Skip to content

[bgp] Add 'allow list' manager feature #5513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Oct 2, 2020
Merged

[bgp] Add 'allow list' manager feature #5513

merged 21 commits into from
Oct 2, 2020

Conversation

pavel-shirshov
Copy link
Contributor

@pavel-shirshov pavel-shirshov commented Sep 30, 2020
edited
Loading

This PR implements a new feature: "BGP Allow list." The previous PR was reverted because installation of swsscommon module interfere with thermalcontrol tests.

This feature allows us to control which IP prefixes are going to be advertised via ebgp from the routes received from EBGP neighbors.

The feature can be enabled or disabled using "allow_list_enabled" flag in the /etc/sonic/deployment_id_asn_map.yml`

There is another flag for the feature: default_action. When this flag is equal "permit", this feature will not drop any BGP prefixes. The prefixes will be marked with drop_community. It is useful for debugging. But when the flag is equal to "deny", all prefixes, which are not explicitly listed as "Allowed" will be marked with no-export community which prevent them from being exported to ebgp neighbors.

We use prefix-lists for each list of filtered prefixes. You can add default entries which are going to be inserted to the prefix-list to default_pl_rules

We can control the feature by using the following schema:

{
    "BGP_ALLOWED_PREFIXES": {
        "DEPLOYMENT_ID|0|1010:1010": {
            "prefixes_v4": [
                "10.20.0.0/16",
                "10.50.1.0/29"
            ],
            "prefixes_v6": [
                "fc01:10::/64",
                "fc02:20::/64"
            ]
        },
        "DEPLOYMENT_ID|0": {
            "prefixes_v4": [
                "10.20.0.0/16",
                "10.50.1.0/29"
            ],
            "prefixes_v6": [
                "fc01:10::/64",
                "fc02:20::/64"
            ]
        }
    }
}

The schema above means the following:

  1. For BGP neighbors with deployment_id 0 (currently we have all our neighbors under deployment_id 0 in this repo) do the following:
    a. Import IPv4 prefixes "10.20.0.0/16" and "10.50.1.0/29" only if they have associated BGP community "1010:1010".
    b. Import IPv6 prefixes "fc01:10::/64" and "fc02:20::/64" only if they have associated BGP community "1010:1010".
    c. Import IPv4 prefixes "10.20.0.0/16" and "10.50.1.0/29". The community is not required.
    d. Import IPv6 prefixes "fc01:10::/64" and "fc02:20::/64". The community is not required.

All other prefixes will be either marked or dropped (depends on the "default_action" flag. see above for "allow_list_default_action").

When BGP starts and this feature is enabled, all prefixes are going to be either marked with the community or marked with "no-export" community. That depends on "default_action" flag.

The following BGP configuration is generated by default:

!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
 set community 5060:12345 additive
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
 set community 5060:12345 additive
!
!
!
route-map FROM_BGP_PEER_V4 permit 2
 call ALLOW_LIST_DEPLOYMENT_ID_0_V4
 on-match next
!
route-map FROM_BGP_PEER_V4 permit 100
!
!
!
route-map FROM_BGP_PEER_V6 permit 1
 set ipv6 next-hop prefer-global 
!
route-map FROM_BGP_PEER_V6 permit 2
 call ALLOW_LIST_DEPLOYMENT_ID_0_V6
 on-match next
!
route-map FROM_BGP_PEER_V6 permit 100
!

When we apply the configuration you can find on the top of this PR description, the following BGP configuration will be generated.

!
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4 seq 10 deny 0.0.0.0/0 le 17
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4 seq 20 permit 127.0.0.1/32
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4 seq 30 permit 10.20.0.0/16 ge 17
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4 seq 40 permit 10.50.1.0/29 ge 30
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4 seq 10 deny 0.0.0.0/0 le 17
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4 seq 20 permit 127.0.0.1/32
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4 seq 30 permit 10.20.0.0/16 ge 17
ip prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4 seq 40 permit 10.50.1.0/29 ge 30
!
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6 seq 10 deny ::/0 le 59
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6 seq 20 deny ::/0 ge 65
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6 seq 30 permit fe80::/64
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6 seq 40 permit fc01:10::/64 ge 65
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6 seq 50 permit fc02:20::/64 ge 65
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6 seq 10 deny ::/0 le 59
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6 seq 20 deny ::/0 ge 65
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6 seq 30 permit fe80::/64
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6 seq 40 permit fc01:10::/64 ge 65
ipv6 prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6 seq 50 permit fc02:20::/64 ge 65
!
bgp community-list standard COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010 permit 1010:1010
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 10
 match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010
 match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 30000
 match ip address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
 set community 5060:12345 additive
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 10
 match community COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010
 match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 30000
 match ipv6 address prefix-list PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
 set community 5060:12345 additive
!
route-map FROM_BGP_PEER_V4 permit 100
!
route-map FROM_BGP_PEER_V4 permit 2
 call ALLOW_LIST_DEPLOYMENT_ID_0_V4
 on-match next
!
route-map FROM_BGP_PEER_V6 permit 1
 set ipv6 next-hop prefer-global 
!
route-map FROM_BGP_PEER_V6 permit 100
!
route-map FROM_BGP_PEER_V6 permit 2
 call ALLOW_LIST_DEPLOYMENT_ID_0_V6
 on-match next
!

