bgp: leak prevention rfc9234#120
Open
Paul-weqe wants to merge 7 commits into
Open
Conversation
- introduced the role to the capability header folowing the respective RoleName enum value. - add role to NeighborConfig. This can so far be modified via the bgp::neighbors::neighbor::role::PATH. This will be changed to bgp::neighbors::neighbor::roles::role::PATH. - TryFromYang implementation for RoleName has been completed. Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
Additional items: - decoding of Capability::Role successfully. - Customized errors for BGP Role. - Verification added for allowed role correctness Specified here: https://www.rfc-editor.org/rfc/rfc9234#name-role-correctness - Add delete_apply for roles configuration. - Yang description for the role list on bgp augmentation. Discarded items: - no-role field in role. Replaced with Option<Role> in configuration. Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
- Add BGP Notification when there is a Role Mismatch. - Add remote_role to the Neighbor info. - change nbr_role naming to remote_role. - Add RoleMismatch Error Subcode. Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
- Introduce the Only To Customer (OTC) optional transitive attribute. - Move RoleName to holo-utils/bgp.rs Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
Make sure the OTC is added before route is sent to Customer, peer or RS-Client. Additional check for if route is locally originated has been added. Move the RoleName to iana file. Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
Add strict mode as defined in RFC 9234. When enabled, Neighbor must also send their local role for BGP session to be established. Additionally, Undefined role has been introduced. Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
Paul-weqe
added a commit
to holo-routing/holo-munet-topologies
that referenced
this pull request
Apr 18, 2026
Add topology for verification of RFC 9234. Meant to be tested alongside: holo-routing/holo#120 once it is implemented. Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
c1d674b to
07b38b8
Compare
Member
Author
|
Squashed the two conformance test commits: one modifying the existing conformance tests output and the other introducing a new conformance test for Role verification. PR Is officially ready for review. |
07b38b8 to
e9d7ced
Compare
- Update existing conformance tests coming with changes made on implementation of route leak prevention. - Introduce new conformance topology (topo1-1) for BGP. Additional information can be found in holo-routing/holo-munet-topologies#7 Signed-off-by: Paul Wekesa <paul1tw1@gmail.com>
e9d7ced to
875ea7d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replacing #109 which had become messy with a cleaner PR.
This PR implements RFC 9234 which introdoces BGP roles (Customer, Provider, Peer, RS and RS-Client) to prevent leak prevention.
Confirmance tests have been updated accordingly.