Skip to content

route-map: T1124: Allow matching RPKI OVS extended community #4699

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 14, 2025
Merged

route-map: T1124: Allow matching RPKI OVS extended community #4699

merged 2 commits into from
Sep 14, 2025

Conversation

l0crian1
Copy link
Contributor

@l0crian1 l0crian1 commented Sep 6, 2025
edited
Loading

Change summary

This adds a matching condition in route-maps for the RPKI OVS extended community (RFC8097). This allows iBGP speakers in an AS to act on RPKI information without needing all routers to be connected to the cache server.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

https://vyos.dev/T1124

Related PR(s)

How to test / Smoketest result

Configure the route-map:

set policy route-map test rule 10 action 'permit'
set policy route-map test rule 10 match rpki-extcommunity 'valid'

Verify the route-map makes it into FRR correctly:

vyos# show running-config bgpd
Building configuration...

Current configuration:
!
frr version 10.2.4
frr defaults traditional
hostname vyos
log syslog
log facility local7
service integrated-vtysh-config
!
route-map test permit 10
 match rpki-extcommunity valid
exit
!
route-map test permit 20
exit
!
end

Smoketest Results:

test_access_list (__main__.TestPolicy.test_access_list) ... ok
test_access_list6 (__main__.TestPolicy.test_access_list6) ... ok
test_as_path_list (__main__.TestPolicy.test_as_path_list) ... ok
test_community_list (__main__.TestPolicy.test_community_list) ... ok
test_delete_ipv4_ipv6_table_id (__main__.TestPolicy.test_delete_ipv4_ipv6_table_id) ... ok
test_destination_ipv6_table_id (__main__.TestPolicy.test_destination_ipv6_table_id) ... ok
test_destination_table_id (__main__.TestPolicy.test_destination_table_id) ... ok
test_extended_community_list (__main__.TestPolicy.test_extended_community_list) ... ok
test_frr_individual_remove_T6283_T6250 (__main__.TestPolicy.test_frr_individual_remove_T6283_T6250) ... ok
test_fwmark_ipv6_table_id (__main__.TestPolicy.test_fwmark_ipv6_table_id) ... ok
test_fwmark_sources_destination_ipv6_table_id (__main__.TestPolicy.test_fwmark_sources_destination_ipv6_table_id) ... ok
test_fwmark_sources_destination_table_id (__main__.TestPolicy.test_fwmark_sources_destination_table_id) ... ok
test_fwmark_sources_ipv6_table_id (__main__.TestPolicy.test_fwmark_sources_ipv6_table_id) ... ok
test_fwmark_sources_table_id (__main__.TestPolicy.test_fwmark_sources_table_id) ... ok
test_fwmark_table_id (__main__.TestPolicy.test_fwmark_table_id) ... ok
test_iif_sources_ipv6_table_id (__main__.TestPolicy.test_iif_sources_ipv6_table_id) ... ok
test_iif_sources_table_id (__main__.TestPolicy.test_iif_sources_table_id) ... ok
test_ipv6_table_id (__main__.TestPolicy.test_ipv6_table_id) ... ok
test_large_community_list (__main__.TestPolicy.test_large_community_list) ... ok
test_multiple_commit_ipv4_table_id (__main__.TestPolicy.test_multiple_commit_ipv4_table_id) ... ok
test_prefix_list (__main__.TestPolicy.test_prefix_list) ... ok
test_prefix_list6 (__main__.TestPolicy.test_prefix_list6) ... ok
test_prefix_list_duplicates (__main__.TestPolicy.test_prefix_list_duplicates) ... ok
test_protocol_destination_table_id (__main__.TestPolicy.test_protocol_destination_table_id) ... ok
test_protocol_port_address_fwmark_table_id (__main__.TestPolicy.test_protocol_port_address_fwmark_table_id) ... ok
test_route_map (__main__.TestPolicy.test_route_map) ... ok
test_route_map_community_set (__main__.TestPolicy.test_route_map_community_set) ... ok
test_table_id (__main__.TestPolicy.test_table_id) ... ok

----------------------------------------------------------------------
Ran 28 tests in 666.164s

OK

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@l0crian1
route-map: T1124: Allow matching RPKI OVS extended community
f18935f 
- Added 'rpki-extcommunity' match condition
@l0crian1
route-map: T1124: Allow matching RPKI OVS extended community
4250ad5 
- Added test to test_policy.py smoketest for rpki-extcommunity match
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2025
edited
Loading

👍
No issues in PR Title / Commit Title

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2025

CI integration 👍 passed!

Details

CI logs

  • CLI Smoketests (no interfaces) 👍 passed
  • CLI Smoketests VPP 👍 passed
  • CLI Smoketests (interfaces only) 👍 passed
  • Config tests 👍 passed
  • Config tests VPP 👍 passed
  • RAID1 tests 👍 passed
  • TPM tests 👍 passed

sever-sever
sever-sever approved these changes Sep 7, 2025
View reviewed changes
Copy link
Member

@sever-sever sever-sever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add extend community option for the route-map RPKI

c-po
c-po approved these changes Sep 14, 2025
View reviewed changes
Copy link
Member

@c-po c-po left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice addition of existing code!

@c-po c-po merged commit eb3c880 into vyos:current Sep 14, 2025
17 of 18 checks passed
@c-po c-po added the bp/circinus Create automatic backport for circinus label Sep 14, 2025
@vyosbot vyosbot added mirror-initiated This PR initiated for mirror sync workflow mirror-completed and removed mirror-initiated This PR initiated for mirror sync workflow labels Sep 14, 2025
@c-po c-po added the bp/sagitta Create automatic backport for sagitta LTS version label Sep 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sever-sever sever-sever sever-sever approved these changes

@c-po c-po c-po approved these changes

Assignees

@l0crian1 l0crian1

Labels
bp/circinus Create automatic backport for circinus bp/sagitta Create automatic backport for sagitta LTS version current mirror-completed rebase
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@l0crian1 @sever-sever @c-po @vyosbot