As you can see from the output above the feature is isolated inside of "ALLOW_LIST_DEPLOYMENT_ID_0_V4" and "ALLOW_LIST_DEPLOYMENT_ID_0_V6" route-maps. We call the route-maps on top of each "FROM" route-map for each deployment_id. When the "ALLOW_LIST_DEPLOYMENT_ID_0_V*" route-map evaluation returns "deny", the "FROM" route-map will return deny. But when "ALLOW_LIST_DEPLOYMENT_ID_0_V*" route-map evaluation returns "permit", the next "FROM" route-map entry will be evaluated.

After each change of configuration the feature "restart" all bgp neighbors. Both IPv4 and IPv6 neighbors restart in the soft mode.

To change a list of prefixes inside of each record, you can apply the new list of prefixes with the same key. bgpcfgd will update corresponding prefix-lists automatically.

- Why I did it
I implemented the new feature. See the description above.

- How I did it
I introduced a new functionality into bgpcfgd. All code mostly isolated inside of BGPAllowListMgr class. Also I made some changes inside of bgp jinja2 templates.

- How to verify it

  1. You can save the schema example in the file and then load the file into ConfigDB using the following command: sonic-cfggen -j test_schema.conf --write-to-db. After that you can use show runningconfiguration bgp to check the changed configuration. Also take a look into /var/log/syslog. There you can find the following output:
Sep 10 00:12:36.820482 str-s6100-acs-1 DEBUG bgp#bgpcfgd: Received message : '('DEPLOYMENT_ID|0|1010:1010', 'SET', (('prefixes_v6', 'fc01:10::/64,fc02:20::/64'), ('prefixes_v4', '10.20.0.0/16,10.50.1.0/29')))'
Sep 10 00:12:36.821465 str-s6100-acs-1 INFO bgp#bgpcfgd: BGPAllowListMgr::Updating 'Allow list' policy. deployment_id '0'. community: '1010:1010' prefix_v4 '['10.20.0.0/16', '10.50.1.0/29']'. prefix_v6: '['fc01:10::/64', 'fc02:20::/64']'
Sep 10 00:12:36.821866 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__generate_names. deployment_id: 0, community: 1010:1010. names: {'community': 'COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010', 'pl_v4': 'PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4', 'rm_v4': 'ALLOW_LIST_DEPLOYMENT_ID_0_V4', 'pl_v6': 'PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6', 'rm_v6': 'ALLOW_LIST_DEPLOYMENT_ID_0_V6'}
Sep 10 00:12:36.822221 str-s6100-acs-1 DEBUG bgp#bgpcfgd: execute command '['vtysh', '-c', 'show running-config']'.
Sep 10 00:12:37.052250 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_prefix_list. af='v4' prefix-list name=PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4
Sep 10 00:12:37.052250 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_prefix_list. af='v6' prefix-list name=PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6
Sep 10 00:12:37.052250 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_community. community_name='COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010' community='1010:1010'
Sep 10 00:12:37.052250 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__is_community_presented. community='COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010'
Sep 10 00:12:37.052250 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v4' Allow rm='ALLOW_LIST_DEPLOYMENT_ID_0_V4' pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4' cl='COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010'
Sep 10 00:12:37.052250 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__parse_allow_route_map_entries. af='v4', rm='ALLOW_LIST_DEPLOYMENT_ID_0_V4'
Sep 10 00:12:37.052341 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__find_next_seq_number '10' has_community='yes'
Sep 10 00:12:37.052341 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v4' seqno='10' Allow pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V4' cl='COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010'
Sep 10 00:12:37.052341 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v6' Allow rm='ALLOW_LIST_DEPLOYMENT_ID_0_V6' pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6' cl='COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010'
Sep 10 00:12:37.052370 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__parse_allow_route_map_entries. af='v6', rm='ALLOW_LIST_DEPLOYMENT_ID_0_V6'
Sep 10 00:12:37.052416 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__find_next_seq_number '10' has_community='yes'
Sep 10 00:12:37.052416 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v6' seqno='10' Allow pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010_V6' cl='COMMUNITY_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_1010:1010'
Sep 10 00:12:37.052490 str-s6100-acs-1 DEBUG bgp#bgpcfgd: execute command '['vtysh', '-f', '/tmp/tmpQ5Uinl']'.
Sep 10 00:12:37.305769 str-s6100-acs-1 INFO bgp#bgpcfgd: BGPAllowListMgr::Restart peers with deployment_id=0
Sep 10 00:12:37.305861 str-s6100-acs-1 DEBUG bgp#bgpcfgd: execute command '['vtysh', '-c', 'clear bgp * soft in']'.
Sep 10 00:12:37.533604 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_policy. The peers were updated: rc=0
Sep 10 00:12:37.533690 str-s6100-acs-1 INFO bgp#bgpcfgd: BGPAllowListMgr::Done
Sep 10 00:12:37.533806 str-s6100-acs-1 DEBUG bgp#bgpcfgd: Received message : '('DEPLOYMENT_ID|0', 'SET', (('prefixes_v6', 'fc01:10::/64,fc02:20::/64'), ('prefixes_v4', '10.20.0.0/16,10.50.1.0/29')))'
Sep 10 00:12:37.534456 str-s6100-acs-1 INFO bgp#bgpcfgd: BGPAllowListMgr::Updating 'Allow list' policy. deployment_id '0'. community: 'empty' prefix_v4 '['10.20.0.0/16', '10.50.1.0/29']'. prefix_v6: '['fc01:10::/64', 'fc02:20::/64']'
Sep 10 00:12:37.534613 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__generate_names. deployment_id: 0, community: empty. names: {'community': 'empty', 'pl_v4': 'PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4', 'rm_v4': 'ALLOW_LIST_DEPLOYMENT_ID_0_V4', 'pl_v6': 'PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6', 'rm_v6': 'ALLOW_LIST_DEPLOYMENT_ID_0_V6'}
Sep 10 00:12:37.534883 str-s6100-acs-1 DEBUG bgp#bgpcfgd: execute command '['vtysh', '-c', 'show running-config']'.
Sep 10 00:12:37.765318 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_prefix_list. af='v4' prefix-list name=PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4
Sep 10 00:12:37.765807 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_prefix_list. af='v6' prefix-list name=PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6
Sep 10 00:12:37.766093 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_community. community_name='empty' community='empty'
Sep 10 00:12:37.766260 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_community. Empty community. exiting
Sep 10 00:12:37.766518 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v4' Allow rm='ALLOW_LIST_DEPLOYMENT_ID_0_V4' pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4' cl='empty'
Sep 10 00:12:37.766805 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__parse_allow_route_map_entries. af='v4', rm='ALLOW_LIST_DEPLOYMENT_ID_0_V4'
Sep 10 00:12:37.767303 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__find_next_seq_number '30000' has_community='no'
Sep 10 00:12:37.767553 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v4' seqno='30000' Allow pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V4' cl='empty'
Sep 10 00:12:37.767612 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v6' Allow rm='ALLOW_LIST_DEPLOYMENT_ID_0_V6' pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6' cl='empty'
Sep 10 00:12:37.767665 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__parse_allow_route_map_entries. af='v6', rm='ALLOW_LIST_DEPLOYMENT_ID_0_V6'
Sep 10 00:12:37.768116 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__find_next_seq_number '30000' has_community='no'
Sep 10 00:12:37.768391 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_allow_route_map_entry. af='v6' seqno='30000' Allow pl='PL_ALLOW_LIST_DEPLOYMENT_ID_0_COMMUNITY_empty_V6' cl='empty'
Sep 10 00:12:37.768636 str-s6100-acs-1 DEBUG bgp#bgpcfgd: execute command '['vtysh', '-f', '/tmp/tmpDW7cL6']'.
Sep 10 00:12:38.000131 str-s6100-acs-1 INFO bgp#bgpcfgd: BGPAllowListMgr::Restart peers with deployment_id=0
Sep 10 00:12:38.000646 str-s6100-acs-1 DEBUG bgp#bgpcfgd: execute command '['vtysh', '-c', 'clear bgp * soft in']'.
Sep 10 00:12:38.225079 str-s6100-acs-1 DEBUG bgp#bgpcfgd: BGPAllowListMgr::__update_policy. The peers were updated: rc=0
Sep 10 00:12:38.225079 str-s6100-acs-1 INFO bgp#bgpcfgd: BGPAllowListMgr::Done
  1. You can remove the feature configuration by the following commands. The default configuration will be restored.
redis-cli -n 4 del 'BGP_ALLOWED_PREFIXES*'

