Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall Precedence #98

Draft
wants to merge 14 commits into
base: master
Choose a base branch
from
Draft

Firewall Precedence #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
8d2e4c3
#97 prolongate as-paths
mwindower Mar 30, 2023
a645b19
Merge branch 'master' into firewall-precedence
majst01 Jan 23, 2024
e53049d
Merge branch 'master' into firewall-precedence
majst01 Jan 23, 2024
c2accb9
Merge branch 'master' into firewall-precedence
majst01 Nov 5, 2024
3e7ec9a
Fix tests
Honigeintopf Nov 6, 2024
1e37ea2
Merge remote-tracking branch 'origin/firewall-precedence' into firewa…
Honigeintopf Nov 6, 2024
f09d6f8
Added distance of fw to routeMaps
Honigeintopf Nov 6, 2024
441e6a0
Fix formatter
Honigeintopf Nov 6, 2024
f2a1ab3
Fix tests
Honigeintopf Nov 6, 2024
6886efc
Possible fix to intending
Honigeintopf Nov 6, 2024
77dc107
Use PR Commit metal-hammer
Honigeintopf Nov 6, 2024
bc1d1a3
Add FirewallDistance to routeMaps
Honigeintopf Nov 6, 2024
034e6ad
Add firewallDistance to tests
Honigeintopf Nov 6, 2024
d79fff7
Merge branch 'master' into firewall-precedence
majst01 Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
module github.com/metal-stack/metal-networker

go 1.23
go 1.23.0

require (
github.com/coreos/go-systemd/v22 v22.5.0
github.com/google/go-cmp v0.6.0
github.com/metal-stack/metal-go v0.34.0
github.com/metal-stack/metal-hammer v0.13.5
github.com/metal-stack/metal-lib v0.18.1
github.com/metal-stack/metal-go v0.37.1
github.com/metal-stack/metal-hammer v0.13.8-0.20241106143854-0826d3549873
github.com/metal-stack/metal-lib v0.18.3
github.com/metal-stack/v v1.0.3
github.com/stretchr/testify v1.9.0
gopkg.in/yaml.v3 v3.0.1
Expand All @@ -32,6 +32,6 @@ require (
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
go.mongodb.org/mongo-driver v1.16.1 // indirect
golang.org/x/sys v0.24.0 // indirect
go.mongodb.org/mongo-driver v1.17.1 // indirect
golang.org/x/sys v0.26.0 // indirect
)
20 changes: 10 additions & 10 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,12 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/metal-stack/metal-go v0.34.0 h1:X4Wlt2OAhsu3Lq+rHSWnWeASmX6CYvOxnL6DxmjnzbU=
github.com/metal-stack/metal-go v0.34.0/go.mod h1:3MJTYCS4YJz8D8oteTKhjpaAKNMMjMKYDrIy9awHGtQ=
github.com/metal-stack/metal-hammer v0.13.5 h1:uwEKOTUCeDXDBDH/Y6P58fkC2kwFqZb/akLbAhwmVuA=
github.com/metal-stack/metal-hammer v0.13.5/go.mod h1:k9jwhyyA2Q0ViyrhEpWRZLOigzbwu2V7XsMbUHJWxIM=
github.com/metal-stack/metal-lib v0.18.1 h1:Kjmf/Z/6pWemR8O6ttbNPQ9PjeT3ON60sBNu51Lgi1M=
github.com/metal-stack/metal-lib v0.18.1/go.mod h1:GJjipRpHmpd2vjBtsaw9gGk5ZFan7NlShyjIsTdY1x4=
github.com/metal-stack/metal-go v0.37.1 h1:vlvg/MY9Ep61h86GF54DER1VYADcqyHbFPZH3DqEbdM=
github.com/metal-stack/metal-go v0.37.1/go.mod h1:3MJTYCS4YJz8D8oteTKhjpaAKNMMjMKYDrIy9awHGtQ=
github.com/metal-stack/metal-hammer v0.13.8-0.20241106143854-0826d3549873 h1:5nHFcT4ekBvpkFhH/3UCy9i12EzkJxAjshfdiqOhq6w=
github.com/metal-stack/metal-hammer v0.13.8-0.20241106143854-0826d3549873/go.mod h1:L6jt2NWvUKXHD5dwfo9+8ylNz/8gOvxuGf9mNMNuceM=
github.com/metal-stack/metal-lib v0.18.3 h1:bovFiJPB9SMvuGLqcXVWz6jFB8HrdzwnCX7TFlen4r0=
github.com/metal-stack/metal-lib v0.18.3/go.mod h1:Ctyi6zaXFr2NVrQZLFsDLnFCzupKnYErTtgRFKAsnbw=
github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs=
github.com/metal-stack/v v1.0.3/go.mod h1:YTahEu7/ishwpYKnp/VaW/7nf8+PInogkfGwLcGPdXg=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
Expand All @@ -55,11 +55,11 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN
github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
go.mongodb.org/mongo-driver v1.16.1 h1:rIVLL3q0IHM39dvE+z2ulZLp9ENZKThVfuvN/IiN4l8=
go.mongodb.org/mongo-driver v1.16.1/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw=
go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
Expand Down
2 changes: 1 addition & 1 deletion pkg/netconf/frr.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ func assembleVRFs(kb config) []VRF {
VNI: int(*network.Vrf),
ImportVRFNames: i.ImportVRFs,
IPPrefixLists: i.prefixLists(),
RouteMaps: i.routeMaps(),
RouteMaps: i.routeMaps(*network.Asn, kb.FirewallDistance),
}
result = append(result, vrf)
}
Expand Down
11 changes: 9 additions & 2 deletions pkg/netconf/routemap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ func byName(prefixLists []IPPrefixList) map[string]IPPrefixList {
return byName
}

func (i *importRule) routeMaps() []RouteMap {
Honigeintopf marked this conversation as resolved.
Show resolved Hide resolved
func (i *importRule) routeMaps(asn int64, distance uint8) []RouteMap {
var result []RouteMap

order := RouteMapOrderSeed
Expand All @@ -299,7 +299,14 @@ func (i *importRule) routeMaps() []RouteMap {

matchVrf := fmt.Sprintf("match source-vrf %s", prefixList.SourceVRF)
matchPfxList := fmt.Sprintf("match %s address prefix-list %s", prefixList.AddressFamily, n)
entries := []string{matchVrf, matchPfxList}
// Using the distance we extend the path of a firewall by adding asn to its as-path prepend
numAsns := int(2 + distance)
asnList := make([]string, numAsns)
for i := 0; i < numAsns; i++ {
asnList[i] = fmt.Sprintf("%d", asn)
}
asPathPrepend := fmt.Sprintf("set as-path prepend %s", strings.Join(asnList, " "))
entries := []string{matchVrf, matchPfxList, asPathPrepend}
if strings.HasSuffix(n, IPPrefixListNoExportSuffix) {
entries = append(entries, "set community additive no-export")
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/netconf/testdata/firewall.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ nics:
- mac: "44:38:39:00:00:04"
name: null
neighbors: []

firewallDistance: 2



2 changes: 1 addition & 1 deletion pkg/netconf/testdata/firewall_dmz.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ nics:
- mac: "44:38:39:00:00:04"
name: null
neighbors: []

firewallDistance: 2



2 changes: 1 addition & 1 deletion pkg/netconf/testdata/firewall_dmz_app.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ nics:
- mac: "44:38:39:00:00:04"
name: null
neighbors: []

firewallDistance: 2



2 changes: 1 addition & 1 deletion pkg/netconf/testdata/firewall_dmz_app_storage.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ nics:
- mac: "44:38:39:00:00:04"
name: null
neighbors: []

firewallDistance: 2



1 change: 1 addition & 0 deletions pkg/netconf/testdata/firewall_ipv6.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ nics:
- mac: "44:38:39:00:00:04"
name: null
neighbors: []
firewallDistance: 2



Expand Down
2 changes: 1 addition & 1 deletion pkg/netconf/testdata/firewall_shared.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ nics:
- mac: "44:38:39:00:00:04"
name: null
neighbors: []

firewallDistance: 2



2 changes: 1 addition & 1 deletion pkg/netconf/testdata/firewall_vpn.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,6 @@ nics:
vpn:
address: https://test.test.dev
auth_key: abracadabra

