bgpd: Disable sending ROV extended community by default

https://datatracker.ietf.org/doc/html/rfc8097 defines ROV extended community, but https://datatracker.ietf.org/doc/draft-ietf-sidrops-avoid-rpki-state-in-bgp is against sending it by default even for iBGP peers. Let's do this practice and reverse it. Signed-off-by: Donatas Abraitis <[email protected]>
FRRouting · Nov 19, 2024 · 8cc6359 · 8cc6359
1 parent 551e05b
commit 8cc6359
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 12 deletions.
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
@@ -19132,9 +19132,7 @@ static void bgp_config_write_peer_af(struct vty *vty, struct bgp *bgp,
 
 		if (peergroup_af_flag_check(peer, afi, safi,
 					    PEER_FLAG_SEND_EXT_COMMUNITY_RPKI))
-			vty_out(vty,
-				"  no neighbor %s send-community extended rpki\n",
-				addr);
+			vty_out(vty, "  neighbor %s send-community extended rpki\n", addr);
 	}
 
 	/* Default information */

diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
@@ -1565,19 +1565,13 @@ struct peer *peer_new(struct bgp *bgp)
 	/* Set default flags. */
 	FOREACH_AFI_SAFI (afi, safi) {
 		SET_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_COMMUNITY);
-		SET_FLAG(peer->af_flags[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY);
-		SET_FLAG(peer->af_flags[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+		SET_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_EXT_COMMUNITY);
 		SET_FLAG(peer->af_flags[afi][safi],
 			 PEER_FLAG_SEND_LARGE_COMMUNITY);
 
 		SET_FLAG(peer->af_flags_invert[afi][safi],
 			 PEER_FLAG_SEND_COMMUNITY);
-		SET_FLAG(peer->af_flags_invert[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY);
-		SET_FLAG(peer->af_flags_invert[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+		SET_FLAG(peer->af_flags_invert[afi][safi], PEER_FLAG_SEND_EXT_COMMUNITY);
 		SET_FLAG(peer->af_flags_invert[afi][safi],
 			 PEER_FLAG_SEND_LARGE_COMMUNITY);
 		peer->addpath_type[afi][safi] = BGP_ADDPATH_NONE;

diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst
@@ -1803,7 +1803,7 @@ Configuring Peers
    Send the extended RPKI communities to the peer. RPKI extended community
    can be send only to iBGP and eBGP-OAD peers.
 
-   Default: enabled.
+   Default: disabled.
 
 .. clicmd:: neighbor PEER weight WEIGHT
 

diff --git a/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf b/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf
@@ -9,6 +9,7 @@ router bgp 65002
  neighbor 192.168.4.4 timers connect 1
  address-family ipv4 unicast
   neighbor 192.168.4.4 next-hop-self
+  neighbor 192.168.4.4 send-community extended rpki
  exit-address-family
 !
 router bgp 65002 vrf vrf10