After that you can use show runningconfiguration bgp to check the changed configuration.

Test coverage data

Name                Stmts   Miss  Cover
---------------------------------------
app/__init__.py         0      0   100%
app/allow_list.py     385     21    95%
app/config.py          78     41    47%
app/directory.py       63     44    30%
app/log.py             15      3    80%
app/manager.py         41     23    44%
app/template.py        64     11    83%
app/util.py            11      8    27%
app/vars.py             1      0   100%
---------------------------------------
TOTAL                 658    151    77%

- Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

Pavel Shirshov and others added 21 commits September 3, 2020 11:13
Add 'allow list' manager feature
5434edd
Fix tests
5c460be
Enhance ipv6 nexthopset test logic
5da789c
Use correct dependancy
9187764
Add LIBSWSSCOMMON into deps
883a54b
@pavel-shirshov
Load python-swsscommin as debian dependency
4d2d6dc
Use old version of pyyaml
5b59929
Don't make any warning on default route-map entry
33b9327
Merge remote-tracking branch 'origin' into pavelsh/allow_list_feature
d616046
Remove 'exit' from test frr output
1d41ec8
Add constants for bgp allow list community ranges
0a3c0f5
Add tests with updates
c3ab85a
Restart only required peer-groups
8b3f044
Rename current_config text to current_config_raw
65f73c3
Add coverage support
aa344f5
Extract a common part of set del tests
ef88970
Add tests to check validation of ipv4 and ipv6
1c823a1
Remove bgpcfgd from coverage
e7c126b
Merge remote-tracking branch 'origin' into pavelsh/allow_list_feature
e18e9be
Merge remote-tracking branch 'origin' into pavelsh/allow_list_feature
d74865d
Remove build dependency for swsscommon
5fc465f
@lguohan
Copy link
Collaborator

lguohan commented Sep 30, 2020

would you highlight the change between this one and the last one that has been commited? easier to review that.

@pavel-shirshov
Copy link
Contributor Author

the last commit in this branch it what I changed 5fc465f

@pavel-shirshov
Copy link
Contributor Author

pavel-shirshov commented Oct 1, 2020
edited
Loading

@lguohan We need, but I afraid it will break something else. Previously bgpcfgd worked without swsscommon as a dependency. So I try to make the changes as minimal as possible.

@pavel-shirshov pavel-shirshov changed the title [bgp]: allow list [bgp] Add 'allow list' manager feature Oct 2, 2020
@pavel-shirshov pavel-shirshov self-assigned this Oct 2, 2020
@pavel-shirshov pavel-shirshov marked this pull request as ready for review October 2, 2020 17:05
@pavel-shirshov pavel-shirshov merged commit ffae82f into sonic-net:master Oct 2, 2020
abdosi pushed a commit that referenced this pull request Oct 6, 2020
@pavel-shirshov @abdosi
[bgp] Add 'allow list' manager feature (#5513)
437ad95 
implements a new feature: "BGP Allow list."

This feature allows us to control which IP prefixes are going to be advertised via ebgp from the routes received from EBGP neighbors.
santhosh-kt pushed a commit to santhosh-kt/sonic-buildimage that referenced this pull request Feb 25, 2021
@pavel-shirshov @santhosh-kt
[bgp] Add 'allow list' manager feature (sonic-net#5513)
295f732 
implements a new feature: "BGP Allow list."

This feature allows us to control which IP prefixes are going to be advertised via ebgp from the routes received from EBGP neighbors.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lguohan lguohan lguohan approved these changes

Assignees

@pavel-shirshov pavel-shirshov

Labels
bgp Enhancement ➕ FRR 🚥 Included in 201911 Branch Request for 201911 Branch :shipit: Request for 202006 Branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pavel-shirshov @lguohan @abdosi