -route-map FROM_TIER1_V6 permit 1 +route-map FROM_TIER1_V6 permit 100 set ipv6 next-hop prefer-global + on-match next +route-map FROM_TIER1_V6 permit 200 ! +route-map TO_TIER1_V6 permit 100 ! ! end of template: bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/peer-group.conf.j2 index 014fe3efad2a..c95691c8d2e6 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/peer-group.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/peer-group.conf.j2 @@ -6,6 +6,8 @@ neighbor TIER1_V6 activate neighbor TIER1_V6 soft-reconfiguration inbound neighbor TIER1_V6 route-map FROM_TIER1_V6 in + neighbor TIER1_V6 route-map TO_TIER1_V6 out + neighbor TIER1_V6 send-community neighbor TIER1_V6 allowas-in 1 neighbor TIER1_V6 maximum-prefix 8000 90 warning-only exit-address-family diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/policy.conf.j2 index a89939277621..751a2025933b 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/policy.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.tor/policy.conf.j2 @@ -2,8 +2,12 @@ ! template: bgpd/templates/msft.general/v6.tor/policy.conf.j2 ! ! -route-map FROM_TIER1_V6 permit 1 +route-map FROM_TIER1_V6 permit 100 set ipv6 next-hop prefer-global + on-match next +route-map FROM_TIER1_V6 permit 200 +! +route-map TO_TIER1_V6 permit 100 ! ! ! end of template: bgpd/templates/msft.general/v6.tor/policy.conf.j2 diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.monitors/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.monitors/policies.conf.j2 index 2035dc59a2dc..71657ac3f057 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.monitors/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.monitors/policies.conf.j2 @@ -1,9 +1,9 @@ ! ! template: bgpd/templates/msft.monitors/policies.conf.j2 ! -route-map FROM_BGPMON deny 10 +route-map FROM_BGPMON deny 100 ! -route-map TO_BGPMON permit 10 +route-map TO_BGPMON permit 100 ! ! end of template: bgpd/templates/msft.monitors/policies.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.dynamic/policies.conf/result_all.conf b/src/sonic-bgpcfgd/tests/data/msft.dynamic/policies.conf/result_all.conf index d3457f2e7cd4..e201da77a7a9 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.dynamic/policies.conf/result_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.dynamic/policies.conf/result_all.conf @@ -1,9 +1,9 @@ ! ! template: bgpd/templates/msft.dynamic/policies.conf.j2 ! -route-map FROM_BGP_SPEAKER permit 10 +route-map FROM_BGP_SPEAKER permit 100 ! -route-map TO_BGP_SPEAKER deny 10 +route-map TO_BGP_SPEAKER deny 100 ! ! end of template: bgpd/templates/msft.dynamic/policies.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.mgmttor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.mgmttor_all.conf index d6d8c1e3b3b0..4bf8520c9cc0 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.mgmttor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.mgmttor_all.conf @@ -8,6 +8,9 @@ neighbor TIER1_V4 activate neighbor TIER1_V4 soft-reconfiguration inbound neighbor TIER1_V4 allowas-in 1 + neighbor TIER1_V4 route-map FROM_TIER1_V4 in + neighbor TIER1_V4 route-map TO_TIER1_V4 out + neighbor TIER1_V4 send-community neighbor TIER1_V4`maximum-prefix 4000 90 warning-only exit-address-family ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.tor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.tor_all.conf index e861801c8911..934713ba3ce9 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.tor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v4.tor_all.conf @@ -8,6 +8,9 @@ neighbor TIER1_V4 activate neighbor TIER1_V4 soft-reconfiguration inbound neighbor TIER1_V4 allowas-in 1 + neighbor TIER1_V4 route-map FROM_TIER1_V4 in + neighbor TIER1_V4 route-map TO_TIER1_V4 out + neighbor TIER1_V4 send-community neighbor TIER1_V4 maximum-prefix 12000 90 warning-only exit-address-family ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.mgmttor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.mgmttor_all.conf index 2971e9693f47..be2fdc85bc1a 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.mgmttor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.mgmttor_all.conf @@ -8,6 +8,8 @@ neighbor TIER1_V6 activate neighbor TIER1_V6 soft-reconfiguration inbound neighbor TIER1_V6 route-map FROM_TIER1_V6 in + neighbor TIER1_V6 route-map TO_TIER1_V6 out + neighbor TIER1_V6 send-community neighbor TIER1_V6 allowas-in 1 neighbor TIER1_V6`maximum-prefix 1000 90 warning-only exit-address-family diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.tor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.tor_all.conf index 