aristanetworks · ClausHolbechArista · Jun 11, 2024 · May 23, 2024 · May 24, 2024 · May 24, 2024
@@ -165,6 +165,8 @@ router bgp 65101
    neighbor TEST ttl maximum-hops 42
    neighbor test-link-bandwidth1 peer group
    neighbor test-link-bandwidth1 ttl maximum-hops 1
+   neighbor test-link-bandwidth1 missing-policy address-family all include community-list prefix-list direction in action deny
+   neighbor test-link-bandwidth1 missing-policy address-family all include community-list direction out action permit
    neighbor test-link-bandwidth1 link-bandwidth default 100G
    neighbor test-link-bandwidth2 peer group
    neighbor test-link-bandwidth2 link-bandwidth
@@ -190,6 +192,8 @@ router bgp 65101
    neighbor 192.0.3.2 default-originate route-map RM-FOO-MATCH3
    neighbor 192.0.3.2 send-community extended
    neighbor 192.0.3.2 maximum-routes 10000
+   neighbor 192.0.3.2 missing-policy address-family all include community-list prefix-list direction in action deny
+   neighbor 192.0.3.2 missing-policy address-family all include community-list direction out action permit
    neighbor 192.0.3.2 link-bandwidth
    neighbor 192.0.3.3 remote-as 65434
    neighbor 192.0.3.3 rib-in pre-policy retain

@@ -182,20 +182,24 @@ router bgp 65101
    neighbor EVPN-OVERLAY-PEERS password shared-secret profile profile2 algorithm aes-128-cmac-96
    neighbor EVPN-OVERLAY-PEERS send-community
    neighbor EVPN-OVERLAY-PEERS maximum-routes 0
+   neighbor EVPN-OVERLAY-PEERS missing-policy address-family all direction out action permit
    neighbor MLAG-IPv4-UNDERLAY-PEER peer group
    neighbor MLAG-IPv4-UNDERLAY-PEER remote-as 65101
    neighbor MLAG-IPv4-UNDERLAY-PEER next-hop-self
    neighbor MLAG-IPv4-UNDERLAY-PEER password 7 <removed>
    neighbor MLAG-IPv4-UNDERLAY-PEER send-community
    neighbor MLAG-IPv4-UNDERLAY-PEER maximum-routes 12000 warning-limit 80 percent warning-only
+   neighbor MLAG-IPv4-UNDERLAY-PEER missing-policy address-family all direction in action deny
    neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-IN in
    neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-OUT out
    neighbor 192.168.255.1 peer group EVPN-OVERLAY-PEERS
    neighbor 192.168.255.1 allowas-in 5
    neighbor 192.168.255.1 password shared-secret profile profile1 algorithm aes-128-cmac-96
    neighbor 192.168.255.2 peer group EVPN-OVERLAY-PEERS
+   neighbor 192.168.255.2 missing-policy address-family all direction out action deny-in-out
    neighbor 192.168.255.3 allowas-in 5
    neighbor 192.168.255.3 maximum-routes 52000 warning-limit 2000 warning-only
+   neighbor 192.168.255.3 missing-policy address-family all direction in action deny
    !
    vlan 2488
       rd 145.245.21.0:1

@@ -33,6 +33,8 @@ router bgp 65101
    neighbor TEST ttl maximum-hops 42
    neighbor test-link-bandwidth1 peer group
    neighbor test-link-bandwidth1 ttl maximum-hops 1
+   neighbor test-link-bandwidth1 missing-policy address-family all include community-list prefix-list direction in action deny
+   neighbor test-link-bandwidth1 missing-policy address-family all include community-list direction out action permit
    neighbor test-link-bandwidth1 link-bandwidth default 100G
    neighbor test-link-bandwidth2 peer group
    neighbor test-link-bandwidth2 link-bandwidth
@@ -58,6 +60,8 @@ router bgp 65101
    neighbor 192.0.3.2 default-originate route-map RM-FOO-MATCH3
    neighbor 192.0.3.2 send-community extended
    neighbor 192.0.3.2 maximum-routes 10000
+   neighbor 192.0.3.2 missing-policy address-family all include community-list prefix-list direction in action deny
+   neighbor 192.0.3.2 missing-policy address-family all include community-list direction out action permit
    neighbor 192.0.3.2 link-bandwidth
    neighbor 192.0.3.3 remote-as 65434
    neighbor 192.0.3.3 rib-in pre-policy retain

@@ -31,20 +31,24 @@ router bgp 65101
    neighbor EVPN-OVERLAY-PEERS password shared-secret profile profile2 algorithm aes-128-cmac-96
    neighbor EVPN-OVERLAY-PEERS send-community
    neighbor EVPN-OVERLAY-PEERS maximum-routes 0
+   neighbor EVPN-OVERLAY-PEERS missing-policy address-family all direction out action permit
    neighbor MLAG-IPv4-UNDERLAY-PEER peer group
    neighbor MLAG-IPv4-UNDERLAY-PEER remote-as 65101
    neighbor MLAG-IPv4-UNDERLAY-PEER next-hop-self
    neighbor MLAG-IPv4-UNDERLAY-PEER password 7 vnEaG8gMeQf3d3cN6PktXQ==
    neighbor MLAG-IPv4-UNDERLAY-PEER send-community
    neighbor MLAG-IPv4-UNDERLAY-PEER maximum-routes 12000 warning-limit 80 percent warning-only
+   neighbor MLAG-IPv4-UNDERLAY-PEER missing-policy address-family all direction in action deny
    neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-IN in
    neighbor MLAG-IPv4-UNDERLAY-PEER route-map RM-MLAG-PEER-OUT out
    neighbor 192.168.255.1 peer group EVPN-OVERLAY-PEERS
    neighbor 192.168.255.1 allowas-in 5
    neighbor 192.168.255.1 password shared-secret profile profile1 algorithm aes-128-cmac-96
    neighbor 192.168.255.2 peer group EVPN-OVERLAY-PEERS
+   neighbor 192.168.255.2 missing-policy address-family all direction out action deny-in-out
    neighbor 192.168.255.3 allowas-in 5
    neighbor 192.168.255.3 maximum-routes 52000 warning-limit 2000 warning-only
+   neighbor 192.168.255.3 missing-policy address-family all direction in action deny
    !
    vlan 2488
       rd 145.245.21.0:1

@@ -53,6 +53,16 @@ router_bgp:
         enabled: true
         default: 100G
       ttl_maximum_hops: 1
+      missing_policy:
+        direction_in:
+          action: deny
+          include_prefix_list: True
+          include_community_list: True
+          address_family_all: True
+        direction_out:
+          action: permit
+          include_community_list: True
+          address_family_all: True
     - name: test-link-bandwidth2
       link_bandwidth:
         enabled: true
@@ -208,6 +218,16 @@ router_bgp:
         all: true
       # Testing bfd false OUTSIDE a peer group that should NOT render
       bfd: false
+      missing_policy:
+        direction_in:
+          action: deny
+          include_prefix_list: True
+          include_community_list: True
+          address_family_all: True
+        direction_out:
+          action: permit
+          include_community_list: True
+          address_family_all: True
     - ip_address: 192.0.3.3
       remote_as: 65434
       send_community: standard

@@ -24,6 +24,10 @@ router_bgp:
       password: "q+VNViP5i4rVjW1cxFv2wA=="
       send_community: all
       maximum_routes: 0
+      missing_policy:
+        direction_out:
+          action: permit
+          address_family_all: True
       allowas_in:
         enabled: true
       shared_secret:
@@ -37,6 +41,10 @@ router_bgp:
       maximum_routes: 12000
       maximum_routes_warning_limit: 80 percent
       maximum_routes_warning_only: true
+      missing_policy:
+        direction_in:
+          action: deny
+          address_family_all: True
       send_community: all
       route_map_in: RM-MLAG-PEER-IN
       route_map_out: RM-MLAG-PEER-OUT
@@ -51,11 +59,19 @@ router_bgp:
         hash_algorithm: aes-128-cmac-96
     - ip_address: 192.168.255.2
       peer_group: EVPN-OVERLAY-PEERS
+      missing_policy:
+        direction_out:
+          action: deny-in-out
+          address_family_all: True
     - ip_address: 192.168.255.3
       allowas_in:
         enabled: true
         times: 5
       maximum_routes: 52000
+      missing_policy:
+        direction_in:
+          action: deny
+          address_family_all: True
       maximum_routes_warning_limit: 2000
       maximum_routes_warning_only: true
   redistribute_routes:

@@ -86,6 +86,19 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maximum_routes</samp>](## "router_bgp.peer_groups.[].maximum_routes") | Integer |  |  | Min: 0<br>Max: 4294967294 | Maximum number of routes (0 means unlimited). |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maximum_routes_warning_limit</samp>](## "router_bgp.peer_groups.[].maximum_routes_warning_limit") | String |  |  |  | Maximum number of routes after which a warning is issued (0 means never warn) or<br>Percentage of maximum number of routes at which to warn ("<1-100> percent").<br> |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maximum_routes_warning_only</samp>](## "router_bgp.peer_groups.[].maximum_routes_warning_only") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;missing_policy</samp>](## "router_bgp.peer_groups.[].missing_policy") | Dictionary |  |  |  | Missing policy configuration. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;direction_in</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_in") | Dictionary |  |  |  | Missing policy inbound direction. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_in.action") | String | Required |  | Valid Values:<br>- <code>deny</code><br>- <code>permit</code><br>- <code>deny-in-out</code> | Missing policy action. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_community_list</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_in.include_community_list") | Boolean |  |  |  | Include community-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_prefix_list</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_in.include_prefix_list") | Boolean |  |  |  | Include prefix-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_sub_route_map</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_in.include_sub_route_map") | Boolean |  |  |  | Include sub-route-map references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;address_family_all</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_in.address_family_all") | Boolean |  | `True` | Valid Values:<br>- <code>True</code> | Include all address-families for missing policy configuration. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;direction_out</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_out") | Dictionary |  |  |  | Missing policy outbound direction. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_out.action") | String | Required |  | Valid Values:<br>- <code>deny</code><br>- <code>permit</code><br>- <code>deny-in-out</code> | Missing policy action. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_community_list</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_out.include_community_list") | Boolean |  |  |  | Include community-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_prefix_list</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_out.include_prefix_list") | Boolean |  |  |  | Include prefix-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_sub_route_map</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_out.include_sub_route_map") | Boolean |  |  |  | Include sub-route-map references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;address_family_all</samp>](## "router_bgp.peer_groups.[].missing_policy.direction_out.address_family_all") | Boolean |  | `True` | Valid Values:<br>- <code>True</code> | Include all address-families for missing policy configuration. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;link_bandwidth</samp>](## "router_bgp.peer_groups.[].link_bandwidth") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;enabled</samp>](## "router_bgp.peer_groups.[].link_bandwidth.enabled") | Boolean |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;default</samp>](## "router_bgp.peer_groups.[].link_bandwidth.default") | String |  |  |  | nn.nn(K|M|G) link speed in bits/second. |
@@ -137,6 +150,19 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maximum_routes</samp>](## "router_bgp.neighbors.[].maximum_routes") | Integer |  |  | Min: 0<br>Max: 4294967294 | Maximum number of routes (0 means unlimited). |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maximum_routes_warning_limit</samp>](## "router_bgp.neighbors.[].maximum_routes_warning_limit") | String |  |  |  | Maximum number of routes after which a warning is issued (0 means never warn) or<br>Percentage of maximum number of routes at which to warn ("<1-100> percent").<br> |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maximum_routes_warning_only</samp>](## "router_bgp.neighbors.[].maximum_routes_warning_only") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;missing_policy</samp>](## "router_bgp.neighbors.[].missing_policy") | Dictionary |  |  |  | Missing policy configuration. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;direction_in</samp>](## "router_bgp.neighbors.[].missing_policy.direction_in") | Dictionary |  |  |  | Missing policy inbound direction. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "router_bgp.neighbors.[].missing_policy.direction_in.action") | String | Required |  | Valid Values:<br>- <code>deny</code><br>- <code>permit</code><br>- <code>deny-in-out</code> | Missing policy action. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_community_list</samp>](## "router_bgp.neighbors.[].missing_policy.direction_in.include_community_list") | Boolean |  |  |  | Include community-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_prefix_list</samp>](## "router_bgp.neighbors.[].missing_policy.direction_in.include_prefix_list") | Boolean |  |  |  | Include prefix-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_sub_route_map</samp>](## "router_bgp.neighbors.[].missing_policy.direction_in.include_sub_route_map") | Boolean |  |  |  | Include sub-route-map references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;address_family_all</samp>](## "router_bgp.neighbors.[].missing_policy.direction_in.address_family_all") | Boolean |  | `True` | Valid Values:<br>- <code>True</code> | Include all address-families for missing policy configuration. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;direction_out</samp>](## "router_bgp.neighbors.[].missing_policy.direction_out") | Dictionary |  |  |  | Missing policy outbound direction. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "router_bgp.neighbors.[].missing_policy.direction_out.action") | String | Required |  | Valid Values:<br>- <code>deny</code><br>- <code>permit</code><br>- <code>deny-in-out</code> | Missing policy action. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_community_list</samp>](## "router_bgp.neighbors.[].missing_policy.direction_out.include_community_list") | Boolean |  |  |  | Include community-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_prefix_list</samp>](## "router_bgp.neighbors.[].missing_policy.direction_out.include_prefix_list") | Boolean |  |  |  | Include prefix-list references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;include_sub_route_map</samp>](## "router_bgp.neighbors.[].missing_policy.direction_out.include_sub_route_map") | Boolean |  |  |  | Include sub-route-map references in missing policy decision. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;address_family_all</samp>](## "router_bgp.neighbors.[].missing_policy.direction_out.address_family_all") | Boolean |  | `True` | Valid Values:<br>- <code>True</code> | Include all address-families for missing policy configuration. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;allowas_in</samp>](## "router_bgp.neighbors.[].allowas_in") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;enabled</samp>](## "router_bgp.neighbors.[].allowas_in.enabled") | Boolean |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;times</samp>](## "router_bgp.neighbors.[].allowas_in.times") | Integer |  |  | Min: 1<br>Max: 10 | Number of local ASNs allowed in a BGP update. |
@@ -1010,6 +1036,45 @@
           # Percentage of maximum number of routes at which to warn ("<1-100> percent").
           maximum_routes_warning_limit: <str>
           maximum_routes_warning_only: <bool>
+
+          # Missing policy configuration.
+          missing_policy:
+
+            # Missing policy inbound direction.
+            direction_in:
+
+              # Missing policy action.
+              action: <str; "deny" | "permit" | "deny-in-out"; required>
+
+              # Include community-list references in missing policy decision.
+              include_community_list: <bool>
+
+              # Include prefix-list references in missing policy decision.
+              include_prefix_list: <bool>
+
+              # Include sub-route-map references in missing policy decision.
+              include_sub_route_map: <bool>
+
+              # Include all address-families for missing policy configuration.
+              address_family_all: <bool; True; default=True>
+
+            # Missing policy outbound direction.
+            direction_out:
+
+              # Missing policy action.
+              action: <str; "deny" | "permit" | "deny-in-out"; required>
+
+              # Include community-list references in missing policy decision.
+              include_community_list: <bool>
+
+              # Include prefix-list references in missing policy decision.
+              include_prefix_list: <bool>
+
+              # Include sub-route-map references in missing policy decision.
+              include_sub_route_map: <bool>
+
+              # Include all address-families for missing policy configuration.
+              address_family_all: <bool; True; default=True>
           link_bandwidth:
             enabled: <bool>
 
@@ -1121,6 +1186,45 @@
           # Percentage of maximum number of routes at which to warn ("<1-100> percent").
           maximum_routes_warning_limit: <str>
           maximum_routes_warning_only: <bool>
+
+          # Missing policy configuration.
+          missing_policy:
+
+            # Missing policy inbound direction.
+            direction_in:
+
+              # Missing policy action.
+              action: <str; "deny" | "permit" | "deny-in-out"; required>
+
+              # Include community-list references in missing policy decision.
+              include_community_list: <bool>
+
+              # Include prefix-list references in missing policy decision.
+              include_prefix_list: <bool>
+
+              # Include sub-route-map references in missing policy decision.
+              include_sub_route_map: <bool>
+
+              # Include all address-families for missing policy configuration.
+              address_family_all: <bool; True; default=True>
+
+            # Missing policy outbound direction.
+            direction_out:
+
+              # Missing policy action.
+              action: <str; "deny" | "permit" | "deny-in-out"; required>
+
+              # Include community-list references in missing policy decision.
+              include_community_list: <bool>
+
+              # Include prefix-list references in missing policy decision.
+              include_prefix_list: <bool>
+
+              # Include sub-route-map references in missing policy decision.
+              include_sub_route_map: <bool>
+
+              # Include all address-families for missing policy configuration.
+              address_family_all: <bool; True; default=True>
           allowas_in:
             enabled: <bool>