NSXv BGP: Adding IP address check for ESG BGP peer

This patch adds a check that specified BGP peer ip address matches one of the corresponding ESG interfaces. Change-Id: Id106e7560cf314d5a24559581d5586183c862a5f
2017-05-25 03:34:40 -07:00 · 2017-05-25 03:34:40 -07:00 · d996c63b9f
parent b99b129132
commit d996c63b9f
2 changed files with 14 additions and 0 deletions
--- a/vmware_nsx/extensions/edge_service_gateway_bgp_peer.py
+++ b/vmware_nsx/extensions/edge_service_gateway_bgp_peer.py
@ -65,6 +65,11 @@ class ExternalSubnetHasGW(nexception.InvalidInput):
                "BGP on the network.")


+class EsgInternalIfaceDoesNotMatch(nexception.InvalidInput):
+    message = _("Given BGP peer IP address doesn't match "
+                "any interface on ESG '%(esg_id)s'")
+
+
 class Edge_service_gateway_bgp_peer(extensions.ExtensionDescriptor):
    """Extension class to allow identifying of-peer with specificN SXv edge
    service gateway.
--- a/vmware_nsx/services/dynamic_routing/nsx_v/driver.py
+++ b/vmware_nsx/services/dynamic_routing/nsx_v/driver.py
@ -249,6 +249,15 @@ class NSXvBgpDriver(object):
            raise ext_esg_peer.EsgRemoteASDoNotMatch(remote_as=remote_as,
                                                     esg_id=esg_id,
                                                     esg_as=esg_as)
+        h, resp = self._nsxv.vcns.get_interfaces(esg_id)
+        for iface in resp['vnics']:
+            address_groups = iface['addressGroups']['addressGroups']
+            matching_iface = [ag for ag in address_groups
+                              if ag['primaryAddress'] == bgp_peer['peer_ip']]
+            if matching_iface:
+                break
+        else:
+            raise ext_esg_peer.EsgInternalIfaceDoesNotMatch(esg_id=esg_id)

    def create_bgp_peer(self, context, bgp_peer):
        bgp_peer = bgp_peer['bgp_peer']