Merged PR 6446272: [bgp-cfgd] BGP template for OLT mgmt ToR

Why I did it For mgmt ToR which is connected to OLT, need to have bgp allow-prefix list to control the routes advertisement between OLT and mgmt ToR. How I did it To add new template for this Scenario, which is based on common mgmt ToR BGP template. below is the doc for detailed design. https://microsoft.sharepoint.com/:w:/t/Aznet/EUXF5cffHVtDspT4W0o3ni8Bax5uGLwe5_hRGQnERDYrbg?e=rtmE9c The changes in managers_allow_list.py is a common one and PR in public repo. sonic-net#11586 How to verify it 1. Unit Test Add new unit test cases for new templates. 2. Integration Test To simulate the Scenario in physical TB, and verify the run bgp configuration. WIP, to verify with Optical team. Others Need to port back to 202012 and 202205 branch.
yaqiangz · Dec 15, 2022 · f94111c · f94111c
1 parent d2385a0
commit f94111c
Show file tree

Hide file tree

Showing 23 changed files with 430 additions and 21 deletions.
diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/router.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/router.j2
@@ -20,6 +20,11 @@
 {%         elif device_type in ['BmcMgmtToRRouter'] %}
 {%             include path_template % "v4.mgmttor.mx" %}
 {%         else %}
+{%             if neighbor_type == 'OpticalLonghaulTerminal' %}
+{%                 set peer_group_type = 'OLT_V4' %}
+{%             else %}
+{%                 set peer_group_type = 'TIER1_V4' %}
+{%             endif %}
 {%             include path_template % "v4.mgmttor" %}
 {%         endif %}
 {%     elif device_type in ['ToRRouter', 'BackEndToRRouter'] %}
@@ -71,6 +76,11 @@
 {%         elif device_type in ['BmcMgmtToRRouter'] %}
 {%             include path_template % "v6.mgmttor.mx" %}
 {%         else %}
+{%             if neighbor_type == 'OpticalLonghaulTerminal' %}
+{%                 set peer_group_type = 'OLT_V6' %}
+{%             else %}
+{%                 set peer_group_type = 'TIER1_V6' %}
+{%             endif %}
 {%             include path_template % "v6.mgmttor" %}
 {%         endif %}
 {%     elif device_type in ['ToRRouter', 'BackEndToRRouter'] %}

diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/instance.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/instance.conf.j2
@@ -3,7 +3,7 @@
 !
   neighbor {{ neighbor_addr }} remote-as {{ bgp_session['asn'] }}
   neighbor {{ neighbor_addr }} description {{ bgp_session['name'] }}
-  neighbor {{ neighbor_addr }} peer-group TIER1_V4
+  neighbor {{ neighbor_addr }} peer-group {{ peer_group_type }}
 !
 {% if CONFIG_DB__BGP_BBR['status'] == 'enabled' %}
 address-family ipv4 unicast

diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2
@@ -1,14 +1,22 @@
 !
 ! template: bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2
 !
-  neighbor TIER1_V4 peer-group
+  neighbor {{ peer_group_type }} peer-group
   address-family ipv4 unicast
-    neighbor TIER1_V4 activate
-    neighbor TIER1_V4 soft-reconfiguration inbound
-    neighbor TIER1_V4 route-map FROM_TIER1_V4 in
-    neighbor TIER1_V4 route-map TO_TIER1_V4 out
-    neighbor TIER1_V4 send-community
-    neighbor TIER1_V4 maximum-prefix 4000 90 warning-only
+    neighbor {{ peer_group_type }} activate
+    neighbor {{ peer_group_type }} soft-reconfiguration inbound
+{% if neighbor_type == 'OpticalLonghaulTerminal' %}
+    neighbor {{ peer_group_type }} route-map FROM_{{ peer_group_type }}_DEPLOYMENT_ID_{{ neighbor_deployment_id }} in
+{% else %}
+    neighbor {{ peer_group_type }} route-map FROM_{{ peer_group_type }} in
+{% endif %}
+    neighbor {{ peer_group_type }} route-map TO_{{ peer_group_type }} out
+    neighbor {{ peer_group_type }} send-community
+{% if neighbor_type == 'OpticalLonghaulTerminal' %}
+    neighbor {{ peer_group_type }} maximum-prefix 40 90
+{% else %}
+    neighbor {{ peer_group_type }} maximum-prefix 4000 90 warning-only
+{% endif %}
   exit-address-family
 !
 ! end of template: bgpd/templates/msft.general/v4.mgmttor/peer-group.conf.j2

diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2
@@ -1,9 +1,37 @@
 !
 ! template: bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2
 !
-route-map FROM_TIER1_V4 permit 100
+{% if neighbor_type == 'OpticalLonghaulTerminal' %}
+ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0
 !
-route-map TO_TIER1_V4 permit 100
+route-map ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V4 deny 60000
 !
+{% if constants.bgp.allow_list is defined and constants.bgp.allow_list.enabled is defined and constants.bgp.allow_list.enabled and constants.bgp.allow_list.drop_community is defined %}
+{% if allow_list_default_action == 'deny' %}
+route-map ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V4 permit 65535
+  set community no-export additive
+!
+{% else %}
+route-map ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V4 permit 65535
+  set community {{ constants.bgp.allow_list.drop_community }} additive
+!
+{% endif %}
+route-map FROM_{{ peer_group_type }}_DEPLOYMENT_ID_{{ neighbor_deployment_id }} permit 100
+ call ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V4
+!
+{% endif %}
+route-map FROM_{{ peer_group_type }}_DEPLOYMENT_ID_{{ neighbor_deployment_id }} deny 1000
+!
+route-map TO_{{ peer_group_type }} permit 100
+ match ip address prefix-list DEFAULT_IPV4
+!
+route-map TO_{{ peer_group_type }} deny 1000
+!
+{% else %}
+route-map FROM_{{ peer_group_type }} permit 100
+!
+route-map TO_{{ peer_group_type }} permit 100
+!
+{% endif %}
 ! end of template: bgpd/templates/msft.general/v4.mgmttor/policy.conf.j2
 !
diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/instance.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/instance.conf.j2
@@ -3,7 +3,7 @@
 !
   neighbor {{ neighbor_addr }} remote-as {{ bgp_session['asn'] }}
   neighbor {{ neighbor_addr }} description {{ bgp_session['name'] }}
-  neighbor {{ neighbor_addr }} peer-group TIER1_V6
+  neighbor {{ neighbor_addr }} peer-group {{ peer_group_type }}
 !
 {% if CONFIG_DB__BGP_BBR['status'] == 'enabled' %}
 address-family ipv6 unicast

diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/peer-group.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/peer-group.conf.j2
@@ -1,14 +1,22 @@
 !
 ! template: bgpd/templates/msft.general/v6.leaf.tor.all/peer-group.conf.j2
 !
-  neighbor TIER1_V6 peer-group
+  neighbor {{ peer_group_type }} peer-group
   address-family ipv6 unicast
-    neighbor TIER1_V6 activate
-    neighbor TIER1_V6 soft-reconfiguration inbound
-    neighbor TIER1_V6 route-map FROM_TIER1_V6 in
-    neighbor TIER1_V6 route-map TO_TIER1_V6 out
-    neighbor TIER1_V6 send-community
-    neighbor TIER1_V6 maximum-prefix 1000 90 warning-only
+    neighbor {{ peer_group_type }} activate
+    neighbor {{ peer_group_type }} soft-reconfiguration inbound
+{% if neighbor_type == 'OpticalLonghaulTerminal' %}
+    neighbor {{ peer_group_type }} route-map FROM_{{ peer_group_type }}_DEPLOYMENT_ID_{{ neighbor_deployment_id }} in
+{% else %}
+    neighbor {{ peer_group_type }} route-map FROM_{{ peer_group_type }} in
+{% endif %}
+    neighbor {{ peer_group_type }} route-map TO_{{ peer_group_type }} out
+    neighbor {{ peer_group_type }} send-community
+{% if neighbor_type == 'OpticalLonghaulTerminal' %}
+    neighbor {{ peer_group_type }} maximum-prefix 40 90
+{% else %}
+    neighbor {{ peer_group_type }} maximum-prefix 1000 90 warning-only
+{% endif %}
   exit-address-family
 !
 ! end of template: bgpd/templates/msft.general/v6.leaf.tor.all/peer-group.conf.j2

diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2
@@ -1,13 +1,35 @@
 !
 ! template: bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2
 !
+{% if neighbor_type == 'OpticalLonghaulTerminal' %}
+route-map ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V6 deny 60000
 !
-route-map FROM_TIER1_V6 permit 100
+{% if constants.bgp.allow_list is defined and constants.bgp.allow_list.enabled is defined and constants.bgp.allow_list.enabled and constants.bgp.allow_list.drop_community is defined %}
+{% if allow_list_default_action == 'deny' %}
+route-map ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V6 permit 65535
+  set community no-export additive
+!
+{% else %}
+route-map ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V6 permit 65535
+  set community {{ constants.bgp.allow_list.drop_community }} additive
+!
+{% endif %}
+route-map FROM_{{ peer_group_type }}_DEPLOYMENT_ID_{{ neighbor_deployment_id }} permit 100
+ call ALLOW_LIST_DEPLOYMENT_ID_{{ neighbor_deployment_id}}_NEIGHBOR_{{ neighbor_type }}_V6
+!
+{% endif %}
+route-map FROM_{{ peer_group_type }}_DEPLOYMENT_ID_{{ neighbor_deployment_id }} deny 1000
+!
+route-map TO_{{ peer_group_type }} deny 1000
+!
+{% else %}
+route-map FROM_{{ peer_group_type }} permit 100
  set ipv6 next-hop prefer-global
  on-match next
-route-map FROM_TIER1_V6 permit 200
+route-map FROM_{{ peer_group_type }} permit 200
 !
-route-map TO_TIER1_V6 permit 100
+route-map TO_{{ peer_group_type }} permit 100
 !
+{% endif %}
 ! end of template: bgpd/templates/msft.general/v6.mgmttor/policy.conf.j2
 !
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v4.mgmttorolt_all.json b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v4.mgmttorolt_all.json
@@ -0,0 +1,21 @@
+{
+    "CONFIG_DB__DEVICE_METADATA": {
+        "localhost": {
+            "type": "MgmtToRRouter"
+        }
+    },
+    "CONFIG_DB__DEVICE_NEIGHBOR_METADATA": {
+        "neig_device": {
+            "type": "OpticalLonghaulTerminal"
+        }
+    },
+    "CONFIG_DB__BGP_BBR": {
+        "status": "enabled"
+    },
+    "bgp_session": {
+        "asn": "11111",
+        "name": "neig_device",
+        "admin_status": "down"
+    },
+    "neighbor_addr": "11.11.11.11"
+}
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v4.mgmttorolt_base.json b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v4.mgmttorolt_base.json
@@ -0,0 +1,20 @@
+{
+    "CONFIG_DB__DEVICE_METADATA": {
+        "localhost": {
+            "type": "MgmtToRRouter"
+        }
+    },
+    "CONFIG_DB__DEVICE_NEIGHBOR_METADATA": {
+        "neig_device": {
+            "type": "OpticalLonghaulTerminal"
+        }
+    },
+    "CONFIG_DB__BGP_BBR": {
+        "status": "enabled"
+    },
+    "bgp_session": {
+        "asn": "11111",
+        "name": "neig_device"
+    },
+    "neighbor_addr": "11.11.11.11"
+}
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v6.mgmttorolt_all.json b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v6.mgmttorolt_all.json
@@ -0,0 +1,21 @@
+{
+    "CONFIG_DB__DEVICE_METADATA": {
+        "localhost": {
+            "type": "MgmtToRRouter"
+        }
+    },
+    "CONFIG_DB__DEVICE_NEIGHBOR_METADATA": {
+        "neig_device": {
+            "type": "OpticalLonghaulTerminal"
+        }
+    },
+    "CONFIG_DB__BGP_BBR": {
+	    "status": "enabled"
+    },
+    "bgp_session": {
+        "asn": "11111",
+        "name": "neig_device",
+        "admin_status": "down"
+    },
+    "neighbor_addr": "fc00::15"
+}
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v6.mgmttorolt_base.json b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/param_v6.mgmttorolt_base.json
@@ -0,0 +1,20 @@
+{
+    "CONFIG_DB__DEVICE_METADATA": {
+        "localhost": {
+            "type": "MgmtToRRouter"
+        }
+    },
+    "CONFIG_DB__DEVICE_NEIGHBOR_METADATA": {
+        "neig_device": {
+            "type": "OpticalLonghaulTerminal"
+        }
+    },
+    "CONFIG_DB__BGP_BBR": {
+	    "status": "enabled"
+    },
+    "bgp_session": {
+        "asn": "11111",
+        "name": "neig_device"
