Prioritise static BGP filters over user defined ones

confd/etc/calico/confd/templates/bird.cfg.template

@@ -252,6 +252,7 @@ protocol bgp Global_{{$id}} from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
+    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     {{- range $filter := $data.filters }}
     {{- $filterKey := printf "/resources/v3/projectcalico.org/bgpfilters/%s" $filter }}
     {{- if exists $filterKey }}
@@ -261,7 +262,6 @@ protocol bgp Global_{{$id}} from bgp_template {
     {{- end }}
     {{- end }}
     {{- end }}
-    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     reject;{{/* Prior to introduction of BGP Filters anything not explicitly exported through calico_export_to_bgp_peers()
                 was rejected so use default reject behaviour on export */}}
   };  # Only want to export routes for workloads.
@@ -333,6 +333,7 @@ protocol bgp Local_Workload_{{$id}} from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
+    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     {{- range $filter := $data.filters }}
     {{- $filterKey := printf "/resources/v3/projectcalico.org/bgpfilters/%s" $filter }}
     {{- if exists $filterKey }}
@@ -342,7 +343,6 @@ protocol bgp Local_Workload_{{$id}} from bgp_template {
     {{- end }}
     {{- end }}
     {{- end }}
-    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     reject;{{/* Prior to introduction of BGP Filters anything not explicitly exported through calico_export_to_bgp_peers()
                 was rejected so use default reject behaviour on export */}}
   };  # Only want to export routes for workloads.
@@ -414,6 +414,7 @@ protocol bgp Node_{{$id}} from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
+    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     {{- range $filter := $data.filters }}
     {{- $filterKey := printf "/resources/v3/projectcalico.org/bgpfilters/%s" $filter }}
     {{- if exists $filterKey }}
@@ -423,7 +424,6 @@ protocol bgp Node_{{$id}} from bgp_template {
     {{- end }}
     {{- end }}
     {{- end }}
-    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     reject;{{/* Prior to introduction of BGP Filters anything not explicitly exported through calico_export_to_bgp_peers()
                 was rejected so use default reject behaviour on export */}}
   };  # Only want to export routes for workloads.
@@ -493,6 +493,7 @@ protocol bgp Local_Workload_{{$id}} from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
+    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     {{- range $filter := $data.filters }}
     {{- $filterKey := printf "/resources/v3/projectcalico.org/bgpfilters/%s" $filter }}
     {{- if exists $filterKey }}
@@ -502,7 +503,6 @@ protocol bgp Local_Workload_{{$id}} from bgp_template {
     {{- end }}
     {{- end }}
     {{- end }}
-    calico_export_to_bgp_peers({{eq $data.as_num $node_as_num}});
     reject;{{/* Prior to introduction of BGP Filters anything not explicitly exported through calico_export_to_bgp_peers()
                 was rejected so use default reject behaviour on export */}}
   };  # Only want to export routes for workloads.

confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird.cfg

@@ -83,6 +83,8 @@ function 'bgp_export-only-filter-2_exportFilterV4'() {
 # No global peers configured.
 
 
+
+
 # ------------- Node-specific peers -------------
 
 
@@ -98,8 +100,8 @@ protocol bgp Node_10_192_0_3 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_export-only-filter-1_exportFilterV4'();
     calico_export_to_bgp_peers(false);
+    'bgp_export-only-filter-1_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
@@ -115,11 +117,24 @@ protocol bgp Node_10_192_0_4 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_export-only-filter-2_exportFilterV4'();
     calico_export_to_bgp_peers(false);
+    'bgp_export-only-filter-2_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+

confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird.cfg

@@ -90,8 +90,8 @@ protocol bgp Global_10_192_0_3 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_export-only-filter_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_export-only-filter_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
@@ -107,16 +107,34 @@ protocol bgp Global_10_192_0_4 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_export-only-filter_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_export-only-filter_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
 
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 # ------------- Node-specific peers -------------
 
 # No node-specific peers configured.
 
+
+
+
+

confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird.cfg

@@ -97,8 +97,8 @@ protocol bgp Global_10_192_0_3 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
@@ -115,16 +115,34 @@ protocol bgp Global_10_192_0_4 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
 
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 # ------------- Node-specific peers -------------
 
 # No node-specific peers configured.
 
+
+
+
+

confd/tests/compiled_templates/bgpfilter/filter_names/bird.cfg

@@ -113,10 +113,10 @@ protocol bgp Global_10_192_0_3 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
+    calico_export_to_bgp_peers(true);
     'bgp_45characters.exactly.so.should.not.truncate-1_exportFilterV4'();
     'bgp_46characters.exactly.so.shou_9615CBDC00BAC628_exportFilterV4'();
     'bgp_greater-than-64-characters.s_4C5DB3273E544641_exportFilterV4'();
-    calico_export_to_bgp_peers(true);
     reject;
   };  # Only want to export routes for workloads.
 }
@@ -135,18 +135,36 @@ protocol bgp Global_10_192_0_4 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
+    calico_export_to_bgp_peers(true);
     'bgp_45characters.exactly.so.should.not.truncate-1_exportFilterV4'();
     'bgp_46characters.exactly.so.shou_9615CBDC00BAC628_exportFilterV4'();
     'bgp_greater-than-64-characters.s_4C5DB3273E544641_exportFilterV4'();
-    calico_export_to_bgp_peers(true);
     reject;
   };  # Only want to export routes for workloads.
 }
 
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 # ------------- Node-specific peers -------------
 
 # No node-specific peers configured.
 
+
+
+
+

confd/tests/compiled_templates/bgpfilter/match_interface/bird.cfg

@@ -97,8 +97,8 @@ protocol bgp Global_10_192_0_3 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter-match-interface_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter-match-interface_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
@@ -115,16 +115,34 @@ protocol bgp Global_10_192_0_4 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter-match-interface_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter-match-interface_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
 
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 # ------------- Node-specific peers -------------
 
 # No node-specific peers configured.
 
+
+
+
+

confd/tests/compiled_templates/bgpfilter/match_operators/bird.cfg

@@ -97,8 +97,8 @@ protocol bgp Global_10_192_0_3 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter-match-operators_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter-match-operators_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
@@ -115,16 +115,34 @@ protocol bgp Global_10_192_0_4 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter-match-operators_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter-match-operators_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
 
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 # ------------- Node-specific peers -------------
 
 # No node-specific peers configured.
 
+
+
+
+

confd/tests/compiled_templates/bgpfilter/match_source/bird.cfg

@@ -93,8 +93,8 @@ protocol bgp Global_10_192_0_3 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter-match-source_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter-match-source_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
@@ -111,16 +111,34 @@ protocol bgp Global_10_192_0_4 from bgp_template {
     accept; # Prior to introduction of BGP Filters we used "import all" so use default accept behaviour on import
   };
   export filter {
-    'bgp_test-filter-match-source_exportFilterV4'();
     calico_export_to_bgp_peers(true);
+    'bgp_test-filter-match-source_exportFilterV4'();
     reject;
   };  # Only want to export routes for workloads.
 }
 
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 # ------------- Node-specific peers -------------
 
 # No node-specific peers configured.
 
+
+
+
+