ipspace · ipspace · Sep 11, 2024 · Sep 11, 2024 · Sep 11, 2024
diff --git a/netsim/ansible/templates/routing/srlinux.j2 b/netsim/ansible/templates/routing/srlinux.j2
@@ -1,20 +1,54 @@
 updates:
+{#
+    Prefix filters
+#}
+{% for pf_name,pf_list in routing.prefix|default({})|items %}
+- path: /routing-policy/prefix-set[name={{ pf_name }}]
+  value:
+    prefix:
+{%   for p_entry in pf_list %}{# Iterate over prefix list entries #}
+{%     for p_af in af if p_af in p_entry %}{# Iterate over address families in the prefix list entry #}
+    - ip-prefix: {{ p_entry[p_af] }}
+{%     if p_entry.min[p_af] is defined or p_entry.max[p_af] is defined %}
+      mask-length-range: {{ 
+        p_entry.min[p_af]|default(p_entry[p_af]|ipaddr('prefix')) }}..{{ 
+        p_entry.max[p_af]|default(32 if p_af == 'ipv4' else 128) }}
+{%     else %}
+      mask-length-range: exact
+{%     endif %}
+{%     endfor %}
+{%   endfor %}
+{% endfor %}
+
+{#
+    Routing policies
+#}
 {% for rp_name,rp_list in routing.policy|default({})|items %}
 - path: /routing-policy/policy[name={{ rp_name }}]
   value:
-   statement:
-{%  for entry in rp_list %}
-   - name: rpe_{{ entry.sequence }}
-     action:
-      policy-result: accept
-      bgp:
-{%    if 'locpref' in entry.set %}
-       local-preference:
-        set: {{ entry.set.locpref }}
-{%    endif %}
-{%    if 'med' in entry.set %}
-       med:
-        set: {{ entry.set.med }}
-{%    endif %}
-{%  endfor %}
+    default-action:
+      policy-result: reject
+    statement:
+{%   for entry in rp_list %}
+    - name: rpe_{{ entry.sequence }}
+{%     if 'match' in entry %}
+      match:
+{%       if entry.match.prefix is defined %}
+        prefix-set: {{ entry.match.prefix }}
+{%       endif %}
+{%     endif %}
+      action:
+        policy-result: {{ 'accept' if entry.action == 'permit' else 'reject' }}
+{%     if entry.set.locpref is defined or entry.set.med is defined %}
+        bgp:
+{%       if 'locpref' in entry.set %}
+          local-preference:
+            set: {{ entry.set.locpref }}
+{%       endif %}
+{%       if 'med' in entry.set %}
+          med:
+            set: {{ entry.set.med }}
+{%       endif %}
+{%     endif %}
+{%   endfor %}
 {% endfor %}
diff --git a/netsim/devices/srlinux.py b/netsim/devices/srlinux.py
@@ -9,6 +9,16 @@
 from . import _Quirks,need_ansible_collection
 from ..utils import log
 
+def check_prefix_deny(node: Box) -> None:
+  for pf_name,pf_list in node.get('routing.prefix',{}).items():
+    for p_entry in pf_list:
+      if p_entry.get('action',None) == 'deny':
+        log.error(
+          f'SR Linux does not support "deny" action in prefix filters (node {node.name} prefix filter {pf_name})',
+          log.IncorrectValue,
+          'quirks')
+        break
+
 class SRLINUX(_Quirks):
 
   @classmethod
@@ -26,7 +36,7 @@ def device_quirks(self, node: Box, topology: Box) -> None:
             if len(vrf['import']) > 1 or len(vrf['export']) > 1:
               if 'evpn' not in mods:
                 log.error(
-                    f'Inter-VRF route leaking on ({node.name}) only supported in combination with BGP EVPN.\n',
+                    f'Inter-VRF route leaking on ({node.name}) only supported in combination with BGP EVPN',
                     log.IncorrectType,
                     'quirks')
                 break
@@ -42,7 +52,7 @@ def device_quirks(self, node: Box, topology: Box) -> None:
       for c,vals in topology.get('bgp.community',[]).items():
         if 'extended' not in vals:
            log.error(
-              f'SR Linux on ({node.name}) does not support filtering out extended communities for BGP. {c}:{vals}\n',
+              f'SR Linux on ({node.name}) does not support filtering out extended communities for BGP. {c}:{vals}',
               Warning,
               'quirks')
 
@@ -53,5 +63,8 @@ def device_quirks(self, node: Box, topology: Box) -> None:
           log.IncorrectValue,
           'quirks')
 
+    if 'routing' in mods and node.get('routing.prefix',None):
+      check_prefix_deny(node)
+
   def check_config_sw(self, node: Box, topology: Box) -> None:
     need_ansible_collection(node,'nokia.srlinux',version='0.5.0')
diff --git a/netsim/devices/srlinux.yml b/netsim/devices/srlinux.yml
@@ -64,7 +64,10 @@ features:
     default: true
   routing:
     policy:
+      match:
+        prefix: True
       set: [ locpref, med ]
+    prefix: True
   sr: True
   vlan:
     model: router

diff --git a/netsim/extra/bgp.policy/srlinux.j2 b/netsim/extra/bgp.policy/srlinux.j2
@@ -6,9 +6,13 @@
 - path: /network-instance[name={{vrf}}]/protocols/bgp/group[group-name=intf-{{ n.local_if }}]/{{ p_path }}
 {%     else %}
 - path: /network-instance[name={{vrf}}]/protocols/bgp/neighbor[peer-address={{ n[af]|ipaddr('address') }}]/{{ p_path }}
-{% endif %}
+{%     endif %}
+{%     if direction == 'out' %}
   value: [ {{ vrf }}_bgp_export, {{ n.policy[direction] }} ]
-{% endfor %}
+{%     else %}
+  value: [ {{ n.policy[direction] }} ]
+{%     endif %}
+{%   endfor %}
 {%- endmacro %}
 
 replace: