bgpd: Enable enforce-first-as by default

It's been for a while disabled by default, but this seems reasonable to flip it. We had `bgp enforce-first-as` as a global BGP knob to enable/disable this behavior globally, later we introduced `enforce-first-as` per neighbor, with disabled by default. Now let's enable this by default. Signed-off-by: Donatas Abraitis <[email protected]>
FRRouting · Oct 26, 2023 · 74682f9 · 74682f9
1 parent a709218
commit 74682f9
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 10 deletions.
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
@@ -17973,8 +17973,8 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp,
 			addr);
 
 	/* enforce-first-as */
-	if (peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS))
-		vty_out(vty, " neighbor %s enforce-first-as\n", addr);
+	if (!peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS))
+		vty_out(vty, " no neighbor %s enforce-first-as\n", addr);
 
 	/* update-source */
 	if (peergroup_flag_check(peer, PEER_FLAG_UPDATE_SOURCE)) {

diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
@@ -1491,6 +1491,8 @@ struct peer *peer_new(struct bgp *bgp)
 
 	SET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
 
+	SET_FLAG(peer->flags, PEER_FLAG_ENFORCE_FIRST_AS);
+
 	/* Initialize per peer bgp GR FSM */
 	bgp_peer_gr_init(peer);
 
@@ -2860,6 +2862,13 @@ static void peer_group2peer_config_copy(struct peer_group *group,
 			SET_FLAG(peer->flags,
 				 PEER_FLAG_CAPABILITY_SOFT_VERSION);
 
+	/* enforce-first-as */
+	if (!CHECK_FLAG(peer->flags_override,
+			PEER_FLAG_ENFORCE_FIRST_AS))
+		if (CHECK_FLAG(conf->flags, PEER_FLAG_ENFORCE_FIRST_AS))
+			SET_FLAG(peer->flags,
+				 PEER_FLAG_ENFORCE_FIRST_AS);
+
 	/* password apply */
 	if (!CHECK_FLAG(peer->flags_override, PEER_FLAG_PASSWORD))
 		PEER_STR_ATTR_INHERIT(peer, group, password,

diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst
@@ -1526,7 +1526,7 @@ Configuring Peers
    Discard updates received from the specified (eBGP) peer if the AS_PATH
    attribute does not contain the PEER's ASN as the first AS_PATH segment.
 
-   Default: disabled.
+   Default: enabled.
 
 .. clicmd:: neighbor PEER extended-optional-parameters
 

diff --git a/tests/bgpd/test_peer_attr.c b/tests/bgpd/test_peer_attr.c
@@ -296,11 +296,6 @@ static struct test_peer_attr test_peer_attrs[] = {
 		.u.flag = PEER_FLAG_DONT_CAPABILITY,
 		.type = PEER_AT_GLOBAL_FLAG,
 	},
-	{
-		.cmd = "enforce-first-as",
-		.u.flag = PEER_FLAG_ENFORCE_FIRST_AS,
-		.type = PEER_AT_GLOBAL_FLAG,
-	},
 	{
 		.cmd = "local-as",
 		.peer_cmd = "local-as 1",

diff --git a/tests/bgpd/test_peer_attr.py b/tests/bgpd/test_peer_attr.py
@@ -15,7 +15,6 @@ class TestFlag(frrtest.TestMultiOut):
 TestFlag.okfail("peer\\description")
 TestFlag.okfail("peer\\disable-connected-check")
 TestFlag.okfail("peer\\dont-capability-negotiate")
-TestFlag.okfail("peer\\enforce-first-as")
 TestFlag.okfail("peer\\local-as")
 TestFlag.okfail("peer\\local-as 1 no-prepend")
 TestFlag.okfail("peer\\local-as 1 no-prepend replace-as")

diff --git a/yang/frr-bgp-neighbor.yang b/yang/frr-bgp-neighbor.yang
@@ -76,7 +76,7 @@ submodule frr-bgp-neighbor {
 
     leaf enforce-first-as {
       type boolean;
-      default "false";
+      default "true";
       description
         "When set to 'true' it will enforce the first AS for EBGP routes.";
     }