From 3b3e759cc18f9dd158e1329fa8573ef45ba87eef Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Mon, 24 Mar 2025 18:15:53 +0100
Subject: [PATCH] =?UTF-8?q?exit:=20don=E2=80=99t=20import=20or=20advertise?=
 =?UTF-8?q?=20subnets=20for=20inside=20networks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This was here to maybe allow someone to advertise a subset of L2 IPs for
an inside (office) network over BGP from a datacenter server. This was
never used and wouldn’t work right in any case since those IPs wouldn’t
be reachable from L2 hosts on that network.

So allow advertising and VRF-importing only entire (/24) networks.
---
 roles/exit/templates/frr.conf.j2 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/roles/exit/templates/frr.conf.j2 b/roles/exit/templates/frr.conf.j2
index 13723a6..8c84271 100644
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@@ -230,9 +230,9 @@ ipv6 prefix-list fabric permit 2001:1470:fffd:3400::/64 ge 128
 {% for prefix in vrf_prefixes | selectattr('vrf.name', '==', 'outside')
     | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
 {% if prefix.family.value == 4 %}
-ip prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ip prefix-list outside permit {{ prefix.prefix }}
 {% else %}
-ipv6 prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ipv6 prefix-list outside permit {{ prefix.prefix }}
 {% endif %}
 {% endfor %}
 
@@ -240,9 +240,9 @@ ipv6 prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr
 {% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs)
     | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
 {% if prefix.family.value == 4 %}
-ip prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ip prefix-list office permit {{ prefix.prefix }}
 {% else %}
-ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ipv6 prefix-list office permit {{ prefix.prefix }}
 {% endif %}
 {% endfor %}
 
@@ -250,9 +250,9 @@ ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr(
 {% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs)
     | sort(attribute='family.value') | sort(attribute='vrf.name') %}
 {% if prefix.family.value == 4 %}
-ip prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ip prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }}
 {% else %}
-ipv6 prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ipv6 prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }}
 {% endif %}
 {% endfor %}