Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(bgp): add custom BGP import rejection policy support via node annotation #1153

Merged
merged 2 commits into from
Mar 23, 2022
Merged

feat(bgp): add custom BGP import rejection policy support via node annotation #1153

merged 2 commits into from
Mar 23, 2022

Conversation

lucasmundim
Copy link
Contributor

fixes #586 adding another option for protecting required routes.

@lucasmundim lucasmundim force-pushed the custom_import_policy branch from 12ded80 to 057a42b Compare August 14, 2021 00:04
@aauren
Copy link
Collaborator

aauren commented Aug 17, 2021

Thanks for submitting this @lucasmundim. We're still focusing on bug fixes for the 1.3 release for a bit, but as we look towards features for 1.4 we'll take a look then. I've added it to the 1.4 project that we use to sort features and requests for the next release.

lucasmundim and others added 2 commits March 18, 2022 16:05
@lucasmundim @aauren
feat(bgp): add custom BGP import rejection policy support via node an…
602b9fc 
…notation
@aauren
fix(customimportreject): reject all in subnet
c2d6e9a 
Changes the custom import reject annotation support to not only block
the given subnet exactly, but also all subnets of the subnet given.

For example, this change blocks 10.100.100.0/24 when customimportreject
annotation has 10.100.0.0/16 in it.
@aauren aauren force-pushed the custom_import_policy branch from 057a42b to c2d6e9a Compare March 18, 2022 21:15
@aauren
Copy link
Collaborator

aauren commented Mar 18, 2022

@lucasmundim Thanks for this work! Apologies that this took so long to get back to!

Everything looked pretty much spot on and I think that this fits well with the intention behind the bug fix reported in #586. I've gone ahead and rebased it and pushed it back to your branch.

Additionally, in my testing, I found that it wasn't blocking subnets of the ones defined in customimportreject. For instance, if someone added the subnet 10.100.0.0/16 to the annotation, it would block 10.100.0.0/16, but it would allow things like 10.100.1.0/24 or 10.100.1.1/32.

I don't think that was your intention, so I added another commit that rejects all subnets of subnets that are defined in the annotation.

If you can, please take a look and let me know what you think. Assuming you're good with the change, we can merge this.

@lucasmundim
Copy link
Contributor Author

@aauren Hi, I agree with your suggestion as this should be the expected behavior. Thanks.

@aauren aauren merged commit 3771745 into cloudnativelabs:master Mar 23, 2022
@aauren
Copy link
Collaborator

aauren commented Mar 23, 2022

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

eBGP import policy options
2 participants
@lucasmundim @aauren