diff --git a/go.mod b/go.mod index e9e73b0..43c150a 100644 --- a/go.mod +++ b/go.mod @@ -1,13 +1,13 @@ module github.com/metal-stack/metal-networker -go 1.23 +go 1.23.0 require ( github.com/coreos/go-systemd/v22 v22.5.0 github.com/google/go-cmp v0.6.0 - github.com/metal-stack/metal-go v0.34.0 - github.com/metal-stack/metal-hammer v0.13.5 - github.com/metal-stack/metal-lib v0.18.1 + github.com/metal-stack/metal-go v0.37.1 + github.com/metal-stack/metal-hammer v0.13.8-0.20241106143854-0826d3549873 + github.com/metal-stack/metal-lib v0.18.3 github.com/metal-stack/v v1.0.3 github.com/stretchr/testify v1.9.0 gopkg.in/yaml.v3 v3.0.1 @@ -32,6 +32,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - go.mongodb.org/mongo-driver v1.16.1 // indirect - golang.org/x/sys v0.24.0 // indirect + go.mongodb.org/mongo-driver v1.17.1 // indirect + golang.org/x/sys v0.26.0 // indirect ) diff --git a/go.sum b/go.sum index 12f047c..6c23e0e 100644 --- a/go.sum +++ b/go.sum @@ -37,12 +37,12 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/metal-stack/metal-go v0.34.0 h1:X4Wlt2OAhsu3Lq+rHSWnWeASmX6CYvOxnL6DxmjnzbU= -github.com/metal-stack/metal-go v0.34.0/go.mod h1:3MJTYCS4YJz8D8oteTKhjpaAKNMMjMKYDrIy9awHGtQ= -github.com/metal-stack/metal-hammer v0.13.5 h1:uwEKOTUCeDXDBDH/Y6P58fkC2kwFqZb/akLbAhwmVuA= -github.com/metal-stack/metal-hammer v0.13.5/go.mod h1:k9jwhyyA2Q0ViyrhEpWRZLOigzbwu2V7XsMbUHJWxIM= -github.com/metal-stack/metal-lib v0.18.1 h1:Kjmf/Z/6pWemR8O6ttbNPQ9PjeT3ON60sBNu51Lgi1M= -github.com/metal-stack/metal-lib v0.18.1/go.mod h1:GJjipRpHmpd2vjBtsaw9gGk5ZFan7NlShyjIsTdY1x4= +github.com/metal-stack/metal-go v0.37.1 h1:vlvg/MY9Ep61h86GF54DER1VYADcqyHbFPZH3DqEbdM= +github.com/metal-stack/metal-go v0.37.1/go.mod h1:3MJTYCS4YJz8D8oteTKhjpaAKNMMjMKYDrIy9awHGtQ= +github.com/metal-stack/metal-hammer v0.13.8-0.20241106143854-0826d3549873 h1:5nHFcT4ekBvpkFhH/3UCy9i12EzkJxAjshfdiqOhq6w= +github.com/metal-stack/metal-hammer v0.13.8-0.20241106143854-0826d3549873/go.mod h1:L6jt2NWvUKXHD5dwfo9+8ylNz/8gOvxuGf9mNMNuceM= +github.com/metal-stack/metal-lib v0.18.3 h1:bovFiJPB9SMvuGLqcXVWz6jFB8HrdzwnCX7TFlen4r0= +github.com/metal-stack/metal-lib v0.18.3/go.mod h1:Ctyi6zaXFr2NVrQZLFsDLnFCzupKnYErTtgRFKAsnbw= github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs= github.com/metal-stack/v v1.0.3/go.mod h1:YTahEu7/ishwpYKnp/VaW/7nf8+PInogkfGwLcGPdXg= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -55,11 +55,11 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -go.mongodb.org/mongo-driver v1.16.1 h1:rIVLL3q0IHM39dvE+z2ulZLp9ENZKThVfuvN/IiN4l8= -go.mongodb.org/mongo-driver v1.16.1/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= +go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM= +go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/pkg/netconf/frr.go b/pkg/netconf/frr.go index 959a714..8f8ecdb 100644 --- a/pkg/netconf/frr.go +++ b/pkg/netconf/frr.go @@ -144,7 +144,7 @@ func assembleVRFs(kb config) []VRF { VNI: int(*network.Vrf), ImportVRFNames: i.ImportVRFs, IPPrefixLists: i.prefixLists(), - RouteMaps: i.routeMaps(), + RouteMaps: i.routeMaps(*network.Asn, kb.FirewallDistance), } result = append(result, vrf) } diff --git a/pkg/netconf/routemap.go b/pkg/netconf/routemap.go index b505b15..790616f 100644 --- a/pkg/netconf/routemap.go +++ b/pkg/netconf/routemap.go @@ -282,7 +282,7 @@ func byName(prefixLists []IPPrefixList) map[string]IPPrefixList { return byName } -func (i *importRule) routeMaps() []RouteMap { +func (i *importRule) routeMaps(asn int64, distance