Merge pull request #158 from natesales/roles

natesales · web-flow · commit b28929338020 · 2023-02-04T03:45:45.000-05:00
feat: RFC 9234 BGP role support (#156)
diff --git a/docs/docs/configuration.md b/docs/docs/configuration.md
@@ -1247,6 +1247,22 @@ AS set members (For filter-as-set)
 |------|---------|------------|
 | []uint32   |       |          |
 
+### `role`
+
+RFC 9234 Local BGP role
+
+| Type | Default | Validation |
+|------|---------|------------|
+| string   |       |          |
+
+### `require-roles`
+
+Require RFC 9234 BGP roles
+
+| Type | Default | Validation |
+|------|---------|------------|
+| bool   | false      |          |
+
 ### `announce-default`
 
 Should a default route be exported to this peer?
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -195,6 +195,9 @@ type Peer struct {
 	Prefixes     *[]string `yaml:"prefixes" description:"Prefixes to accept" default:"-"`
 	ASSetMembers *[]uint32 `yaml:"as-set-members" description:"AS set members (For filter-as-set)" default:"-"`
 
+	Role         *string `yaml:"role" description:"RFC 9234 Local BGP role" default:"-"`
+	RequireRoles *bool   `yaml:"require-roles" description:"Require RFC 9234 BGP roles" default:"false"`
+
 	// Export options
 	AnnounceDefault    *bool `yaml:"announce-default" description:"Should a default route be exported to this peer?" default:"false"`
 	AnnounceOriginated *bool `yaml:"announce-originated" description:"Should locally originated routes be announced to this peer?" default:"true"`
diff --git a/pkg/embed/templates/peer.tmpl b/pkg/embed/templates/peer.tmpl
@@ -52,6 +52,8 @@ protocol bgp {{ UniqueProtocolName $peer.ProtocolName $af $peer.ASN }} {
     {{ if BoolDeref $peer.AllowLocalAS }}allow local as ASN;{{ end }}
     {{ if BoolDeref $peer.TTLSecurity }}ttl security on;{{ end }}
     {{ if BoolDeref $peer.ConfederationMember }}confederation member yes;{{ end }}
+    {{ if StrDeref $peer.Role }}local role {{ StrDeref $peer.Role }};{{ end }}
+    {{ if BoolDeref $peer.RequireRoles }}require roles;{{ end }}
     {{ if not (BoolDeref $peer.InterpretCommunities) }}interpret communities off;{{ end }}
     {{ if IntDeref $peer.Confederation }}confederation {{ IntDeref $peer.Confederation }};{{ end }}
     {{ if IntDeref $peer.DefaultLocalPref }}default bgp_local_pref {{ IntDeref $peer.DefaultLocalPref }};{{ end }}
diff --git a/pkg/process/process.go b/pkg/process/process.go
@@ -286,6 +286,19 @@ func Load(configBlob []byte) (*config.Config, error) {
 				}
 			}
 		}
+
+		// Validate RFC 9234 BGP role
+		if peerData.Role != nil {
+			peerData.Role = util.Ptr(strings.ReplaceAll(*peerData.Role, "-", "_"))
+			if *peerData.Role != "rs_server" && *peerData.Role != "rs_client" && *peerData.Role != "customer" && *peerData.Role != "peer" {
+				return nil, fmt.Errorf("[%s] Invalid BGP role: %s (must be one of rs-server, rs-client, customer, peer)", *peerData.Role, peerName)
+			}
+		}
+		requireRoles := peerData.RequireRoles != nil && *peerData.RequireRoles
+		if requireRoles && peerData.Role == nil {
+			return nil, fmt.Errorf("[%s] require-roles set but no role specified", peerName)
+		}
+
 	} // end peer list
 
 	// Parse origin routes by assembling OriginIPv{4,6} lists by address family
diff --git a/tests/generate-complex.yml b/tests/generate-complex.yml
@@ -97,3 +97,5 @@ peers:
       - 65510
       - 65530
     filter-aspa: true
+    require-roles: true
+    role: peer

Original file line number	Diff line number	Diff line change
`@@ -286,6 +286,19 @@ func Load(configBlob []byte) (*config.Config, error) {`
`286`	`286`	`}`
`287`	`287`	`}`
`288`	`288`	`}`
	`289`	`+`
	`290`	`+ // Validate RFC 9234 BGP role`
	`291`	`+ if peerData.Role != nil {`
	`292`	`+ peerData.Role = util.Ptr(strings.ReplaceAll(*peerData.Role, "-", "_"))`
	`293`	`+ if peerData.Role != "rs_server" && peerData.Role != "rs_client" && peerData.Role != "customer" && peerData.Role != "peer" {`
	`294`	`+ return nil, fmt.Errorf("[%s] Invalid BGP role: %s (must be one of rs-server, rs-client, customer, peer)", *peerData.Role, peerName)`
	`295`	`+ }`
	`296`	`+ }`
	`297`	`+ requireRoles := peerData.RequireRoles != nil && *peerData.RequireRoles`
	`298`	`+ if requireRoles && peerData.Role == nil {`
	`299`	`+ return nil, fmt.Errorf("[%s] require-roles set but no role specified", peerName)`
	`300`	`+ }`
	`301`	`+`
`289`	`302`	`} // end peer list`
`290`	`303`
`291`	`304`	`// Parse origin routes by assembling OriginIPv{4,6} lists by address family`