firewallDistance: 2


1 change: 1 addition & 0 deletions pkg/netconf/testdata/firewall_with_rules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,3 +204,4 @@ firewall_rules:
from:
- "1.2.3.0/24"
- "192.168.0.0/16"
firewallDistance: 2
8 changes: 8 additions & 0 deletions pkg/netconf/testdata/frr.conf.firewall
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,19 +157,23 @@ ip prefix-list vrf3981-import-from-vrf3982 seq 106 permit 10.0.18.0/22 le 32
route-map vrf3981-import-map permit 10
match source-vrf vrf3982
match ip address prefix-list vrf3981-import-from-vrf3982
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map permit 20
match source-vrf vrf104010
match ip address prefix-list vrf3981-import-from-vrf104010
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map permit 30
match source-vrf vrf104009
match ip address prefix-list vrf3981-import-from-vrf104009
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map deny 40
!
ip prefix-list vrf3982-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32
ip prefix-list vrf3982-import-from-vrf3981 seq 101 permit 10.0.18.0/22 le 32
route-map vrf3982-import-map permit 10
match source-vrf vrf3981
match ip address prefix-list vrf3982-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf3982-import-map deny 20
!
ip prefix-list vrf104009-import-from-vrf3981-no-export seq 100 permit 10.0.16.0/22 le 32
Expand All @@ -178,21 +182,25 @@ ip prefix-list vrf104009-import-from-vrf3981 seq 102 permit 185.27.0.0/22 le 32
route-map vrf104009-import-map permit 10
match source-vrf vrf3981
match ip address prefix-list vrf104009-import-from-vrf3981-no-export
set as-path prepend 4200003073 4200003073
set community additive no-export
route-map vrf104009-import-map permit 20
match source-vrf vrf3981
match ip address prefix-list vrf104009-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf104009-import-map deny 30
!
ip prefix-list vrf104010-import-from-vrf3981-no-export seq 100 permit 10.0.16.0/22 le 32
ip prefix-list vrf104010-import-from-vrf3981 seq 101 permit 100.127.129.0/24 le 32
route-map vrf104010-import-map permit 10
match source-vrf vrf3981
match ip address prefix-list vrf104010-import-from-vrf3981-no-export
set as-path prepend 4200003073 4200003073
set community additive no-export
route-map vrf104010-import-map permit 20
match source-vrf vrf3981
match ip address prefix-list vrf104010-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf104010-import-map deny 30
!
route-map only-self-out permit 10
Expand Down
7 changes: 7 additions & 0 deletions pkg/netconf/testdata/frr.conf.firewall_dmz
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,9 +132,11 @@ ip prefix-list vrf3981-import-from-vrf3983 seq 104 permit 10.0.20.0/22 le 32
route-map vrf3981-import-map permit 10
match source-vrf vrf3983
match ip address prefix-list vrf3981-import-from-vrf3983
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map permit 20
match source-vrf vrf104009
match ip address prefix-list vrf3981-import-from-vrf104009
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map deny 30
!
ip prefix-list vrf3983-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32
Expand All @@ -145,9 +147,11 @@ ip prefix-list vrf3983-import-from-vrf104009 seq 104 permit 185.27.0.0/22 le 32
route-map vrf3983-import-map permit 10
match source-vrf vrf3981
match ip address prefix-list vrf3983-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf3983-import-map permit 20
match source-vrf vrf104009
match ip address prefix-list vrf3983-import-from-vrf104009
set as-path prepend 4200003073 4200003073
route-map vrf3983-import-map deny 30
!
ip prefix-list vrf104009-import-from-vrf3981-no-export seq 100 permit 10.0.16.0/22 le 32
Expand All @@ -157,14 +161,17 @@ ip prefix-list vrf104009-import-from-vrf3981 seq 103 permit 185.27.0.0/22 le 32
route-map vrf104009-import-map permit 10
match source-vrf vrf3983
match ip address prefix-list vrf104009-import-from-vrf3983-no-export
set as-path prepend 4200003073 4200003073
set community additive no-export
route-map vrf104009-import-map permit 20
match source-vrf vrf3981
match ip address prefix-list vrf104009-import-from-vrf3981-no-export
set as-path prepend 4200003073 4200003073
set community additive no-export
route-map vrf104009-import-map permit 30
match source-vrf vrf3981
match ip address prefix-list vrf104009-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf104009-import-map deny 40
!
route-map only-self-out permit 10
Expand Down
2 changes: 2 additions & 0 deletions pkg/netconf/testdata/frr.conf.firewall_dmz_app
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,13 +99,15 @@ ip prefix-list vrf3981-import-from-vrf3983 permit 0.0.0.0/0
route-map vrf3981-import-map permit 10
match source-vrf vrf3983
match ip address prefix-list vrf3981-import-from-vrf3983
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map deny 20
!
ip prefix-list vrf3983-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32
ip prefix-list vrf3983-import-from-vrf3981 seq 101 permit 10.0.20.0/22 le 32
route-map vrf3983-import-map permit 10