+    },
+    "neighbor_addr": "fc00::15"
+}
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v4.mgmttorolt_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v4.mgmttorolt_all.conf
@@ -0,0 +1,19 @@
+!
+! template: bgpd/templates/general/instance.conf.j2
+!
+! template: bgpd/templates/msft.general/v4.mgmttor/instance.conf.j2
+!
+  neighbor 11.11.11.11 remote-as 11111
+  neighbor 11.11.11.11 description neig_device
+  neighbor 11.11.11.11 peer-group OLT_V4
+!
+address-family ipv4 unicast
+  neighbor 11.11.11.11 allowas-in 1
+exit-address-family
+!
+  neighbor 11.11.11.11 shutdown
+!
+! end of template: bgpd/templates/msft.general/v4.mgmttor/instance.conf.j2
+!
+! end of template: bgpd/templates/general/instance.conf.j2
+!
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v4.mgmttorolt_base.conf b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v4.mgmttorolt_base.conf
@@ -0,0 +1,17 @@
+!
+! template: bgpd/templates/general/instance.conf.j2
+!
+! template: bgpd/templates/msft.general/v4.mgmttor/instance.conf.j2
+!
+  neighbor 11.11.11.11 remote-as 11111
+  neighbor 11.11.11.11 description neig_device
+  neighbor 11.11.11.11 peer-group OLT_V4
+!
+address-family ipv4 unicast
+  neighbor 11.11.11.11 allowas-in 1
+exit-address-family
+!
+! end of template: bgpd/templates/msft.general/v4.mgmttor/instance.conf.j2
+!
+! end of template: bgpd/templates/general/instance.conf.j2
+!
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v6.mgmttorolt_all.conf b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v6.mgmttorolt_all.conf
@@ -0,0 +1,19 @@
+!
+! template: bgpd/templates/general/instance.conf.j2
+!
+! template: bgpd/templates/msft.general/v6.mgmttor/instance.conf.j2
+!
+  neighbor fc00::15 remote-as 11111
+  neighbor fc00::15 description neig_device
+  neighbor fc00::15 peer-group OLT_V6
+!
+address-family ipv6 unicast
+  neighbor fc00::15 allowas-in 1
+exit-address-family
+!
+  neighbor fc00::15 shutdown
+!
+! end of template: bgpd/templates/msft.general/v6.mgmttor/instance.conf.j2
+!
+! end of template: bgpd/templates/general/instance.conf.j2
+!
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v6.mgmttorolt_base.conf b/src/sonic-bgpcfgd/tests/data/msft.general/instance.conf/result_v6.mgmttorolt_base.conf
@@ -0,0 +1,17 @@
+!
+! template: bgpd/templates/general/instance.conf.j2
+!
+! template: bgpd/templates/msft.general/v6.mgmttor/instance.conf.j2
+!
+  neighbor fc00::15 remote-as 11111
+  neighbor fc00::15 description neig_device
+  neighbor fc00::15 peer-group OLT_V6
+!
+address-family ipv6 unicast
+  neighbor fc00::15 allowas-in 1
+exit-address-family
+!
+! end of template: bgpd/templates/msft.general/v6.mgmttor/instance.conf.j2
+!
+! end of template: bgpd/templates/general/instance.conf.j2
+!
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/param_v4.mgmttorolt_all.json b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/param_v4.mgmttorolt_all.json
@@ -0,0 +1,21 @@
+{
+    "CONFIG_DB__DEVICE_METADATA": {
+        "localhost": {
+            "type": "MgmtToRRouter"
+        }
+    },
+    "CONFIG_DB__DEVICE_NEIGHBOR_METADATA": {
+        "neig_device": {
+            "type": "OpticalLonghaulTerminal",
+            "deployment_id": "3"
+        }
+    },
+    "constants": {
+        "bgp": {}
+    },
+    "bgp_session": {
+        "asn": "11111",
+        "name": "neig_device"
+    },
+    "neighbor_addr": "11.11.11.11"
+}
diff --git a/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/param_v6.mgmttorolt_all.json b/src/sonic-bgpcfgd/tests/data/msft.general/peer-group.conf/param_v6.mgmttorolt_all.json
@@ -0,0 +1,21 @@
+{
+    "CONFIG_DB__DEVICE_METADATA": {
+        "localhost": {
+            "type": "MgmtToRRouter"
+        }
+    },
+    "CONFIG_DB__DEVICE_NEIGHBOR_METADATA": {
+        "neig_device": {
+            "type": "OpticalLonghaulTerminal",
+            "deployment_id": "3"
+        }
+    },
+    "constants": {
+        "bgp": {}
+    },
+    "bgp_session": {
+        "asn": "11111",
+        "name": "neig_device"
+    },
+    "neighbor_addr": "fc00::15"
+}