-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for "Dynamic ASN" #194
Conversation
5014502
to
a596472
Compare
// internal - if the neighbor's ASN is different than the router's the connection is denied. | ||
// external - if the neighbor's ASN is the same as the router's the connection is denied. | ||
// ASN and DynamicASN are mutually exclusive and one of them must be specified. | ||
// +kubebuilder:validation:Enum=internal;external |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we enforce the mutual exclusivity (or -ness) with CEL rules?
https://kubernetes.io/docs/reference/using-api/cel/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tried for a while, did not go so well 😅 I guess we can tackle it in a different time (applies for password and passwordSecret as well)
return false | ||
} | ||
|
||
if asn == "internal" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's either have a comment saying that all these ifs mean it's external (or wrap in a "isEBGP" helper)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Add the field to support FRR's automatic ASN detection (https://docs.frrouting.org/en/latest/bgp.html#clicmd-neighbor-PEER-remote-as-internal). Dynamic ASN is not an official name of this feature, but should be understandable. Modifying the original ASN field to be IntOrString was considered but left out since IntOrString is actually Int32OrString, and we explicitly need 32 bits (uint32) for the ASN. Signed-off-by: Ori Braunshtein <[email protected]>
Signed-off-by: Ori Braunshtein <[email protected]>
Signed-off-by: Ori Braunshtein <[email protected]>
Signed-off-by: Ori Braunshtein <[email protected]>
lgtm |
Is this a BUG FIX or a FEATURE ?:
/kind feature
What this PR does / why we need it:
Adds support for FRR's "Dynamic ASN", allowing users to specify whether the peer is ibgp or ebgp without explicitly setting its asn. Leverages https://docs.frrouting.org/en/latest/bgp.html#clicmd-neighbor-PEER-remote-as-internal
Release note: