Example 1 with LiteralOrigin
use of org.batfish.datamodel.routing_policy.expr.LiteralOrigin in project batfish by batfish.
the class CiscoControlPlaneExtractor method toOriginExpr.
private OriginExpr toOriginExpr(Origin_expr_literalContext ctx) {
OriginType originType;
Integer asNum = null;
LiteralOrigin originExpr;
if (ctx.IGP() != null) {
originType = OriginType.IGP;
} else if (ctx.INCOMPLETE() != null) {
originType = OriginType.INCOMPLETE;
} else if (ctx.as != null) {
asNum = toInteger(ctx.as);
originType = OriginType.IGP;
} else {
throw convError(OriginExpr.class, ctx);
}
originExpr = new LiteralOrigin(originType, asNum);
return originExpr;
}
Also used :
OriginType(org.batfish.datamodel.OriginType)
LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin)
Example 2 with LiteralOrigin
use of org.batfish.datamodel.routing_policy.expr.LiteralOrigin in project batfish by batfish.
the class VpnConnection method applyToVpnGateway.
public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
return;
}
Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
for (int i = 0; i < _ipsecTunnels.size(); i++) {
int idNum = i + 1;
String vpnId = _vpnConnectionId + "-" + idNum;
IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
}
// create representation structures and add to configuration node
IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
ipsecVpn.setIpsecPolicy(ipsecPolicy);
IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
IkeGateway ikeGateway = new IkeGateway(vpnId);
vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
ipsecVpn.setIkeGateway(ikeGateway);
IkePolicy ikePolicy = new IkePolicy(vpnId);
vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
ikeGateway.setIkePolicy(ikePolicy);
IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
ikePolicy.getProposals().put(vpnId, ikeProposal);
String externalInterfaceName = "external" + idNum;
InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
String vpnInterfaceName = "vpn" + idNum;
InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
// Set fields within representation structures
// ipsec
ipsecVpn.setBindInterface(vpnInterface);
ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
// ike
ikeGateway.setExternalInterface(externalInterface);
ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
}
ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
// bgp (if configured)
if (ipsecTunnel.getVgwBgpAsn() != -1) {
BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
if (proc == null) {
proc = new BgpProcess();
proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
}
BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
cgBgpNeighbor.setSendCommunity(false);
VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
if (attachmentVpcIds.size() != 1) {
throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
}
String vpcId = attachmentVpcIds.get(0);
// iBGP connection to VPC
Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vgwToVpcBgpNeighbor.setSendCommunity(true);
// iBGP connection from VPC
BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
BgpProcess vpcProc = new BgpProcess();
vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpcProc.setRouterId(vpcIfaceAddress);
vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vpcToVgwBgpNeighbor.setSendCommunity(true);
String rpRejectAllName = "~REJECT_ALL~";
String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
If acceptIffEbgp = new If();
acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
String rpAcceptAllName = "~ACCEPT_ALL~";
RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
Vpc vpc = region.getVpcs().get(vpcId);
String originationPolicyName = vpnId + "_origination";
RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
cgBgpNeighbor.setExportPolicy(originationPolicyName);
If originationIf = new If();
List<Statement> statements = originationRoutingPolicy.getStatements();
statements.add(originationIf);
statements.add(Statements.ExitReject.toStaticStatement());
originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
vpc.getCidrBlockAssociations().forEach(prefix -> {
RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
originationRouteFilter.addLine(matchOutgoingPrefix);
});
Conjunction conj = new Conjunction();
originationIf.setGuard(conj);
conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
}
// static routes (if configured)
for (Prefix staticRoutePrefix : _routes) {
StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
}
}
}
Also used :
IpsecVpn(org.batfish.datamodel.IpsecVpn)
Configuration(org.batfish.datamodel.Configuration)
BgpProcess(org.batfish.datamodel.BgpProcess)
LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin)
NamedPrefixSet(org.batfish.datamodel.routing_policy.expr.NamedPrefixSet)
Ip(org.batfish.datamodel.Ip)
Prefix(org.batfish.datamodel.Prefix)
SelfNextHop(org.batfish.datamodel.routing_policy.expr.SelfNextHop)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
IpsecProposal(org.batfish.datamodel.IpsecProposal)
Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction)
SubRange(org.batfish.datamodel.SubRange)
SetNextHop(org.batfish.datamodel.routing_policy.statement.SetNextHop)
RouteFilterLine(org.batfish.datamodel.RouteFilterLine)
IkeProposal(org.batfish.datamodel.IkeProposal)
BatfishException(org.batfish.common.BatfishException)
StaticRoute(org.batfish.datamodel.StaticRoute)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Statement(org.batfish.datamodel.routing_policy.statement.Statement)
MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)
SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol)
DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork)
IpsecPolicy(org.batfish.datamodel.IpsecPolicy)
IkeGateway(org.batfish.datamodel.IkeGateway)
RouteFilterList(org.batfish.datamodel.RouteFilterList)
IkePolicy(org.batfish.datamodel.IkePolicy)
If(org.batfish.datamodel.routing_policy.statement.If)
Interface(org.batfish.datamodel.Interface)
Example 3 with LiteralOrigin
use of org.batfish.datamodel.routing_policy.expr.LiteralOrigin in project batfish by batfish.
the class JuniperConfiguration method createBgpProcess.
private BgpProcess createBgpProcess(RoutingInstance routingInstance) {
initDefaultBgpExportPolicy();
initDefaultBgpImportPolicy();
String vrfName = routingInstance.getName();
Vrf vrf = _c.getVrfs().get(vrfName);
BgpProcess proc = new BgpProcess();
Ip routerId = routingInstance.getRouterId();
if (routerId == null) {
routerId = _defaultRoutingInstance.getRouterId();
if (routerId == null) {
routerId = Ip.ZERO;
}
}
proc.setRouterId(routerId);
BgpGroup mg = routingInstance.getMasterBgpGroup();
boolean multipathEbgp = false;
boolean multipathIbgp = false;
boolean multipathMultipleAs = false;
boolean multipathEbgpSet = false;
boolean multipathIbgpSet = false;
boolean multipathMultipleAsSet = false;
if (mg.getLocalAs() == null) {
Integer routingInstanceAs = routingInstance.getAs();
if (routingInstanceAs == null) {
routingInstanceAs = _defaultRoutingInstance.getAs();
}
if (routingInstanceAs == null) {
_w.redFlag("BGP BROKEN FOR THIS ROUTER: Cannot determine local autonomous system");
} else {
mg.setLocalAs(routingInstanceAs);
}
}
// Set default authentication algorithm if missing
if (mg.getAuthenticationAlgorithm() == null) {
mg.setAuthenticationAlgorithm(DEFAULT_BGP_AUTHENTICATION_ALGORITHM);
}
for (IpBgpGroup ig : routingInstance.getIpBgpGroups().values()) {
ig.cascadeInheritance();
}
_unreferencedBgpGroups = new TreeMap<>();
int fakeIpCounter = 0;
for (Entry<String, NamedBgpGroup> e : routingInstance.getNamedBgpGroups().entrySet()) {
fakeIpCounter++;
String name = e.getKey();
NamedBgpGroup group = e.getValue();
if (!group.getIpv6() && !group.getInherited()) {
_unreferencedBgpGroups.put(name, group.getDefinitionLine());
Ip fakeIp = new Ip(-1 * fakeIpCounter);
IpBgpGroup dummy = new IpBgpGroup(fakeIp);
dummy.setParent(group);
dummy.cascadeInheritance();
routingInstance.getIpBgpGroups().put(fakeIp, dummy);
}
}
for (Entry<Ip, IpBgpGroup> e : routingInstance.getIpBgpGroups().entrySet()) {
Ip ip = e.getKey();
IpBgpGroup ig = e.getValue();
BgpNeighbor neighbor = new BgpNeighbor(ip, _c);
neighbor.setVrf(vrfName);
// route reflection
Ip declaredClusterId = ig.getClusterId();
if (declaredClusterId != null) {
neighbor.setRouteReflectorClient(true);
neighbor.setClusterId(declaredClusterId.asLong());
} else {
neighbor.setClusterId(routerId.asLong());
}
// multipath multiple-as
boolean currentGroupMultipathMultipleAs = ig.getMultipathMultipleAs();
if (multipathMultipleAsSet && currentGroupMultipathMultipleAs != multipathMultipleAs) {
_w.redFlag("Currently do not support mixed multipath-multiple-as/non-multipath-multiple-as bgp" + "groups on Juniper - FORCING NON-MULTIPATH-MULTIPLE-AS");
multipathMultipleAs = false;
} else {
multipathMultipleAs = currentGroupMultipathMultipleAs;
multipathMultipleAsSet = true;
}
String authenticationKeyChainName = ig.getAuthenticationKeyChainName();
if (ig.getAuthenticationKeyChainName() != null) {
if (!_c.getAuthenticationKeyChains().containsKey(authenticationKeyChainName)) {
authenticationKeyChainName = null;
} else if (ig.getAuthenticationKey() != null) {
_w.redFlag("Both authentication-key and authentication-key-chain specified for neighbor " + ig.getRemoteAddress());
}
}
BgpAuthenticationSettings bgpAuthenticationSettings = new BgpAuthenticationSettings();
bgpAuthenticationSettings.setAuthenticationAlgorithm(ig.getAuthenticationAlgorithm());
bgpAuthenticationSettings.setAuthenticationKey(ig.getAuthenticationKey());
bgpAuthenticationSettings.setAuthenticationKeyChainName(authenticationKeyChainName);
neighbor.setAuthenticationSettings(bgpAuthenticationSettings);
Boolean ebgpMultihop = ig.getEbgpMultihop();
if (ebgpMultihop == null) {
ebgpMultihop = false;
}
neighbor.setEbgpMultihop(ebgpMultihop);
Integer loops = ig.getLoops();
boolean allowLocalAsIn = loops != null && loops > 0;
neighbor.setAllowLocalAsIn(allowLocalAsIn);
Boolean advertisePeerAs = ig.getAdvertisePeerAs();
if (advertisePeerAs == null) {
advertisePeerAs = false;
}
neighbor.setAllowRemoteAsOut(advertisePeerAs);
Boolean advertiseExternal = ig.getAdvertiseExternal();
if (advertiseExternal == null) {
advertiseExternal = false;
}
neighbor.setAdvertiseExternal(advertiseExternal);
Boolean advertiseInactive = ig.getAdvertiseInactive();
if (advertiseInactive == null) {
advertiseInactive = false;
}
neighbor.setAdvertiseInactive(advertiseInactive);
neighbor.setGroup(ig.getGroupName());
// import policies
String peerImportPolicyName = "~PEER_IMPORT_POLICY:" + ig.getRemoteAddress() + "~";
neighbor.setImportPolicy(peerImportPolicyName);
RoutingPolicy peerImportPolicy = new RoutingPolicy(peerImportPolicyName, _c);
_c.getRoutingPolicies().put(peerImportPolicyName, peerImportPolicy);
// default import policy is to accept
peerImportPolicy.getStatements().add(new SetDefaultPolicy(DEFAULT_BGP_IMPORT_POLICY_NAME));
peerImportPolicy.getStatements().add(Statements.SetDefaultActionAccept.toStaticStatement());
List<BooleanExpr> importPolicyCalls = new ArrayList<>();
ig.getImportPolicies().forEach((importPolicyName, importPolicyLine) -> {
PolicyStatement importPolicy = _policyStatements.get(importPolicyName);
if (importPolicy == null) {
undefined(JuniperStructureType.POLICY_STATEMENT, importPolicyName, JuniperStructureUsage.BGP_IMPORT_POLICY, importPolicyLine);
} else {
setPolicyStatementReferent(importPolicyName, ig.getImportPolicies(), "BGP import policy for neighbor: " + ig.getRemoteAddress());
CallExpr callPolicy = new CallExpr(importPolicyName);
importPolicyCalls.add(callPolicy);
}
});
If peerImportPolicyConditional = new If();
DisjunctionChain importPolicyChain = new DisjunctionChain(importPolicyCalls);
peerImportPolicyConditional.setGuard(importPolicyChain);
peerImportPolicy.getStatements().add(peerImportPolicyConditional);
peerImportPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
peerImportPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
// export policies
String peerExportPolicyName = "~PEER_EXPORT_POLICY:" + ig.getRemoteAddress() + "~";
neighbor.setExportPolicy(peerExportPolicyName);
RoutingPolicy peerExportPolicy = new RoutingPolicy(peerExportPolicyName, _c);
_c.getRoutingPolicies().put(peerExportPolicyName, peerExportPolicy);
peerExportPolicy.getStatements().add(new SetDefaultPolicy(DEFAULT_BGP_EXPORT_POLICY_NAME));
/*
* For new BGP advertisements, i.e. those that are created from non-BGP
* routes, an origin code must be set. By default, Juniper sets the origin
* code to IGP.
*/
If setOriginForNonBgp = new If();
Disjunction isBgp = new Disjunction();
isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.BGP));
isBgp.getDisjuncts().add(new MatchProtocol(RoutingProtocol.IBGP));
setOriginForNonBgp.setGuard(isBgp);
setOriginForNonBgp.getFalseStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
peerExportPolicy.getStatements().add(setOriginForNonBgp);
List<BooleanExpr> exportPolicyCalls = new ArrayList<>();
ig.getExportPolicies().forEach((exportPolicyName, exportPolicyLine) -> {
PolicyStatement exportPolicy = _policyStatements.get(exportPolicyName);
if (exportPolicy == null) {
undefined(JuniperStructureType.POLICY_STATEMENT, exportPolicyName, JuniperStructureUsage.BGP_EXPORT_POLICY, exportPolicyLine);
} else {
setPolicyStatementReferent(exportPolicyName, ig.getExportPolicies(), "BGP export policy for neighbor: " + ig.getRemoteAddress());
CallExpr callPolicy = new CallExpr(exportPolicyName);
exportPolicyCalls.add(callPolicy);
}
});
If peerExportPolicyConditional = new If();
DisjunctionChain exportPolicyChain = new DisjunctionChain(exportPolicyCalls);
peerExportPolicyConditional.setGuard(exportPolicyChain);
peerExportPolicyConditional.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
peerExportPolicyConditional.getFalseStatements().add(Statements.ExitReject.toStaticStatement());
peerExportPolicy.getStatements().add(peerExportPolicyConditional);
// inherit local-as
neighbor.setLocalAs(ig.getLocalAs());
if (neighbor.getLocalAs() == null) {
_w.redFlag("Missing local-as for neighbor: " + ig.getRemoteAddress());
continue;
}
/*
