Merge pull request #14420 from opensourcerouting/fix/remove_private_asn_after_route_map

bgpd: Remove private ASNs after we modify the as-path with the route-map

5 files changed, 122 insertions, 3 deletions

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 227a68ee5..df3397af9 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -2378,9 +2378,6 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi,
 	    bgp_otc_egress(peer, attr))
 		return false;
 
-	bgp_peer_remove_private_as(bgp, afi, safi, peer, attr);
-	bgp_peer_as_override(bgp, afi, safi, peer, attr);
-
 	if (filter->advmap.update_type == UPDATE_TYPE_WITHDRAW &&
 	    filter->advmap.aname &&
 	    route_map_lookup_by_name(filter->advmap.aname)) {
@@ -2453,6 +2450,9 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi,
 		}
 	}
 
+	bgp_peer_remove_private_as(bgp, afi, safi, peer, attr);
+	bgp_peer_as_override(bgp, afi, safi, peer, attr);
+
 	/* RFC 8212 to prevent route leaks.
 	 * This specification intends to improve this situation by requiring the
 	 * explicit configuration of both BGP Import and Export Policies for any
diff --git a/tests/topotests/bgp_remove_private_as_route_map/__init__.py b/tests/topotests/bgp_remove_private_as_route_map/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/tests/topotests/bgp_remove_private_as_route_map/__init__.py
diff --git a/tests/topotests/bgp_remove_private_as_route_map/r1/frr.conf b/tests/topotests/bgp_remove_private_as_route_map/r1/frr.conf
new file mode 100644
index 000000000..b2dba7d3f
--- /dev/null
+++ b/tests/topotests/bgp_remove_private_as_route_map/r1/frr.conf
@@ -0,0 +1,10 @@
+!
+int r1-eth0
+ ip address 192.168.1.1/24
+!
+router bgp 65001
+ no bgp ebgp-requires-policy
+ neighbor 192.168.1.2 remote-as external
+ neighbor 192.168.1.2 timers 1 3
+ neighbor 192.168.1.2 timers connect 1
+!
diff --git a/tests/topotests/bgp_remove_private_as_route_map/r2/frr.conf b/tests/topotests/bgp_remove_private_as_route_map/r2/frr.conf
new file mode 100644
index 000000000..9c423cea8
--- /dev/null
+++ b/tests/topotests/bgp_remove_private_as_route_map/r2/frr.conf
@@ -0,0 +1,19 @@
+!
+int r2-eth0
+ ip address 192.168.1.2/24
+ ip address 192.168.2.1/32
+!
+router bgp 65002
+ no bgp ebgp-requires-policy
+ neighbor 192.168.1.1 remote-as external
+ neighbor 192.168.1.1 timers 1 3
+ neighbor 192.168.1.1 timers connect 1
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor 192.168.1.1 route-map r1 out
+  neighbor 192.168.1.1 remove-private-AS all
+ exit-address-family
+!
+route-map r1 permit 10
+ set as-path prepend 65123 4200000001
+!
diff --git a/tests/topotests/bgp_remove_private_as_route_map/test_bgp_remove_private_as_route_map.py b/tests/topotests/bgp_remove_private_as_route_map/test_bgp_remove_private_as_route_map.py
new file mode 100644
index 000000000..2ae6f7fc9
--- /dev/null
+++ b/tests/topotests/bgp_remove_private_as_route_map/test_bgp_remove_private_as_route_map.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python
+# SPDX-License-Identifier: ISC
+
+# Copyright (c) 2023 by
+# Donatas Abraitis <donatas@opensourcerouting.org>
+#
+
+"""
+Test if private AS is removed from AS_PATH attribute when route-map is used (prepend).
+"""
+
+import os
+import re
+import sys
+import json
+import pytest
+import functools
+
+pytestmark = pytest.mark.bgpd
+
+CWD = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(os.path.join(CWD, "../"))
+
+# pylint: disable=C0413
+from lib import topotest
+from lib.topogen import Topogen, TopoRouter, get_topogen
+
+pytestmark = [pytest.mark.bgpd]
+
+
+def build_topo(tgen):
+    for routern in range(1, 3):
+        tgen.add_router("r{}".format(routern))
+
+    switch = tgen.add_switch("s1")
+    switch.add_link(tgen.gears["r1"])
+    switch.add_link(tgen.gears["r2"])
+
+
+def setup_module(mod):
+    tgen = Topogen(build_topo, mod.__name__)
+    tgen.start_topology()
+
+    router_list = tgen.routers()
+
+    for i, (rname, router) in enumerate(router_list.items(), 1):
+        router.load_frr_config(os.path.join(CWD, "{}/frr.conf".format(rname)))
+
+    tgen.start_router()
+
+
+def teardown_module(mod):
+    tgen = get_topogen()
+    tgen.stop_topology()
+
+
+def test_bgp_remove_private_as_route_map():
+    tgen = get_topogen()
+
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    r1 = tgen.gears["r1"]
+
+    def _check_routes():
+        output = json.loads(r1.vtysh_cmd("show bgp ipv4 unicast json"))
+        expected = {
+            "routes": {
+                "192.168.2.1/32": [
+                    {
+                        "valid": True,
+                        "path": "65002",
+                    }
+                ]
+            }
+        }
+        return topotest.json_cmp(output, expected)
+
+    test_func = functools.partial(
+        _check_routes,
+    )
+    _, result = topotest.run_and_expect(test_func, None, count=30, wait=1)
+    assert (
+        result is None
+    ), "65123 4200000001 ASNs should be removed from AS_PATH attribute"
+
+
+if __name__ == "__main__":
+    args = ["-s"] + sys.argv[1:]
+    sys.exit(pytest.main(args))