rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

exit: don’t import or advertise subnets for inside networks

Browse source 
This was here to maybe allow someone to advertise a subset of L2 IPs for
an inside (office) network over BGP from a datacenter server. This was
never used and wouldn’t work right in any case since those IPs wouldn’t
be reachable from L2 hosts on that network.

So allow advertising and VRF-importing only entire (/24) networks.
This commit is contained in:
Timotej Lazar 2025-03-24 18:15:53 +01:00
parent 0ed4973894
commit 3b3e759cc1
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
roles/exit/templates/frr.conf.j2
View file

@ -230,9 +230,9 @@ ipv6 prefix-list fabric permit 2001:1470:fffd:3400::/64 ge 128
{% for prefix in vrf_prefixes | selectattr('vrf.name', '==', 'outside') {% for prefix in vrf_prefixes | selectattr('vrf.name', '==', 'outside')
| sort(attribute='family.value') | sort(attribute='vlan.vid') %} | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
{% if prefix.family.value == 4 %} {% if prefix.family.value == 4 %}
ip prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }} ip prefix-list outside permit {{ prefix.prefix }}
{% else %} {% else %}
ipv6 prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }} ipv6 prefix-list outside permit {{ prefix.prefix }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -240,9 +240,9 @@ ipv6 prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr
{% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs) {% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs)
| sort(attribute='family.value') | sort(attribute='vlan.vid') %} | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
{% if prefix.family.value == 4 %} {% if prefix.family.value == 4 %}
ip prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }} ip prefix-list office permit {{ prefix.prefix }}
{% else %} {% else %}
ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }} ipv6 prefix-list office permit {{ prefix.prefix }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -250,9 +250,9 @@ ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr(
{% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs) {% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs)
| sort(attribute='family.value') | sort(attribute='vrf.name') %} | sort(attribute='family.value') | sort(attribute='vrf.name') %}
{% if prefix.family.value == 4 %} {% if prefix.family.value == 4 %}
ip prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }} ip prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }}
{% else %} {% else %}
ipv6 prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }} ipv6 prefix-list {{ prefix.vrf.name }} permit {{ prefix.prefix }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}