sonic-net · pavel-shirshov · Apr 23, 2020 · May 8, 2020 · May 8, 2020 · May 9, 2020
diff --git a/dockers/docker-fpm-quagga/bgpcfgd b/dockers/docker-fpm-quagga/bgpcfgd
diff --git a/dockers/docker-fpm-quagga/bgpd.conf.j2 b/dockers/docker-fpm-quagga/bgpd.conf.j2
@@ -50,6 +50,7 @@ router bgp {{ DEVICE_METADATA['localhost']['bgp_asn'] }}
   exit-address-family
 {% endif %}
 {% endfor %}
+  maximum-paths 64
 {% endblock bgp_init %}
 {% endif %}
 {% block vlan_advertisement %}
@@ -126,9 +127,41 @@ router bgp {{ DEVICE_METADATA['localhost']['bgp_asn'] }}
 {% endblock bgp_monitors %}
 !
 {% if DEVICE_METADATA['localhost'].has_key('bgp_asn') %}
-maximum-paths 64
-!
 route-map ISOLATE permit 10
-set as-path prepend {{ DEVICE_METADATA['localhost']['bgp_asn'] }}
+ set as-path prepend {{ DEVICE_METADATA['localhost']['bgp_asn'] }}
+!
+{% endif %}
+!
+{% if allow_list_enabled %}
+route-map FROM_PEER_V4 permit 1
+  call ALLOW_LIST_V4
+  on-match next
+!
+{% endif %}
+route-map FROM_PEER_V4 permit 10
+!
+{% if allow_list_enabled %}
+route-map FROM_PEER_V6 permit 1
+  call ALLOW_LIST_V6
+  on-match next
+!
+{% endif %}
+route-map FROM_PEER_V6 permit 10
+!
+{% if allow_list_enabled %}
+route-map ALLOW_LIST_V4 {{ allow_list_default_action }} 65535
+{%   if allow_list_default_action.strip() == 'permit' %}
+  set community {{ allow_list_drop_prefix }} additive
+{%   endif %}
+!
+route-map ALLOW_LIST_V6 {{ allow_list_default_action }} 65535
+{%   if allow_list_default_action.strip() == 'permit' %}
+  set community {{ allow_list_drop_prefix }} additive
+{%   endif %}
+!
+ip prefix-list ALLOW_ADDRESS_ALLOW_ALL_V4 seq 10 permit any
+!
+ipv6 prefix-list ALLOW_ADDRESS_ALLOW_ALL_V6 seq 10 permit any
+!
 {% endif %}
 !
diff --git a/dockers/docker-fpm-quagga/bgpd.peer.conf.j2 b/dockers/docker-fpm-quagga/bgpd.peer.conf.j2
@@ -17,6 +17,7 @@
 {% endif %}
     neighbor {{ neighbor_addr }} activate
     neighbor {{ neighbor_addr }} soft-reconfiguration inbound
+    neighbor {{ neighbor_addr }} route-map FROM_PEER_V4 in
     maximum-paths 64
   exit-address-family
 {% endif %}
@@ -27,6 +28,7 @@
 {% endif %}
     neighbor {{ neighbor_addr }} activate
     neighbor {{ neighbor_addr }} soft-reconfiguration inbound
+    neighbor {{ neighbor_addr }} route-map FROM_PEER_V6 in
     maximum-paths 64
   exit-address-family
 {% endif %}

diff --git a/files/image_config/asn/deployment_id_asn_map.yml b/files/image_config/asn/deployment_id_asn_map.yml
@@ -1,2 +1,6 @@
 deployment_id_asn_map:
   "1" : 65432
+
+allow_list_enabled: true
+allow_list_default_action: permit   # or deny
+allow_list_drop_prefix: 5060:12345  # value of the community to identify a prefix to drop. Make sense only with allow_list_default_action equal to 'permit'
diff --git a/src/sonic-config-engine/tests/sample_output/bgpd_quagga.conf b/src/sonic-config-engine/tests/sample_output/bgpd_quagga.conf
@@ -31,6 +31,7 @@ router bgp 65100
   address-family ipv6
     network fc00:1::32/64
   exit-address-family
+  maximum-paths 64
   network 192.168.0.1/27
   neighbor BGPMON peer-group
   neighbor BGPMON activate
@@ -47,8 +48,30 @@ router bgp 65100
     neighbor 10.20.30.40 activate
   exit-address-family
 !
-maximum-paths 64
-!
 route-map ISOLATE permit 10
-set as-path prepend 65100
+ set as-path prepend 65100
+!
+!
+route-map FROM_PEER_V4 permit 1
+  call ALLOW_LIST_V4
+  on-match next
+!
+route-map FROM_PEER_V4 permit 10
+!
+route-map FROM_PEER_V6 permit 1
+  call ALLOW_LIST_V6
+  on-match next
+!
+route-map FROM_PEER_V6 permit 10
+!
+route-map ALLOW_LIST_V4 permit 65535
+  set community 5060:12345 additive
+!
+route-map ALLOW_LIST_V6 permit 65535
+  set community 5060:12345 additive
+!
+ip prefix-list ALLOW_ADDRESS_ALLOW_ALL_V4 seq 10 permit any
+!
+ipv6 prefix-list ALLOW_ADDRESS_ALLOW_ALL_V6 seq 10 permit any
+!
 !
diff --git a/src/sonic-config-engine/tests/test_j2files.py b/src/sonic-config-engine/tests/test_j2files.py
@@ -17,6 +17,7 @@ def setUp(self):
         self.t1_mlnx_minigraph = os.path.join(self.test_dir, 't1-sample-graph-mlnx.xml')
         self.mlnx_port_config = os.path.join(self.test_dir, 'sample-port-config-mlnx.ini')
         self.dell6100_t0_minigraph = os.path.join(self.test_dir, 'sample-dell-6100-t0-minigraph.xml')
+        self.deployment_id = os.path.join(self.test_dir, "../../../files/image_config/asn/deployment_id_asn_map.yml")
         self.arista7050_t0_minigraph = os.path.join(self.test_dir, 'sample-arista-7050-t0-minigraph.xml')
         self.output_file = os.path.join(self.test_dir, 'output')
 
@@ -60,7 +61,7 @@ def test_lldp(self):
 
     def test_bgpd_quagga(self):
         conf_template = os.path.join(self.test_dir, '..', '..', '..', 'dockers', 'docker-fpm-quagga', 'bgpd.conf.j2')
-        argument = '-m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -t ' + conf_template + ' > ' + self.output_file
+        argument = '-y ' + self.deployment_id + ' -m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -t ' + conf_template + ' > ' + self.output_file
         self.run_script(argument)
         original_filename = os.path.join(self.test_dir, 'sample_output', 'bgpd_quagga.conf')
         r = filecmp.cmp(original_filename, self.output_file)