From 0ec5a71a7c859cfd0a8e2881791089698d5ba506 Mon Sep 17 00:00:00 2001 From: Mihir Rajpal Date: Wed, 30 Apr 2025 16:41:45 -0400 Subject: [PATCH 1/3] BGP Changes --- .../openconfig-bgp-common-multiprotocol.yang | 20 ++++++++++++++++- .../bgp/openconfig-bgp-common-structure.yang | 8 ++++++- release/models/bgp/openconfig-bgp-common.yang | 8 ++++++- release/models/bgp/openconfig-bgp-global.yang | 22 ++++++++++++++++++- .../models/bgp/openconfig-bgp-neighbor.yang | 8 ++++++- .../models/bgp/openconfig-bgp-peer-group.yang | 8 ++++++- release/models/bgp/openconfig-bgp-policy.yang | 14 +++++++++++- release/models/bgp/openconfig-bgp.yang | 8 ++++++- 8 files changed, 88 insertions(+), 8 deletions(-) diff --git a/release/models/bgp/openconfig-bgp-common-multiprotocol.yang b/release/models/bgp/openconfig-bgp-common-multiprotocol.yang index 15221c4c8..bb629b992 100644 --- a/release/models/bgp/openconfig-bgp-common-multiprotocol.yang +++ b/release/models/bgp/openconfig-bgp-common-multiprotocol.yang @@ -24,7 +24,13 @@ submodule openconfig-bgp-common-multiprotocol { for multiple protocols in BGP. The groupings are common across multiple contexts."; - oc-ext:openconfig-version "9.9.0"; + oc-ext:openconfig-version "9.10.0"; + + revision "2025-04-13" { + description + "Add additional security features."; + reference "9.10.0"; + } revision "2025-03-30" { description @@ -495,6 +501,18 @@ submodule openconfig-bgp-common-multiprotocol { // placeholder for BGP-signalled VPLS specific configuration // options + leaf mac-limit { + type uint64; + description + "Maximum limit for size of mac table"; + } + + leaf enforce-split-horizon-rule { + type boolean; + // Default is device specific + description + "Indicates that the split-horizon rule should be followed for VPLS"; + } } } diff --git a/release/models/bgp/openconfig-bgp-common-structure.yang b/release/models/bgp/openconfig-bgp-common-structure.yang index e93941512..6155e5458 100644 --- a/release/models/bgp/openconfig-bgp-common-structure.yang +++ b/release/models/bgp/openconfig-bgp-common-structure.yang @@ -21,7 +21,13 @@ submodule openconfig-bgp-common-structure { "This sub-module contains groupings that are common across multiple BGP contexts and provide structure around other primitive groupings."; - oc-ext:openconfig-version "9.9.0"; + oc-ext:openconfig-version "9.10.0"; + + revision "2025-04-13" { + description + "Add additional security features."; + reference "9.10.0"; + } revision "2025-03-30" { description diff --git a/release/models/bgp/openconfig-bgp-common.yang b/release/models/bgp/openconfig-bgp-common.yang index f505bb7c9..747b633ae 100644 --- a/release/models/bgp/openconfig-bgp-common.yang +++ b/release/models/bgp/openconfig-bgp-common.yang @@ -24,7 +24,13 @@ submodule openconfig-bgp-common { may be application to a subset of global, peer-group or neighbor contexts."; - oc-ext:openconfig-version "9.9.0"; + oc-ext:openconfig-version "9.10.0"; + + revision "2025-04-13" { + description + "Add additional security features."; + reference "9.10.0"; + } revision "2025-03-30" { description diff --git a/release/models/bgp/openconfig-bgp-global.yang b/release/models/bgp/openconfig-bgp-global.yang index 3c059191e..5e751324b 100644 --- a/release/models/bgp/openconfig-bgp-global.yang +++ b/release/models/bgp/openconfig-bgp-global.yang @@ -27,7 +27,13 @@ submodule openconfig-bgp-global { "This sub-module contains groupings that are specific to the global context of the OpenConfig BGP module"; - oc-ext:openconfig-version "9.9.0"; + oc-ext:openconfig-version "9.10.0"; + + revision "2025-04-13" { + description + "Add additional security features."; + reference "9.10.0"; + } revision "2025-03-30" { description @@ -232,6 +238,20 @@ submodule openconfig-bgp-global { "RFC4271 - A Border Gateway Protocol 4 (BGP-4), Section 4.2"; } + + leaf enforce-peer-as-first-as { + type boolean; + default false; + description + "Ensure that the peer's AS is the first AS listed in the AS_PATH + attribute"; + } + + leaf max-prefixes { + type uint64; + description + "Maximum amount of prefixes allowed for this BGP instance"; + } } grouping bgp-global-state { diff --git a/release/models/bgp/openconfig-bgp-neighbor.yang b/release/models/bgp/openconfig-bgp-neighbor.yang index cb6d3afae..b684cb6c5 100644 --- a/release/models/bgp/openconfig-bgp-neighbor.yang +++ b/release/models/bgp/openconfig-bgp-neighbor.yang @@ -30,7 +30,13 @@ submodule openconfig-bgp-neighbor { "This sub-module contains groupings that are specific to the neighbor context of the OpenConfig BGP module."; - oc-ext:openconfig-version "9.9.0"; + oc-ext:openconfig-version "9.10.0"; + + revision "2025-04-13" { + description + "Add additional security features."; + reference "9.10.0"; + } revision "2025-03-30" { description diff --git a/release/models/bgp/openconfig-bgp-peer-group.yang b/release/models/bgp/openconfig-bgp-peer-group.yang index e33e717b9..810e046ab 100644 --- a/release/models/bgp/openconfig-bgp-peer-group.yang +++ b/release/models/bgp/openconfig-bgp-peer-group.yang @@ -25,7 +25,13 @@ submodule openconfig-bgp-peer-group { "This sub-module contains groupings that are specific to the peer-group context of the OpenConfig BGP module."; - oc-ext:openconfig-version "9.9.0"; + oc-ext:openconfig-version "9.10.0"; + + revision "2025-04-13" { + description + "Add additional security features."; + reference "9.10.0"; + } revision "2025-03-30" { description diff --git a/release/models/bgp/openconfig-bgp-policy.yang b/release/models/bgp/openconfig-bgp-policy.yang index a08c44b0d..643d513d4 100644 --- a/release/models/bgp/openconfig-bgp-policy.yang +++ b/release/models/bgp/openconfig-bgp-policy.yang @@ -838,7 +838,19 @@ module openconfig-bgp-policy { leaf-list as-path-set-member { // TODO: need to refine typedef for AS path expressions - type string; + type union { + type oc-inet:as-number; + type enumeration { + enum ANY_ONE { + description + "Matches one AS number of any value."; + } + enum ANY_ALL { + description + "Matches any number of AS numbers of any value."; + } + } + } description "AS path expression -- list of ASes in the set"; } diff --git a/release/models/bgp/openconfig-bgp.yang b/release/models/bgp/openconfig-bgp.yang index 8b480cd10..09cf0b4dc 100644 --- a/release/models/bgp/openconfig-bgp.yang +++ b/release/models/bgp/openconfig-bgp.yang @@ -68,7 +68,13 @@ module openconfig-bgp { whereas leaf not present inherits its value from the leaf present at the next higher level in the hierarchy."; - oc-ext:openconfig-version "9.9.0"; + oc-ext:openconfig-version "9.10.0"; + + revision "2025-04-13" { + description + "Add additional security features."; + reference "9.10.0"; + } revision "2025-03-30" { description From 801d080045bbb4376c0d098c20f68ae4c8ae5775 Mon Sep 17 00:00:00 2001 From: Mihir Rajpal Date: Thu, 1 May 2025 17:13:55 -0400 Subject: [PATCH 2/3] Bugfixes from automated checks --- .../openconfig-bgp-common-multiprotocol.yang | 29 +++++++--- release/models/bgp/openconfig-bgp-errors.yang | 8 ++- release/models/bgp/openconfig-bgp-policy.yang | 32 +++++------ release/models/bgp/openconfig-bgp-types.yang | 53 ++++++++++++++++++- 4 files changed, 97 insertions(+), 25 deletions(-) diff --git a/release/models/bgp/openconfig-bgp-common-multiprotocol.yang b/release/models/bgp/openconfig-bgp-common-multiprotocol.yang index bb629b992..5fae3cc42 100644 --- a/release/models/bgp/openconfig-bgp-common-multiprotocol.yang +++ b/release/models/bgp/openconfig-bgp-common-multiprotocol.yang @@ -483,6 +483,21 @@ submodule openconfig-bgp-common-multiprotocol { } } + grouping bgp-common-mp-l2vpn-vpls-group-config { + leaf mac-limit { + type uint64; + description + "Maximum limit for size of mac table"; + } + + leaf enforce-split-horizon-rule { + type boolean; + // Default is device specific + description + "Indicates that the split-horizon rule should be followed for VPLS"; + } + } + grouping bgp-common-mp-l2vpn-vpls-group { description "Group for BGP-signalled VPLS configuration options"; @@ -501,17 +516,15 @@ submodule openconfig-bgp-common-multiprotocol { // placeholder for BGP-signalled VPLS specific configuration // options - leaf mac-limit { - type uint64; + container config { description - "Maximum limit for size of mac table"; + "Configuration parameters relating to VPLS"; + uses bgp-common-mp-l2vpn-vpls-group-config; } - - leaf enforce-split-horizon-rule { - type boolean; - // Default is device specific + container state { description - "Indicates that the split-horizon rule should be followed for VPLS"; + "State relating to VPLS"; + uses bgp-common-mp-l2vpn-vpls-group-config; } } } diff --git a/release/models/bgp/openconfig-bgp-errors.yang b/release/models/bgp/openconfig-bgp-errors.yang index 53372afc7..3124a9a67 100644 --- a/release/models/bgp/openconfig-bgp-errors.yang +++ b/release/models/bgp/openconfig-bgp-errors.yang @@ -18,7 +18,13 @@ submodule openconfig-bgp-errors { "This module defines BGP NOTIFICATION message error codes and subcodes"; - oc-ext:openconfig-version "6.1.0"; + oc-ext:openconfig-version "6.2.0"; + + revision "2025-05-01" { + description + "Add additional security features."; + reference "6.2.0"; + } revision "2024-09-06" { description diff --git a/release/models/bgp/openconfig-bgp-policy.yang b/release/models/bgp/openconfig-bgp-policy.yang index 643d513d4..123ed5a70 100644 --- a/release/models/bgp/openconfig-bgp-policy.yang +++ b/release/models/bgp/openconfig-bgp-policy.yang @@ -28,7 +28,13 @@ module openconfig-bgp-policy { It augments the base routing-policy module with BGP-specific options for conditions and actions."; - oc-ext:openconfig-version "8.1.0"; + oc-ext:openconfig-version "8.2.0"; + + revision "2025-05-01" { + description + "Add additional security features."; + reference "8.2.0"; + } revision "2024-11-13" { description @@ -836,23 +842,19 @@ module openconfig-bgp-policy { the set in match conditions"; } + leaf-list as-path-set-member-range { + type oc-bgp-types:as-path-set-member-type; + description + "AS path expression -- list of ASes in the set."; + } + leaf-list as-path-set-member { // TODO: need to refine typedef for AS path expressions - type union { - type oc-inet:as-number; - type enumeration { - enum ANY_ONE { - description - "Matches one AS number of any value."; - } - enum ANY_ALL { - description - "Matches any number of AS numbers of any value."; - } - } - } + type string; + status deprecated; description - "AS path expression -- list of ASes in the set"; + "AS path expression -- list of ASes in the set. + Use the field above instead."; } } diff --git a/release/models/bgp/openconfig-bgp-types.yang b/release/models/bgp/openconfig-bgp-types.yang index 