uint8) []RouteMap { var result []RouteMap order := RouteMapOrderSeed @@ -299,7 +299,14 @@ func (i *importRule) routeMaps() []RouteMap { matchVrf := fmt.Sprintf("match source-vrf %s", prefixList.SourceVRF) matchPfxList := fmt.Sprintf("match %s address prefix-list %s", prefixList.AddressFamily, n) - entries := []string{matchVrf, matchPfxList} + // Using the distance we extend the path of a firewall by adding asn to its as-path prepend + numAsns := int(2 + distance) + asnList := make([]string, numAsns) + for i := 0; i < numAsns; i++ { + asnList[i] = fmt.Sprintf("%d", asn) + } + asPathPrepend := fmt.Sprintf("set as-path prepend %s", strings.Join(asnList, " ")) + entries := []string{matchVrf, matchPfxList, asPathPrepend} if strings.HasSuffix(n, IPPrefixListNoExportSuffix) { entries = append(entries, "set community additive no-export") } diff --git a/pkg/netconf/testdata/firewall.yaml b/pkg/netconf/testdata/firewall.yaml index d8f19c3..b491a49 100644 --- a/pkg/netconf/testdata/firewall.yaml +++ b/pkg/netconf/testdata/firewall.yaml @@ -176,7 +176,7 @@ nics: - mac: "44:38:39:00:00:04" name: null neighbors: [] - +firewallDistance: 2 diff --git a/pkg/netconf/testdata/firewall_dmz.yaml b/pkg/netconf/testdata/firewall_dmz.yaml index cb7e76c..8a0e9c2 100644 --- a/pkg/netconf/testdata/firewall_dmz.yaml +++ b/pkg/netconf/testdata/firewall_dmz.yaml @@ -158,7 +158,7 @@ nics: - mac: "44:38:39:00:00:04" name: null neighbors: [] - +firewallDistance: 2 diff --git a/pkg/netconf/testdata/firewall_dmz_app.yaml b/pkg/netconf/testdata/firewall_dmz_app.yaml index 414ece6..22ebe9b 100644 --- a/pkg/netconf/testdata/firewall_dmz_app.yaml +++ b/pkg/netconf/testdata/firewall_dmz_app.yaml @@ -135,7 +135,7 @@ nics: - mac: "44:38:39:00:00:04" name: null neighbors: [] - +firewallDistance: 2 diff --git a/pkg/netconf/testdata/firewall_dmz_app_storage.yaml b/pkg/netconf/testdata/firewall_dmz_app_storage.yaml index 71af69b..1e9ba87 100644 --- a/pkg/netconf/testdata/firewall_dmz_app_storage.yaml +++ b/pkg/netconf/testdata/firewall_dmz_app_storage.yaml @@ -154,7 +154,7 @@ nics: - mac: "44:38:39:00:00:04" name: null neighbors: [] - +firewallDistance: 2 diff --git a/pkg/netconf/testdata/firewall_ipv6.yaml b/pkg/netconf/testdata/firewall_ipv6.yaml index 6f9aec1..0f90f49 100644 --- a/pkg/netconf/testdata/firewall_ipv6.yaml +++ b/pkg/netconf/testdata/firewall_ipv6.yaml @@ -175,6 +175,7 @@ nics: - mac: "44:38:39:00:00:04" name: null neighbors: [] +firewallDistance: 2 diff --git a/pkg/netconf/testdata/firewall_shared.yaml b/pkg/netconf/testdata/firewall_shared.yaml index fec137f..39f64e9 100644 --- a/pkg/netconf/testdata/firewall_shared.yaml +++ b/pkg/netconf/testdata/firewall_shared.yaml @@ -135,7 +135,7 @@ nics: - mac: "44:38:39:00:00:04" name: null neighbors: [] - +firewallDistance: 2 diff --git a/pkg/netconf/testdata/firewall_vpn.yaml b/pkg/netconf/testdata/firewall_vpn.yaml index f2aed3d..7e341b0 100644 --- a/pkg/netconf/testdata/firewall_vpn.yaml +++ b/pkg/netconf/testdata/firewall_vpn.yaml @@ -179,6 +179,6 @@ nics: vpn: address: https://test.test.dev auth_key: abracadabra - +firewallDistance: 2 diff --git a/pkg/netconf/testdata/firewall_with_rules.yaml b/pkg/netconf/testdata/firewall_with_rules.yaml index 0aaa26a..bb755a6 100644 --- a/pkg/netconf/testdata/firewall_with_rules.yaml +++ b/pkg/netconf/testdata/firewall_with_rules.yaml @@ -204,3 +204,4 @@ firewall_rules: from: - "1.2.3.0/24" - "192.168.0.0/16" +firewallDistance: 2 \ No newline at end of file diff --git a/pkg/netconf/testdata/frr.conf.firewall b/pkg/netconf/testdata/frr.conf.firewall index e684dba..28a0553 100644 --- a/pkg/netconf/testdata/frr.conf.firewall +++ b/pkg/netconf/testdata/frr.conf.firewall @@ -157,12 +157,15 @@ ip prefix-list vrf3981-import-from-vrf3982 seq 106 permit 10.0.18.0/22 le 32 route-map vrf3981-import-map permit 10 match source-vrf vrf3982 match ip address prefix-list vrf3981-import-from-vrf3982 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map permit 20 match source-vrf vrf104010 match ip address prefix-list vrf3981-import-from-vrf104010 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map permit 30 match source-vrf vrf104009 match ip address prefix-list vrf3981-import-from-vrf104009 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map deny 40 ! ip prefix-list vrf3982-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32 @@ -170,6 +173,7 @@ ip prefix-list vrf3982-import-from-vrf3981 seq 101 permit 10.0.18.0/22 le 32 route-map vrf3982-import-map permit 10 match source-vrf vrf3981 match ip address prefix-list vrf3982-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf3982-import-map deny 20 ! ip prefix-list vrf104009-import-from-vrf3981-no-export seq 100 permit 10.0.16.0/22 le 32 @@ -178,10 +182,12 @@ ip prefix-list vrf104009-import-from-vrf3981 seq 102 permit 185.27.0.0/22 le 32 route-map vrf104009-import-map permit 10 match source-vrf vrf3981 match ip address prefix-list vrf104009-import-from-vrf3981-no-export + set as-path prepend 4200003073 4200003073 set community additive no-export route-map vrf104009-import-map permit 20 match source-vrf vrf3981 match ip address prefix-list vrf104009-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf104009-import-map deny 30 ! ip prefix-list vrf104010-import-from-vrf3981-no-export seq 100 permit 10.0.16.0/22 le 32 @@ -189,10 +195,12 @@ ip prefix-list vrf104010-import-from-vrf3981 seq 101 permit 100.127.129.0/24 le route-map vrf104010-import-map permit 10 match source-vrf vrf3981 match ip address prefix-list vrf104010-import-from-vrf3981-no-export + set as-path prepend 4200003073 4200003073 set community additive no-export route-map vrf104010-import-map permit 20 match source-vrf vrf3981 match ip address prefix-list vrf104010-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf104010-import-map deny 30 ! route-map only-self-out permit 10 diff --git a/pkg/netconf/testdata/frr.conf.firewall_dmz b/pkg/netconf/testdata/frr.conf.firewall_dmz index 35fdfc8..bcfe9d4 100644 --- a/pkg/netconf/testdata/frr.conf.firewall_dmz +++ b/pkg/netconf/testdata/frr.conf.firewall_dmz @@ -132,9 +132,11 @@ ip prefix-list vrf3981-import-from-vrf3983 seq 104 permit 10.0.20.0/22 le 32 route-map vrf3981-import-map permit 10 match source-vrf vrf3983 match ip address prefix-list vrf3981-import-from-vrf3983 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map permit 20 match source-vrf vrf104009 match ip address prefix-list vrf3981-import-from-vrf104009 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map deny 30 ! ip prefix-list vrf3983-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32 @@ -145,9 +147,11 @@ ip prefix-list vrf3983-import-from-vrf104009 seq 104 permit 185.27.0.0/22 le 32 route-map vrf3983-import-map permit 10 match source-vrf vrf3981 match ip address prefix-list vrf3983-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf3983-import-map permit 20 match source-vrf vrf104009 match ip address prefix-list vrf3983-import-from-vrf104009 + set as-path prepend 4200003073 4200003073 route-map vrf3983-import-map deny 30 ! ip prefix-list vrf104009-import-from-vrf3981-no-export seq 100 permit 10.0.16.0/22 le 32 @@ -157,14 +161,17 @@ ip prefix-list vrf104009-import-from-vrf3981 seq 103 permit 185.27.0.0/22 le 32 route-map vrf104009-import-map permit 10 match source-vrf vrf3983 match ip address prefix-list vrf104009-import-from-vrf3983-no-export + set as-path prepend 4200003073 4200003073 set community additive no-export route-map vrf104009-import-map permit 20 match source-vrf vrf3981 match ip address prefix-list vrf104009-import-from-vrf3981-no-export + set as-path prepend 4200003073 4200003073 set community additive no-export route-map vrf104009-import-map permit 30 match source-vrf vrf3981 match ip address prefix-list vrf104009-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf104009-import-map deny 40 ! route-map only-self-out permit 10 diff --git a/pkg/netconf/testdata/frr.conf.firewall_dmz_app b/pkg/netconf/testdata/frr.conf.firewall_dmz_app index 0c6c82c..732b12e 100644 --- a/pkg/netconf/testdata/frr.conf.firewall_dmz_app +++ b/pkg/netconf/testdata/frr.conf.firewall_dmz_app @@ -99,6 +99,7 @@ ip prefix-list vrf3981-import-from-vrf3983 permit 0.0.0.0/0 route-map vrf3981-import-map permit 10 match source-vrf vrf3983 match ip address prefix-list vrf3981-import-from-vrf3983 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map deny 20 ! ip prefix-list vrf3983-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32 @@ -106,6 +107,7 @@ ip prefix-list vrf3983-import-from-vrf3981 seq 101 permit 10.0.20.0/22 le 32 route-map vrf3983-import-map permit 10 match source-vrf vrf3981 match ip address prefix-list vrf3983-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf3983-import-map deny 20 ! route-map only-self-out permit 10 diff --git a/pkg/netconf/testdata/frr.conf.firewall_dmz_app_storage b/pkg/netconf/testdata/frr.conf.firewall_dmz_app_storage index a9c951d..714f15c 100644 --- a/pkg/netconf/testdata/frr.conf.firewall_dmz_app_storage +++ b/pkg/netconf/testdata/frr.conf.firewall_dmz_app_storage @@ -127,9 +127,11 @@ ip prefix-list vrf3981-import-from-vrf3983 permit 0.0.0.0/0 route-map vrf3981-import-map permit 10 match source-vrf vrf3983 match ip address prefix-list vrf3981-import-from-vrf3983 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map permit 20 match source-vrf vrf3982 match ip address prefix-list vrf3981-import-from-vrf3982 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map deny 30 ! ip prefix-list vrf3983-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32 @@ -137,6 +139,7 @@ ip prefix-list vrf3983-import-from-vrf3981 seq 101 permit 10.0.20.0/22 le 32 route-map vrf3983-import-map permit 10 match source-vrf vrf3981 match ip address prefix-list vrf3983-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf3983-import-map deny 20 ! ip prefix-list vrf3982-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32 @@ -144,6 +147,7 @@ ip prefix-list vrf3982-import-from-vrf3981 seq 101 permit 10.0.18.0/22 le 32 route-map vrf3982-import-map permit 10 match source-vrf vrf3981 match ip address prefix-list vrf3982-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf3982-import-map deny 20 ! route-map only-self-out permit 10 diff --git a/pkg/netconf/testdata/frr.conf.firewall_ipv6 b/pkg/netconf/testdata/frr.conf.firewall_ipv6 index 984ffed..23d4485 100644 --- a/pkg/netconf/testdata/frr.conf.firewall_ipv6 +++ b/pkg/netconf/testdata/frr.conf.firewall_ipv6 @@ -156,12 +156,15 @@ ipv6 prefix-list vrf3981-import-from-vrf104009-ipv6 seq 105 permit 2a02:c00:20:: route-map