* inherit peer-as, or use local-as if internal
*
* Also set multipath
*/
if (ig.getType() == BgpGroupType.INTERNAL) {
neighbor.setRemoteAs(ig.getLocalAs());
boolean currentGroupMultipathIbgp = ig.getMultipath();
if (multipathIbgpSet && currentGroupMultipathIbgp != multipathIbgp) {
_w.redFlag("Currently do not support mixed iBGP multipath/non-multipath bgp groups on Juniper " + "- FORCING NON-MULTIPATH IBGP");
multipathIbgp = false;
} else {
multipathIbgp = currentGroupMultipathIbgp;
multipathIbgpSet = true;
}
} else {
neighbor.setRemoteAs(ig.getPeerAs());
boolean currentGroupMultipathEbgp = ig.getMultipath();
if (multipathEbgpSet && currentGroupMultipathEbgp != multipathEbgp) {
_w.redFlag("Currently do not support mixed eBGP multipath/non-multipath bgp groups on Juniper " + "- FORCING NON-MULTIPATH EBGP");
multipathEbgp = false;
} else {
multipathEbgp = currentGroupMultipathEbgp;
multipathEbgpSet = true;
}
}
// TODO: implement better behavior than setting default metric to 0
neighbor.setDefaultMetric(0);
// TODO: find out if there is a juniper equivalent of cisco
// send-community
neighbor.setSendCommunity(true);
// inherit update-source
Ip localIp = ig.getLocalAddress();
if (localIp == null) {
// peer
outerloop: for (org.batfish.datamodel.Interface iface : vrf.getInterfaces().values()) {
for (InterfaceAddress address : iface.getAllAddresses()) {
if (address.getPrefix().containsIp(ip)) {
localIp = address.getIp();
break outerloop;
}
}
}
}
if (localIp == null && _defaultAddressSelection) {
initFirstLoopbackInterface();
if (_lo0 != null) {
InterfaceAddress lo0Unit0Address = _lo0.getPrimaryAddress();
if (lo0Unit0Address != null) {
localIp = lo0Unit0Address.getIp();
}
}
}
if (localIp == null && ip.valid()) {
_w.redFlag("Could not determine local ip for bgp peering with neighbor ip: " + ip);
} else {
neighbor.setLocalIp(localIp);
}
if (neighbor.getGroup() == null || !_unreferencedBgpGroups.containsKey(neighbor.getGroup())) {
proc.getNeighbors().put(neighbor.getPrefix(), neighbor);
}
}
proc.setMultipathEbgp(multipathEbgpSet);
proc.setMultipathIbgp(multipathIbgp);
MultipathEquivalentAsPathMatchMode multipathEquivalentAsPathMatchMode = multipathMultipleAs ? MultipathEquivalentAsPathMatchMode.PATH_LENGTH : MultipathEquivalentAsPathMatchMode.FIRST_AS;
proc.setMultipathEquivalentAsPathMatchMode(multipathEquivalentAsPathMatchMode);
return proc;
}
Also used :
BgpProcess(org.batfish.datamodel.BgpProcess)
LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin)
Ip(org.batfish.datamodel.Ip)
ArrayList(java.util.ArrayList)
Vrf(org.batfish.datamodel.Vrf)
MultipathEquivalentAsPathMatchMode(org.batfish.datamodel.MultipathEquivalentAsPathMatchMode)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
CallExpr(org.batfish.datamodel.routing_policy.expr.CallExpr)
DisjunctionChain(org.batfish.datamodel.routing_policy.expr.DisjunctionChain)
BooleanExpr(org.batfish.datamodel.routing_policy.expr.BooleanExpr)
BgpAuthenticationSettings(org.batfish.datamodel.BgpAuthenticationSettings)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
SetDefaultPolicy(org.batfish.datamodel.routing_policy.statement.SetDefaultPolicy)
MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol)
Disjunction(org.batfish.datamodel.routing_policy.expr.Disjunction)
If(org.batfish.datamodel.routing_policy.statement.If)
Example 4 with LiteralOrigin
use of org.batfish.datamodel.routing_policy.expr.LiteralOrigin in project batfish by batfish.
the class CiscoConfiguration method bgpRedistributeWithEnvironmentExpr.