19bb1fac7540..5092214fb047 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.tor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/result_v6.tor_all.conf @@ -8,6 +8,8 @@ neighbor TIER1_V6 activate neighbor TIER1_V6 soft-reconfiguration inbound neighbor TIER1_V6 route-map FROM_TIER1_V6 in + neighbor TIER1_V6 route-map TO_TIER1_V6 out + neighbor TIER1_V6 send-community neighbor TIER1_V6 allowas-in 1 neighbor TIER1_V6 maximum-prefix 8000 90 warning-only exit-address-family diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.msee_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.msee_all.conf index 2a3a9909f72e..f00da1cd7418 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.msee_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.msee_all.conf @@ -3,38 +3,45 @@ ! ! template: bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 ip prefix-list IPV4_18_OR_LONGER permit 0.0.0.0/0 ge 18 ! -route-map FROM_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 20 - match community LEAK_COMMUNITY - match ip address prefix-list IPV4_18_OR_LONGER - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 30 - match ip address prefix-list IPV4_18_OR_LONGER +route-map FROM_TIER0_V4 permit 300 + match community LEAK_COMMUNITY + match ip address prefix-list IPV4_18_OR_LONGER + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V4 deny 1000 +route-map FROM_TIER0_V4 permit 400 + match ip address prefix-list IPV4_18_OR_LONGER ! -route-map TO_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 deny 10000 ! -route-map TO_TIER0_V4 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX ! -route-map TO_TIER0_V4 permit 30 - match community UPSTREAM_PREFIX - set community no-export additive +route-map TO_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V4 permit 1000 +route-map TO_TIER0_V4 permit 300 + match community UPSTREAM_PREFIX + set community no-export additive +! +route-map TO_TIER0_V4 permit 10000 ! ! end of template: bgpd/templates/msft.general/v4.leaf.msee/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.spine_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.spine_all.conf index ac3c433d6a96..09d44b7cf675 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.spine_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.spine_all.conf @@ -3,15 +3,15 @@ ! ! template: bgpd/templates/msft.general/v4.leaf/policy.conf.j2 ! -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! -route-map FROM_TIER2_V4 permit 10 +route-map FROM_TIER2_V4 permit 100 set community 8075:54000 additive ! -route-map TO_TIER2_V4 deny 5 +route-map TO_TIER2_V4 deny 100 match community UPSTREAM_PREFIX ! -route-map TO_TIER2_V4 permit 10 +route-map TO_TIER2_V4 permit 10000 ! ! end of template: bgpd/templates/msft.general/v4.leaf/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.all_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.all_all.conf index 19eadf961921..0b7dd16e65ed 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.all_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.all_all.conf @@ -3,38 +3,45 @@ ! ! template: bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 ip prefix-list IPV4_18_OR_LONGER permit 0.0.0.0/0 ge 18 ! -route-map FROM_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 20 - match community LEAK_COMMUNITY - match ip address prefix-list IPV4_18_OR_LONGER - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V4 permit 30 - match ip address prefix-list IPV4_18_OR_LONGER +route-map FROM_TIER0_V4 permit 300 + match community LEAK_COMMUNITY + match ip address prefix-list IPV4_18_OR_LONGER + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V4 deny 1000 +route-map FROM_TIER0_V4 permit 400 + match ip address prefix-list IPV4_18_OR_LONGER ! -route-map TO_TIER0_V4 permit 10 - match community UPSTREAM_PREFIX - match ip address prefix-list DEFAULT_IPV4 +route-map FROM_TIER0_V4 deny 10000 ! -route-map TO_TIER0_V4 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V4 permit 100 + match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX ! -route-map TO_TIER0_V4 permit 30 - match community UPSTREAM_PREFIX - set community no-export additive +route-map TO_TIER0_V4 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V4 permit 1000 +route-map TO_TIER0_V4 permit 300 + match community UPSTREAM_PREFIX + set community no-export additive +! +route-map TO_TIER0_V4 permit 10000 ! ! end of template: bgpd/templates/msft.general/v4.leaf.tor.all/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.tycoon_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.tycoon_all.conf index 50713817c77d..de62f97dde4d 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.tycoon_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.leaf.tor.tycoon_all.conf @@ -3,9 +3,10 @@ ! ! template: bgpd/templates/msft.general/v4.leaf.tor.tycoon/policy.conf.j2 ! -ip community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 -ip community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 -ip community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 +bgp community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 +bgp community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 +bgp community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 ip prefix-list IPV4_30_OR_LONGER permit 0.0.0.0/0 ge 30 @@ -13,17 +14,23 @@ ip prefix-list IPV4_27_OR_LONGER permit 0.0.0.0/0 ge 27 ! route-map TO_TYCOON_ER_V4 permit 100 match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX ! route-map TO_TYCOON_ER_V4 deny 10000 ! -route-map FROM_TYCOON_ER_V4 deny 100 +route-map FROM_TYCOON_ER_V4 permit 100 match ip address prefix-list DEFAULT_IPV4 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TYCOON_ER_V4 permit 200 +route-map FROM_TYCOON_ER_V4 deny 200 + match community LEAK_COMMUNITY +! +route-map FROM_TYCOON_ER_V4 permit 300 match community TYCOON_ER_COMMUNITY match ip address prefix-list IPV4_30_OR_LONGER ! -route-map FROM_TYCOON_ER_V4 permit 300 +route-map FROM_TYCOON_ER_V4 permit 400 match community SDN_APPLIANCE_COMMUNITY match ip address prefix-list IPV4_27_OR_LONGER ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.mgmttor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.mgmttor_all.conf index 8daacbe87594..c08d26c63e09 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.mgmttor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.mgmttor_all.conf @@ -3,6 +3,10 @@ ! ! template: bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 ! +route-map FROM_TIER1_V4 permit 100 +! +route-map TO_TIER1_V4 permit 100 +! ! end of template: bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 ! ! end of template: bgpd/templates/general/policies.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.tor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.tor_all.conf index 1af9b4d455ae..03802c8dff05 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.tor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v4.tor_all.conf @@ -3,6 +3,10 @@ ! ! template: bgpd/templates/msft.general/v4.tor/policy.conf.j2 ! +route-map FROM_TIER1_V4 permit 100 +! +route-map TO_TIER1_V4 permit 100 +! ! end of template: bgpd/templates/msft.general/v4.tor/policy.conf.j2 ! ! end of template: bgpd/templates/general/policies.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.msee_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.msee_all.conf index ca44ac46789a..65527c27076b 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.msee_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.msee_all.conf @@ -3,41 +3,49 @@ ! ! template: bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 ! -route-map FROM_TIER0_V6 permit 1 +route-map FROM_TIER0_V6 permit 100 set ipv6 next-hop prefer-global + on-match next ! -route-map FROM_TIER0_V6 permit 10 - match community UPSTREAM_PREFIX - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_TIER0_V6 permit 200 + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 20 - match community LEAK_COMMUNITY - match ipv6 address prefix-list IPV6_64_ONLY - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V6 permit 300 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 30 - match ipv6 address prefix-list IPV6_64_ONLY +route-map FROM_TIER0_V6 permit 400 + match community LEAK_COMMUNITY + match ipv6 address prefix-list IPV6_64_ONLY + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V6 deny 1000 +route-map FROM_TIER0_V6 permit 500 + match ipv6 address prefix-list IPV6_64_ONLY ! -route-map TO_TIER0_V6 permit 10 +route-map FROM_TIER0_V6 deny 10000 +! +route-map TO_TIER0_V6 permit 100 match community UPSTREAM_PREFIX match ipv6 address prefix-list DEFAULT_IPV6 ! -route-map TO_TIER0_V6 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V6 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V6 permit 30 +route-map TO_TIER0_V6 permit 300 match community UPSTREAM_PREFIX set community no-export additive ! -route-map TO_TIER0_V6 permit 1000 +route-map TO_TIER0_V6 permit 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf.msee/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.spine_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.spine_all.conf index bee2d642e18f..4856462b2003 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.spine_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.spine_all.conf @@ -3,18 +3,19 @@ ! ! template: bgpd/templates/msft.general/v6.leaf/policy.conf.j2 ! -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! -route-map FROM_TIER2_V6 permit 1 +route-map FROM_TIER2_V6 permit 100 set ipv6 next-hop prefer-global + on-match next ! -route-map FROM_TIER2_V6 permit 10 +route-map FROM_TIER2_V6 permit 200 set community 8075:54000 additive ! -route-map TO_TIER2_V6 deny 5 +route-map TO_TIER2_V6 deny 100 match community UPSTREAM_PREFIX ! -route-map TO_TIER2_V6 permit 10 +route-map TO_TIER2_V6 permit 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.all_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.all_all.conf index 54fb17b8d041..b1e5c276a634 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.all_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.all_all.conf @@ -3,41 +3,49 @@ ! ! template: bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 ! -ip community-list standard LEAK_COMMUNITY permit 8075:10400 -ip community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard LEAK_COMMUNITY permit 8075:10400 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:10400.*8075:54000.* +bgp community-list expanded LEAK_PLUS_UPSTREAM permit .*8075:54000.*8075:10400.* ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 ! -route-map FROM_TIER0_V6 permit 1 - set ipv6 next-hop prefer-global +route-map FROM_TIER0_V6 permit 100 + set ipv6 next-hop prefer-global + on-match next ! -route-map FROM_TIER0_V6 permit 10 - match community UPSTREAM_PREFIX - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_TIER0_V6 permit 200 + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 20 - match community LEAK_COMMUNITY - match ipv6 address prefix-list IPV6_64_ONLY - set comm-list LEAK_COMMUNITY delete +route-map FROM_TIER0_V6 permit 300 + match community LEAK_PLUS_UPSTREAM + set local-preference 90 ! -route-map FROM_TIER0_V6 permit 30 - match ipv6 address prefix-list IPV6_64_ONLY +route-map FROM_TIER0_V6 permit 400 + match community LEAK_COMMUNITY + match ipv6 address prefix-list IPV6_64_ONLY + set comm-list LEAK_COMMUNITY delete ! -route-map FROM_TIER0_V6 deny 1000 +route-map FROM_TIER0_V6 permit 500 + match ipv6 address prefix-list IPV6_64_ONLY ! -route-map TO_TIER0_V6 permit 10 - match community UPSTREAM_PREFIX - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_TIER0_V6 deny 10000 ! -route-map TO_TIER0_V6 permit 20 - match community LEAK_COMMUNITY +route-map TO_TIER0_V6 permit 100 + match community UPSTREAM_PREFIX + match ipv6 address prefix-list DEFAULT_IPV6 ! -route-map TO_TIER0_V6 permit 30 - match community UPSTREAM_PREFIX - set community no-export additive +route-map TO_TIER0_V6 permit 200 + match community LEAK_PLUS_UPSTREAM ! -route-map TO_TIER0_V6 permit 1000 +route-map TO_TIER0_V6 permit 300 + match community UPSTREAM_PREFIX + set community no-export additive +! +route-map TO_TIER0_V6 permit 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf.tor.all/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all.conf index 4a8b5e3766fc..8d5c8b1eb478 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all.conf @@ -4,6 +4,7 @@ ! template: bgpd/templates/msft.general/v6.leaf.tor.dnsagg/policy.conf.j2 ! bgp community-list standard DNS_VIP_COMMUNITY permit 8075:9303 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 @@ -14,14 +15,20 @@ route-map TO_DNS_AGG_V6 permit 100 ! route-map TO_DNS_AGG_V6 deny 10000 ! -route-map FROM_DNS_AGG_V6 deny 100 - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_DNS_AGG_V6 permit 100 + set ipv6 next-hop prefer-global + on-match next ! route-map FROM_DNS_AGG_V6 permit 200 + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 +! +route-map FROM_DNS_AGG_V6 permit 300 match community DNS_VIP_COMMUNITY match ipv6 address prefix-list IPV6_60_OR_LONGER ! -route-map FROM_DNS_AGG_V6 permit 300 +route-map FROM_DNS_AGG_V6 permit 400 match ipv6 address prefix-list IPV6_64_ONLY ! route-map FROM_DNS_AGG_V6 deny 10000 diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all_fpn.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all_fpn.conf index 4a8b5e3766fc..8d5c8b1eb478 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all_fpn.