vrf3981-import-map permit 10 match source-vrf vrf3982 match ip address prefix-list vrf3981-import-from-vrf3982 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map permit 20 match source-vrf vrf104010 match ip address prefix-list vrf3981-import-from-vrf104010 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map permit 30 match source-vrf vrf104009 match ipv6 address prefix-list vrf3981-import-from-vrf104009-ipv6 + set as-path prepend 4200003073 4200003073 route-map vrf3981-import-map deny 40 ! ip prefix-list vrf3982-import-from-vrf3981 seq 100 permit 10.0.18.0/22 le 32 @@ -169,9 +172,11 @@ ipv6 prefix-list vrf3982-import-from-vrf3981-ipv6 seq 101 permit 2002::/64 le 12 route-map vrf3982-import-map permit 10 match source-vrf vrf3981 match ipv6 address prefix-list vrf3982-import-from-vrf3981-ipv6 + set as-path prepend 4200003073 4200003073 route-map vrf3982-import-map permit 20 match source-vrf vrf3981 match ip address prefix-list vrf3982-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf3982-import-map deny 30 ! ipv6 prefix-list vrf104009-import-from-vrf3981-ipv6-no-export seq 100 permit 2002::/64 le 128 @@ -179,10 +184,12 @@ ipv6 prefix-list vrf104009-import-from-vrf3981-ipv6 seq 101 permit 2a02:c00:20:: route-map vrf104009-import-map permit 10 match source-vrf vrf3981 match ipv6 address prefix-list vrf104009-import-from-vrf3981-ipv6-no-export + set as-path prepend 4200003073 4200003073 set community additive no-export route-map vrf104009-import-map permit 20 match source-vrf vrf3981 match ipv6 address prefix-list vrf104009-import-from-vrf3981-ipv6 + set as-path prepend 4200003073 4200003073 route-map vrf104009-import-map deny 30 ! ip prefix-list vrf104010-import-from-vrf3981 seq 100 permit 100.127.129.0/24 le 32 @@ -190,10 +197,12 @@ ipv6 prefix-list vrf104010-import-from-vrf3981-ipv6-no-export seq 100 permit 200 route-map vrf104010-import-map permit 10 match source-vrf vrf3981 match ipv6 address prefix-list vrf104010-import-from-vrf3981-ipv6-no-export + set as-path prepend 4200003073 4200003073 set community additive no-export route-map vrf104010-import-map permit 20 match source-vrf vrf3981 match ip address prefix-list vrf104010-import-from-vrf3981 + set as-path prepend 4200003073 4200003073 route-map vrf104010-import-map deny 30 ! route-map only-self-out permit 10 diff --git a/pkg/netconf/testdata/frr.conf.firewall_shared b/pkg/netconf/testdata/frr.conf.firewall_shared index 67cead6..d87d4eb 100644 --- a/pkg/netconf/testdata/frr.conf.firewall_shared +++ b/pkg/netconf/testdata/frr.conf.firewall_shared @@ -100,6 +100,7 @@ ip prefix-list vrf3982-import-from-vrf104009 seq 103 permit 185.27.0.0/22 le 32 route-map vrf3982-import-map permit 10 match source-vrf vrf104009 match ip address prefix-list vrf3982-import-from-vrf104009 + set as-path prepend 4200003073 4200003073 route-map vrf3982-import-map deny 20 ! ip prefix-list vrf104009-import-from-vrf3982-no-export seq 100 permit 10.0.18.0/22 le 32 @@ -108,10 +109,12 @@ ip prefix-list vrf104009-import-from-vrf3982 seq 102 permit 185.27.0.0/22 le 32 route-map vrf104009-import-map permit 10 match source-vrf vrf3982 match ip address prefix-list vrf104009-import-from-vrf3982-no-export + set as-path prepend 4200003073 4200003073 set community additive no-export route-map vrf104009-import-map permit 20 match source-vrf vrf3982 match ip address prefix-list vrf104009-import-from-vrf3982 + set as-path prepend 4200003073 4200003073 route-map vrf104009-import-map deny 30 ! route-map only-self-out permit 10