57b8e9b65..6825e646b 100644 --- a/release/models/bgp/openconfig-bgp-types.yang +++ b/release/models/bgp/openconfig-bgp-types.yang @@ -24,7 +24,13 @@ module openconfig-bgp-types { policy. It can be imported by modules that make use of BGP attributes"; - oc-ext:openconfig-version "6.1.0"; + oc-ext:openconfig-version "6.2.0"; + + revision "2025-05-01" { + description + "Add additional security features."; + reference "6.2.0"; + } revision "2024-09-06" { description @@ -657,6 +663,51 @@ module openconfig-bgp-types { draft-ietf-idr-link-bandwidth-07"; } + typedef as-path-set-member-type { + type union { + type oc-inet:as-number; + type string { + // Range + pattern '(429496729[0-5]|42949672[0-8][0-9]|4294967[0-1][0-9]{2}' + + '|429496[0-6][0-9]{3}|42949[0-5][0-9]{4}|4294[0-8][0-9]{5}|' + + '429[0-3][0-9]{6}|42[0-8][0-9]{7}|4[0-1][0-9]{8}|[1-3][0-9]{9}|' + + '0{0,8}[1-9][0-9]|0{0,7}[1-9][0-9]{2}|0{0,6}[1-9][0-9]{3}|' + + '0{0,5}[1-9][0-9]{4}|0{0,4}[1-9][0-9]{5}|0{0,3}[1-9][0-9]{6}|' + + '0{0,2}[1-9][0-9]{7}|0{0,1}[1-9][0-9]{8}|0{0,9}[0-9])\.\.' + + '(429496729[0-5]|42949672[0-8][0-9]|4294967[0-1][0-9]{2}' + + '|429496[0-6][0-9]{3}|42949[0-5][0-9]{4}|4294[0-8][0-9]{5}|' + + '429[0-3][0-9]{6}|42[0-8][0-9]{7}|4[0-1][0-9]{8}|[1-3][0-9]{9}|' + + '0{0,8}[1-9][0-9]|0{0,7}[1-9][0-9]{2}|0{0,6}[1-9][0-9]{3}|' + + '0{0,5}[1-9][0-9]{4}|0{0,4}[1-9][0-9]{5}|0{0,3}[1-9][0-9]{6}|' + + '0{0,2}[1-9][0-9]{7}|0{0,1}[1-9][0-9]{8}|0{0,9}[0-9])'; + oc-ext:posix-pattern '^(429496729[0-5]|42949672[0-8][0-9]|4294967[0-1][0-9]{2}' + + '|429496[0-6][0-9]{3}|42949[0-5][0-9]{4}|4294[0-8][0-9]{5}|' + + '429[0-3][0-9]{6}|42[0-8][0-9]{7}|4[0-1][0-9]{8}|[1-3][0-9]{9}|' + + '0{0,8}[1-9][0-9]|0{0,7}[1-9][0-9]{2}|0{0,6}[1-9][0-9]{3}|' + + '0{0,5}[1-9][0-9]{4}|0{0,4}[1-9][0-9]{5}|0{0,3}[1-9][0-9]{6}|' + + '0{0,2}[1-9][0-9]{7}|0{0,1}[1-9][0-9]{8}|0{0,9}[0-9])\.\.' + + '(429496729[0-5]|42949672[0-8][0-9]|4294967[0-1][0-9]{2}' + + '|429496[0-6][0-9]{3}|42949[0-5][0-9]{4}|4294[0-8][0-9]{5}|' + + '429[0-3][0-9]{6}|42[0-8][0-9]{7}|4[0-1][0-9]{8}|[1-3][0-9]{9}|' + + '0{0,8}[1-9][0-9]|0{0,7}[1-9][0-9]{2}|0{0,6}[1-9][0-9]{3}|' + + '0{0,5}[1-9][0-9]{4}|0{0,4}[1-9][0-9]{5}|0{0,3}[1-9][0-9]{6}|' + + '0{0,2}[1-9][0-9]{7}|0{0,1}[1-9][0-9]{8}|0{0,9}[0-9])$'; + } + type enumeration { + enum ANY_ONE { + description + "Matches one AS number of any value."; + } + enum ANY_ALL { + description + "Matches any number of AS numbers of any value."; + } + } + } + description + "Type definition for AS set member type."; + } + typedef bgp-ext-community-recv-type { type union { type bgp-ext-community-type; From 3d1c1c39e6efedd167ab3ffe91d23d0b6aa4eb97 Mon Sep 17 00:00:00 2001 From: Mihir Rajpal Date: Tue, 6 May 2025 20:28:59 -0400 Subject: [PATCH 3/3] Bugfixes from automated checks --- release/models/bgp/openconfig-bgp-common-multiprotocol.yang | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/release/models/bgp/openconfig-bgp-common-multiprotocol.yang b/release/models/bgp/openconfig-bgp-common-multiprotocol.yang index 5fae3cc42..4c41a914a 100644 --- a/release/models/bgp/openconfig-bgp-common-multiprotocol.yang +++ b/release/models/bgp/openconfig-bgp-common-multiprotocol.yang @@ -484,6 +484,9 @@ submodule openconfig-bgp-common-multiprotocol { } grouping bgp-common-mp-l2vpn-vpls-group-config { + description + "Configuration options for vpls."; + leaf mac-limit { type uint64; description @@ -524,6 +527,7 @@ submodule openconfig-bgp-common-multiprotocol { container state { description "State relating to VPLS"; + config false; uses bgp-common-mp-l2vpn-vpls-group-config; } }