diff options
| author | Donatas Abraitis <donatas@opensourcerouting.org> | 2024-11-17 13:41:05 +0100 |
|---|---|---|
| committer | Donatas Abraitis <donatas@opensourcerouting.org> | 2024-11-17 13:41:05 +0100 |
| commit | 2dc7db925139403a0407aa1d15ede3770d1ff07a (patch) | |
| tree | 0b113e2b014e2659548fc18ef15eb718d264338d /bgpd/bgp_route.c | |
| parent | Merge pull request #17445 from cscarpitta/fix/sharp-use-ipv6-max-bitlen (diff) | |
| download | frr-2dc7db925139403a0407aa1d15ede3770d1ff07a.tar.xz frr-2dc7db925139403a0407aa1d15ede3770d1ff07a.zip | |
bgpd: Optimize the outbound path if RFC8212 is applied
If we have (default enabled) enabled `bgp ebgp-require-policy`, then first check
it before applying the route-maps.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Diffstat (limited to '')
| -rw-r--r-- | bgpd/bgp_route.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 7e5f8663a..72e798a7e 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -2326,6 +2326,27 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi, } } + /* RFC 8212 to prevent route leaks. + * This specification intends to improve this situation by requiring the + * explicit configuration of both BGP Import and Export Policies for any + * External BGP (EBGP) session such as customers, peers, or + * confederation boundaries for all enabled address families. Through + * codification of the aforementioned requirement, operators will + * benefit from consistent behavior across different BGP + * implementations. + */ + if (CHECK_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY)) + if (!bgp_outbound_policy_exists(peer, filter)) { + if (monotime_since(&bgp->ebgprequirespolicywarning, NULL) > + FIFTEENMINUTE2USEC || + bgp->ebgprequirespolicywarning.tv_sec == 0) { + zlog_warn("%pBP [Update:SEND] %pFX EBGP outbound policy not properly setup, please configure in order for your peering to work correctly", + peer, p); + monotime(&bgp->ebgprequirespolicywarning); + } + return false; + } + /* Output filter check. */ if (bgp_output_filter(peer, p, piattr, afi, safi) == FILTER_DENY) { if (bgp_debug_update(NULL, p, subgrp->update_group, 0)) @@ -2580,27 +2601,6 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi, bgp_peer_remove_private_as(bgp, afi, safi, peer, attr); bgp_peer_as_override(bgp, afi, safi, peer, attr); - /* RFC 8212 to prevent route leaks. - * This specification intends to improve this situation by requiring the - * explicit configuration of both BGP Import and Export Policies for any - * External BGP (EBGP) session such as customers, peers, or - * confederation boundaries for all enabled address families. Through - * codification of the aforementioned requirement, operators will - * benefit from consistent behavior across different BGP - * implementations. - */ - if (CHECK_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY)) - if (!bgp_outbound_policy_exists(peer, filter)) { - if (monotime_since(&bgp->ebgprequirespolicywarning, - NULL) > FIFTEENMINUTE2USEC || - bgp->ebgprequirespolicywarning.tv_sec == 0) { - zlog_warn("%pBP [Update:SEND] %pFX EBGP outbound policy not properly setup, please configure in order for your peering to work correctly", - peer, p); - monotime(&bgp->ebgprequirespolicywarning); - } - return false; - } - /* draft-ietf-idr-deprecate-as-set-confed-set * Filter routes having AS_SET or AS_CONFED_SET in the path. * Eventually, This document (if approved) updates RFC 4271 |