private WithEnvironmentExpr bgpRedistributeWithEnvironmentExpr(BooleanExpr expr, OriginType originType) {
WithEnvironmentExpr we = new WithEnvironmentExpr();
we.setExpr(expr);
we.getPreStatements().add(Statements.SetWriteIntermediateBgpAttributes.toStaticStatement());
we.getPostStatements().add(Statements.UnsetWriteIntermediateBgpAttributes.toStaticStatement());
we.getPostTrueStatements().add(Statements.SetReadIntermediateBgpAttributes.toStaticStatement());
we.getPostTrueStatements().add(new SetOrigin(new LiteralOrigin(originType, null)));
return we;
}
Also used :
LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin)
SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin)
WithEnvironmentExpr(org.batfish.datamodel.routing_policy.expr.WithEnvironmentExpr)
Example 5 with LiteralOrigin
use of org.batfish.datamodel.routing_policy.expr.LiteralOrigin in project batfish by batfish.
the class VirtualRouterTest method computeBgpAdvertisementsSentToOutsideIgp.
@Test
public void computeBgpAdvertisementsSentToOutsideIgp() {
RoutingPolicy exportPolicy = _routingPolicyBuilder.setStatements(ImmutableList.of(new SetOrigin(new LiteralOrigin(OriginType.INCOMPLETE, null)), _exitAcceptStatement)).build();
_bgpNeighborBuilder.setExportPolicy(exportPolicy.getName()).setRemoteAs(TEST_AS2).build();
_testVirtualRouter._mainRib.mergeRoute(new OspfInternalRoute.Builder().setNetwork(TEST_NETWORK).setMetric(TEST_METRIC).setArea(TEST_AREA).setAdmin(TEST_ADMIN).setProtocol(RoutingProtocol.OSPF).build());
// checking number of bgp advertisements
assertThat(_testVirtualRouter.computeBgpAdvertisementsToOutside(_ipOwners), equalTo(1));
BgpAdvertisement bgpAdvertisement = _testVirtualRouter._sentBgpAdvertisements.iterator().next();
// checking the attributes of the bgp advertisement
assertThat(bgpAdvertisement, hasDestinationIp(TEST_DEST_IP));
assertThat(bgpAdvertisement, hasNetwork(TEST_NETWORK));
assertThat(bgpAdvertisement, hasOriginatorIp(TEST_SRC_IP));
assertThat(bgpAdvertisement, hasType(BgpAdvertisementType.EBGP_SENT));
assertThat(bgpAdvertisement, hasSourceIp(TEST_SRC_IP));
}
Also used :
BgpAdvertisement(org.batfish.datamodel.BgpAdvertisement)
LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin)
OspfInternalRoute(org.batfish.datamodel.OspfInternalRoute)
SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
Test(org.junit.Test)
Aggregations
LiteralOrigin (org.batfish.datamodel.routing_policy.expr.LiteralOrigin)6
SetOrigin (org.batfish.datamodel.routing_policy.statement.SetOrigin)5
RoutingPolicy (org.batfish.datamodel.routing_policy.RoutingPolicy)4
BgpNeighbor (org.batfish.datamodel.BgpNeighbor)2
BgpProcess (org.batfish.datamodel.BgpProcess)2
InterfaceAddress (org.batfish.datamodel.InterfaceAddress)2
Ip (org.batfish.datamodel.Ip)2
MatchProtocol (org.batfish.datamodel.routing_policy.expr.MatchProtocol)2
If (org.batfish.datamodel.routing_policy.statement.If)2
Test (org.junit.Test)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
LinkedHashSet (java.util.LinkedHashSet)1
BatfishException (org.batfish.common.BatfishException)1
AsPath (org.batfish.datamodel.AsPath)1
BgpAdvertisement (org.batfish.datamodel.BgpAdvertisement)1
BgpAuthenticationSettings (org.batfish.datamodel.BgpAuthenticationSettings)1
Configuration (org.batfish.datamodel.Configuration)1
ConnectedRoute (org.batfish.datamodel.ConnectedRoute)1
IkeGateway (org.batfish.datamodel.IkeGateway)1
