Azure · weimingx · May 8, 2026 · May 27, 2026
@@ -1,46 +1,5 @@
-!
-! template: bgpd/templates/general/instance.conf.j2
-!
-  neighbor {{ neighbor_addr }} remote-as {{ bgp_session['asn'] }}
-  neighbor {{ neighbor_addr }} description {{ bgp_session['name'] }}
-{# set the bgp neighbor timers if they have not default values #}
-{% if     (bgp_session['keepalive'] is defined and bgp_session['keepalive'] | int != 60)
-      or  (bgp_session['holdtime'] is defined  and bgp_session['holdtime']  | int != 180) %}
-  neighbor {{ neighbor_addr }} timers {{ bgp_session['keepalive'] | default("60") }} {{ bgp_session['holdtime'] | default("180") }}
-{% endif %}
-  neighbor {{ neighbor_addr }} timers connect 10
-!
-{% if 'admin_status' in bgp_session and bgp_session['admin_status'] == 'down' or 'admin_status' not in bgp_session and 'default_bgp_status' in CONFIG_DB__DEVICE_METADATA['localhost'] and CONFIG_DB__DEVICE_METADATA['localhost']['default_bgp_status'] == 'down' %}
-  neighbor {{ neighbor_addr }} shutdown
-{% endif %}
-!
-{% if neighbor_addr | ipv4 %}
-  address-family ipv4
-    neighbor {{ neighbor_addr }} peer-group PEER_V4
-!
-{% elif neighbor_addr | ipv6 %}
-  address-family ipv6
-    neighbor {{ neighbor_addr }} peer-group PEER_V6
-!
-{% endif %}
-!
-{%   if 'rrclient' in bgp_session and bgp_session['rrclient'] | int != 0 %}
-    neighbor {{ neighbor_addr }} route-reflector-client
-{%   endif %}
-!
-{%   if 'nhopself' in bgp_session and bgp_session['nhopself'] | int != 0 %}
-    neighbor {{ neighbor_addr }} next-hop-self
-{%   endif %}
-!
-    neighbor {{ neighbor_addr }} activate
-  exit-address-family
-!
-{% if bgp_session["asn"] == bgp_asn and CONFIG_DB__DEVICE_METADATA['localhost']['type'] == "SpineChassisFrontendRouter" %}
-  address-family l2vpn evpn
-    neighbor {{ neighbor_addr }} activate
-    advertise-all-vni
-  exit-address-family
-{% endif %}
+{% from "bgpd/templates/general/router.j2" import general_routing with context %}
+{{ general_routing("instance") }}
 !
 ! end of template: bgpd/templates/general/instance.conf.j2
 !
@@ -0,0 +1,46 @@
+!
+! template: bgpd/templates/general/instance.conf.j2
+!
+  neighbor {{ neighbor_addr }} remote-as {{ bgp_session['asn'] }}
+  neighbor {{ neighbor_addr }} description {{ bgp_session['name'] }}
+{# set the bgp neighbor timers if they have not default values #}
+{% if     (bgp_session['keepalive'] is defined and bgp_session['keepalive'] | int != 60)
+      or  (bgp_session['holdtime'] is defined  and bgp_session['holdtime']  | int != 180) %}
+  neighbor {{ neighbor_addr }} timers {{ bgp_session['keepalive'] | default("60") }} {{ bgp_session['holdtime'] | default("180") }}
+{% endif %}
+  neighbor {{ neighbor_addr }} timers connect 10
+!
+{% if 'admin_status' in bgp_session and bgp_session['admin_status'] == 'down' or 'admin_status' not in bgp_session and 'default_bgp_status' in CONFIG_DB__DEVICE_METADATA['localhost'] and CONFIG_DB__DEVICE_METADATA['localhost']['default_bgp_status'] == 'down' %}
+  neighbor {{ neighbor_addr }} shutdown
+{% endif %}
+!
+{% if neighbor_addr | ipv4 %}
+  address-family ipv4
+    neighbor {{ neighbor_addr }} peer-group PEER_V4
+!
+{% elif neighbor_addr | ipv6 %}
+  address-family ipv6
+    neighbor {{ neighbor_addr }} peer-group PEER_V6
+!
+{% endif %}
+!
+{%   if 'rrclient' in bgp_session and bgp_session['rrclient'] | int != 0 %}
+    neighbor {{ neighbor_addr }} route-reflector-client
+{%   endif %}
+!
+{%   if 'nhopself' in bgp_session and bgp_session['nhopself'] | int != 0 %}
+    neighbor {{ neighbor_addr }} next-hop-self
+{%   endif %}
+!
+    neighbor {{ neighbor_addr }} activate
+  exit-address-family
+!
+{% if bgp_session["asn"] == bgp_asn and CONFIG_DB__DEVICE_METADATA['localhost']['type'] == "SpineChassisFrontendRouter" %}
+  address-family l2vpn evpn
+    neighbor {{ neighbor_addr }} activate
+    advertise-all-vni
+  exit-address-family
+{% endif %}
+!
+! end of template: bgpd/templates/general/instance.conf.j2
+!
@@ -0,0 +1,38 @@
+!
+! template: bgpd/templates/general/peer-group.conf.j2
+!
+  neighbor PEER_V4 peer-group
+  neighbor PEER_V6 peer-group
+  address-family ipv4
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'ToRRouter' %}
+    neighbor PEER_V4 allowas-in 1
+{% elif CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'LeafRouter' %}
+{%   if CONFIG_DB__BGP_BBR['status'] == 'enabled' %}
+    neighbor PEER_V4 allowas-in 1
+{%   endif %}
+{% endif %}
+    neighbor PEER_V4 soft-reconfiguration inbound
+    neighbor PEER_V4 route-map FROM_BGP_PEER_V4 in
+    neighbor PEER_V4 route-map TO_BGP_PEER_V4 out
+{% if (CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC') or CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'UpperSpineRouter' %}
+    table-map SELECTIVE_ROUTE_DOWNLOAD_V4
+{% endif %}
+  exit-address-family
+  address-family ipv6
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'ToRRouter' %}
+    neighbor PEER_V6 allowas-in 1
+{% elif CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'LeafRouter' %}
+{%   if CONFIG_DB__BGP_BBR['status'] == 'enabled' %}
+    neighbor PEER_V6 allowas-in 1
+{%   endif %}
+{% endif %}
+    neighbor PEER_V6 soft-reconfiguration inbound
+    neighbor PEER_V6 route-map FROM_BGP_PEER_V6 in
+    neighbor PEER_V6 route-map TO_BGP_PEER_V6 out
+{% if (CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC') or CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'UpperSpineRouter' %}
+    table-map SELECTIVE_ROUTE_DOWNLOAD_V6
+{% endif %}
+  exit-address-family
+!
+! end of template: bgpd/templates/general/peer-group.conf.j2
+!
@@ -0,0 +1,144 @@
+!
+! template: bgpd/templates/general/policies.conf.j2
+!
+!
+ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0
+ipv6 prefix-list DEFAULT_IPV6 permit ::/0
+!
+{% if constants.bgp.allow_list is defined and constants.bgp.allow_list.enabled is defined and constants.bgp.allow_list.enabled and constants.bgp.allow_list.drop_community is defined %}
+!
+!
+! please don't remove. 65535 entries are default rules
+! which works when allow_list is enabled, but new configuration
+! is not applied
+!
+{%   if allow_list_default_action == 'deny' %}
+!
+route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
+  set community no-export additive
+!
+route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
+  set community no-export additive
+{%   else %}
+!
+route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
+  set community {{ constants.bgp.allow_list.drop_community }} additive
+!
+route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
+  set community {{ constants.bgp.allow_list.drop_community }} additive
+{%   endif %}
+!
+bgp community-list standard allow_list_default_community permit no-export
+bgp community-list standard allow_list_default_community permit {{ constants.bgp.allow_list.drop_community }}
+!
+route-map FROM_BGP_PEER_V4 permit 10
+  call ALLOW_LIST_DEPLOYMENT_ID_0_V4
+  on-match next
+!
+route-map FROM_BGP_PEER_V4 permit 11
+  match community allow_list_default_community
+{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %}
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %}
+  on-match next
+!
+route-map FROM_BGP_PEER_V4 permit 12
+  match ip address prefix-list DEFAULT_IPV4
+!
+route-map FROM_BGP_PEER_V4 permit 13
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] != 'chassis-packet' %}
+  set tag {{ constants.bgp.route_do_not_send_appdb_tag }}
+{% else %}
+  set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }}
+{% endif %}
+  set community {{ constants.bgp.internal_fallback_community }} additive
+{% endif %}
+{% endif %}
+!
