bgpd: Optimize the outbound path if RFC8212 is applied

If we have (default enabled) enabled `bgp ebgp-require-policy`, then first check
it before applying the route-maps.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 7e5f8663a42dcdb135496a72e8840d33197a71eb..72e798a7e2c9735dae060bfc52f62c0f5cf85308 100644 (file)
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -2326,6 +2326,27 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi,
                        }
                }
 
+       /* RFC 8212 to prevent route leaks.
+        * This specification intends to improve this situation by requiring the
+        * explicit configuration of both BGP Import and Export Policies for any
+        * External BGP (EBGP) session such as customers, peers, or
+        * confederation boundaries for all enabled address families. Through
+        * codification of the aforementioned requirement, operators will
+        * benefit from consistent behavior across different BGP
+        * implementations.
+        */
+       if (CHECK_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY))
+               if (!bgp_outbound_policy_exists(peer, filter)) {
+                       if (monotime_since(&bgp->ebgprequirespolicywarning, NULL) >
+                                   FIFTEENMINUTE2USEC ||
+                           bgp->ebgprequirespolicywarning.tv_sec == 0) {
+                               zlog_warn("%pBP [Update:SEND] %pFX EBGP outbound policy not properly setup, please configure in order for your peering to work correctly",
+                                         peer, p);
+                               monotime(&bgp->ebgprequirespolicywarning);
+                       }
+                       return false;
+               }
+
        /* Output filter check. */
        if (bgp_output_filter(peer, p, piattr, afi, safi) == FILTER_DENY) {
                if (bgp_debug_update(NULL, p, subgrp->update_group, 0))
@@ -2580,27 +2601,6 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi,
        bgp_peer_remove_private_as(bgp, afi, safi, peer, attr);
        bgp_peer_as_override(bgp, afi, safi, peer, attr);
 
-       /* RFC 8212 to prevent route leaks.
-        * This specification intends to improve this situation by requiring the
-        * explicit configuration of both BGP Import and Export Policies for any
-        * External BGP (EBGP) session such as customers, peers, or
-        * confederation boundaries for all enabled address families. Through
-        * codification of the aforementioned requirement, operators will
-        * benefit from consistent behavior across different BGP
-        * implementations.
-        */
-       if (CHECK_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY))
-               if (!bgp_outbound_policy_exists(peer, filter)) {
-                       if (monotime_since(&bgp->ebgprequirespolicywarning,
-                                          NULL) > FIFTEENMINUTE2USEC ||
-                           bgp->ebgprequirespolicywarning.tv_sec == 0) {
-                               zlog_warn("%pBP [Update:SEND] %pFX EBGP outbound policy not properly setup, please configure in order for your peering to work correctly",
-                                         peer, p);
-                               monotime(&bgp->ebgprequirespolicywarning);
-                       }
-                       return false;
-               }
-
        /* draft-ietf-idr-deprecate-as-set-confed-set
         * Filter routes having AS_SET or AS_CONFED_SET in the path.
         * Eventually, This document (if approved) updates RFC 4271