match source-vrf vrf3981
match ip address prefix-list vrf3983-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf3983-import-map deny 20
!
route-map only-self-out permit 10
Expand Down
4 changes: 4 additions & 0 deletions pkg/netconf/testdata/frr.conf.firewall_dmz_app_storage
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,23 +127,27 @@ ip prefix-list vrf3981-import-from-vrf3983 permit 0.0.0.0/0
route-map vrf3981-import-map permit 10
match source-vrf vrf3983
match ip address prefix-list vrf3981-import-from-vrf3983
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map permit 20
match source-vrf vrf3982
match ip address prefix-list vrf3981-import-from-vrf3982
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map deny 30
!
ip prefix-list vrf3983-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32
ip prefix-list vrf3983-import-from-vrf3981 seq 101 permit 10.0.20.0/22 le 32
route-map vrf3983-import-map permit 10
match source-vrf vrf3981
match ip address prefix-list vrf3983-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf3983-import-map deny 20
!
ip prefix-list vrf3982-import-from-vrf3981 seq 100 permit 10.0.16.0/22 le 32
ip prefix-list vrf3982-import-from-vrf3981 seq 101 permit 10.0.18.0/22 le 32
route-map vrf3982-import-map permit 10
match source-vrf vrf3981
match ip address prefix-list vrf3982-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf3982-import-map deny 20
!
route-map only-self-out permit 10
Expand Down
9 changes: 9 additions & 0 deletions pkg/netconf/testdata/frr.conf.firewall_ipv6
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,44 +156,53 @@ ipv6 prefix-list vrf3981-import-from-vrf104009-ipv6 seq 105 permit 2a02:c00:20::
route-map vrf3981-import-map permit 10
match source-vrf vrf3982
match ip address prefix-list vrf3981-import-from-vrf3982
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map permit 20
match source-vrf vrf104010
match ip address prefix-list vrf3981-import-from-vrf104010
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map permit 30
match source-vrf vrf104009
match ipv6 address prefix-list vrf3981-import-from-vrf104009-ipv6
set as-path prepend 4200003073 4200003073
route-map vrf3981-import-map deny 40
!
ip prefix-list vrf3982-import-from-vrf3981 seq 100 permit 10.0.18.0/22 le 32
ipv6 prefix-list vrf3982-import-from-vrf3981-ipv6 seq 101 permit 2002::/64 le 128
route-map vrf3982-import-map permit 10
match source-vrf vrf3981
match ipv6 address prefix-list vrf3982-import-from-vrf3981-ipv6
set as-path prepend 4200003073 4200003073
route-map vrf3982-import-map permit 20
match source-vrf vrf3981
match ip address prefix-list vrf3982-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf3982-import-map deny 30
!
ipv6 prefix-list vrf104009-import-from-vrf3981-ipv6-no-export seq 100 permit 2002::/64 le 128
ipv6 prefix-list vrf104009-import-from-vrf3981-ipv6 seq 101 permit 2a02:c00:20::/45 le 128
route-map vrf104009-import-map permit 10
match source-vrf vrf3981
match ipv6 address prefix-list vrf104009-import-from-vrf3981-ipv6-no-export
set as-path prepend 4200003073 4200003073
set community additive no-export
route-map vrf104009-import-map permit 20
match source-vrf vrf3981
match ipv6 address prefix-list vrf104009-import-from-vrf3981-ipv6
set as-path prepend 4200003073 4200003073
route-map vrf104009-import-map deny 30
!
ip prefix-list vrf104010-import-from-vrf3981 seq 100 permit 100.127.129.0/24 le 32
ipv6 prefix-list vrf104010-import-from-vrf3981-ipv6-no-export seq 100 permit 2002::/64 le 128
route-map vrf104010-import-map permit 10
match source-vrf vrf3981
match ipv6 address prefix-list vrf104010-import-from-vrf3981-ipv6-no-export
set as-path prepend 4200003073 4200003073
set community additive no-export
route-map vrf104010-import-map permit 20
match source-vrf vrf3981
match ip address prefix-list vrf104010-import-from-vrf3981
set as-path prepend 4200003073 4200003073
route-map vrf104010-import-map deny 30
!
route-map only-self-out permit 10
Expand Down
3 changes: 3 additions & 0 deletions pkg/netconf/testdata/frr.conf.firewall_shared
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ ip prefix-list vrf3982-import-from-vrf104009 seq 103 permit 185.27.0.0/22 le 32
route-map vrf3982-import-map permit 10
match source-vrf vrf104009
match ip address prefix-list vrf3982-import-from-vrf104009
set as-path prepend 4200003073 4200003073
route-map vrf3982-import-map deny 20
!
ip prefix-list vrf104009-import-from-vrf3982-no-export seq 100 permit 10.0.18.0/22 le 32
Expand All @@ -108,10 +109,12 @@ ip prefix-list vrf104009-import-from-vrf3982 seq 102 permit 185.27.0.0/22 le 32
route-map vrf104009-import-map permit 10
match source-vrf vrf3982
match ip address prefix-list vrf104009-import-from-vrf3982-no-export
set as-path prepend 4200003073 4200003073
set community additive no-export
route-map vrf104009-import-map permit 20
match source-vrf vrf3982
match ip address prefix-list vrf104009-import-from-vrf3982
set as-path prepend 4200003073 4200003073
route-map vrf104009-import-map deny 30
!
route-map only-self-out permit 10
Expand Down
Loading