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.dnsagg_all_fpn.conf @@ -4,6 +4,7 @@ ! template: bgpd/templates/msft.general/v6.leaf.tor.dnsagg/policy.conf.j2 ! bgp community-list standard DNS_VIP_COMMUNITY permit 8075:9303 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 @@ -14,14 +15,20 @@ route-map TO_DNS_AGG_V6 permit 100 ! route-map TO_DNS_AGG_V6 deny 10000 ! -route-map FROM_DNS_AGG_V6 deny 100 - match ipv6 address prefix-list DEFAULT_IPV6 +route-map FROM_DNS_AGG_V6 permit 100 + set ipv6 next-hop prefer-global + on-match next ! route-map FROM_DNS_AGG_V6 permit 200 + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 +! +route-map FROM_DNS_AGG_V6 permit 300 match community DNS_VIP_COMMUNITY match ipv6 address prefix-list IPV6_60_OR_LONGER ! -route-map FROM_DNS_AGG_V6 permit 300 +route-map FROM_DNS_AGG_V6 permit 400 match ipv6 address prefix-list IPV6_64_ONLY ! route-map FROM_DNS_AGG_V6 deny 10000 diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.tycoon_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.tycoon_all.conf index 73b384baa162..ff5e38783707 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.tycoon_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.leaf.tor.tycoon_all.conf @@ -3,32 +3,40 @@ ! ! template: bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 ! -ip community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 -ip community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 -ip community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 +bgp community-list standard UPSTREAM_PREFIX permit 8075:54000 +bgp community-list standard TYCOON_ER_COMMUNITY permit 12076:10450 +bgp community-list standard TYCOON_ER_COMMUNITY permit 8075:10451 +bgp community-list standard SDN_APPLIANCE_COMMUNITY permit 8075:9302 ! ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ipv6 prefix-list IPV6_64_ONLY permit ::/0 ge 64 le 64 ! route-map TO_TYCOON_ER_V6 permit 100 match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX ! route-map TO_TYCOON_ER_V6 deny 10000 ! -route-map FROM_TYCOON_ER_V6 deny 100 - match ipv6 address prefix-list DEFAULT_IPV6 -! -route-map FROM_TYCOON_ER_V6 permit 1 +route-map FROM_TYCOON_ER_V6 permit 100 set ipv6 next-hop prefer-global + on-match next ! route-map FROM_TYCOON_ER_V6 permit 200 - match community TYCOON_ER_COMMUNITY - match ipv6 address prefix-list IPV6_64_ONLY + match ipv6 address prefix-list DEFAULT_IPV6 + match community UPSTREAM_PREFIX + set local-preference 90 ! -route-map FROM_TYCOON_ER_V6 permit 300 +route-map FROM_TYCOON_ER_V6 deny 300 + match community LEAK_COMMUNITY +! +route-map FROM_TYCOON_ER_V6 permit 400 match community SDN_APPLIANCE_COMMUNITY match ipv6 address prefix-list IPV6_64_ONLY ! +route-map FROM_TYCOON_ER_V6 permit 500 + match community TYCOON_ER_COMMUNITY + match ipv6 address prefix-list IPV6_64_ONLY +! route-map FROM_TYCOON_ER_V6 deny 10000 ! ! end of template: bgpd/templates/msft.general/v6.leaf.tor.tycoon/policy.conf.j2 diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.mgmttor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.mgmttor_all.conf index 11b00fc26a03..b13464dc4628 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.mgmttor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.mgmttor_all.conf @@ -3,8 +3,12 @@ ! ! template: bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 ! -route-map FROM_TIER1_V6 permit 1 +route-map FROM_TIER1_V6 permit 100 set ipv6 next-hop prefer-global + on-match next +route-map FROM_TIER1_V6 permit 200 +! +route-map TO_TIER1_V6 permit 100 ! ! end of template: bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.tor_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.tor_all.conf index 26aa3b5920af..5d19fc98d590 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.tor_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.general/policies.conf/result_v6.tor_all.conf @@ -3,8 +3,12 @@ ! ! template: bgpd/templates/msft.general/v6.tor/policy.conf.j2 ! -route-map FROM_TIER1_V6 permit 1 +route-map FROM_TIER1_V6 permit 100 set ipv6 next-hop prefer-global + on-match next +route-map FROM_TIER1_V6 permit 200 +! +route-map TO_TIER1_V6 permit 100 ! ! end of template: bgpd/templates/msft.general/v6.tor/policy.conf.j2 ! diff --git a/src/sonic-bgpcfgd/tests/data/msft.monitors/policies.conf/result_all.conf b/src/sonic-bgpcfgd/tests/data/msft.monitors/policies.conf/result_all.conf index 2035dc59a2dc..71657ac3f057 100644 --- a/src/sonic-bgpcfgd/tests/data/msft.monitors/policies.conf/result_all.conf +++ b/src/sonic-bgpcfgd/tests/data/msft.monitors/policies.conf/result_all.conf @@ -1,9 +1,9 @@ ! ! template: bgpd/templates/msft.monitors/policies.conf.j2 ! -route-map FROM_BGPMON deny 10 +route-map FROM_BGPMON deny 100 ! -route-map TO_BGPMON permit 10 +route-map TO_BGPMON permit 100 ! ! end of template: bgpd/templates/msft.monitors/policies.conf.j2 !