+route-map FROM_BGP_PEER_V6 permit 10
+  call ALLOW_LIST_DEPLOYMENT_ID_0_V6
+  on-match next
+!
+route-map FROM_BGP_PEER_V6 permit 11
+  match community allow_list_default_community
+{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %}
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %}
+  on-match next
+!
+route-map FROM_BGP_PEER_V6 permit 12
+  match ipv6 address prefix-list DEFAULT_IPV6
+!
+route-map FROM_BGP_PEER_V6 permit 13
+{% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] != 'chassis-packet' %}
+  set tag {{ constants.bgp.route_do_not_send_appdb_tag }}
+{% else %}
+  set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }}
+{% endif %}
+  set community {{ constants.bgp.internal_fallback_community }} additive
+{% endif %}
+{% endif %}
+!
+{% endif %}
+!
+!
+!
+route-map FROM_BGP_PEER_V4 permit 100
+!
+route-map TO_BGP_PEER_V4 permit 100
+  call CHECK_IDF_ISOLATION
+!
+!
+route-map FROM_BGP_PEER_V6 permit 1
+ on-match next
+ set ipv6 next-hop prefer-global
+!
+route-map FROM_BGP_PEER_V6 permit 100
+!
+route-map TO_BGP_PEER_V6 permit 100
+  call CHECK_IDF_ISOLATION
+!
+route-map CHECK_IDF_ISOLATION permit 10
+!
+!
+!
+{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] %}
+{% if (CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC') or
+CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'UpperSpineRouter' %}
+bgp community-list standard ANCHOR_ROUTE_COMMUNITY permit {{ constants.bgp.anchor_route_community }}
+bgp community-list standard LOCAL_ANCHOR_ROUTE_COMMUNITY permit {{ constants.bgp.local_anchor_route_community }}
+bgp community-list standard ANCHOR_CONTRIBUTING_ROUTE_COMMUNITY permit {{ constants.bgp.anchor_contributing_route_community }}
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V4 deny 10
+  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V4 permit 1000
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V6 deny 10
+  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
+!
+route-map SELECTIVE_ROUTE_DOWNLOAD_V6 permit 1000
+!
+route-map TAG_ANCHOR_COMMUNITY permit 10
+  set community {{ constants.bgp.local_anchor_route_community }} {{ constants.bgp.anchor_route_community }} additive
+!
+route-map TO_BGP_PEER_V6 permit 50
+  match ipv6 address prefix-list ANCHOR_CONTRIBUTING_ROUTES
+  set community {{ constants.bgp.anchor_contributing_route_community }} additive
+  on-match next
+!
+route-map TO_BGP_PEER_V6 permit 60
+  set comm-list LOCAL_ANCHOR_ROUTE_COMMUNITY delete
+  on-match next
+!
+route-map TO_BGP_PEER_V4 permit 50
+  match ip address prefix-list ANCHOR_CONTRIBUTING_ROUTES
+  set community {{ constants.bgp.anchor_contributing_route_community }} additive
+  on-match next
+!
+route-map TO_BGP_PEER_V4 permit 60
+  set comm-list LOCAL_ANCHOR_ROUTE_COMMUNITY delete
+  on-match next
+!
+{% endif %}
+{% endif %}
+! end of template: bgpd/templates/general/policies.conf.j2
+!
@@ -1,38 +1,5 @@
-!
-! template: bgpd/templates/general/peer-group.conf.j2
-!
-  neighbor PEER_V4 peer-group
-  neighbor PEER_V6 peer-group
-  address-family ipv4
-{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'ToRRouter' %}
-    neighbor PEER_V4 allowas-in 1
-{% elif CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'LeafRouter' %}
-{%   if CONFIG_DB__BGP_BBR['status'] == 'enabled' %}
-    neighbor PEER_V4 allowas-in 1
-{%   endif %}
-{% endif %}
-    neighbor PEER_V4 soft-reconfiguration inbound
-    neighbor PEER_V4 route-map FROM_BGP_PEER_V4 in
-    neighbor PEER_V4 route-map TO_BGP_PEER_V4 out
-{% if (CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC') or CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'UpperSpineRouter' %}
-    table-map SELECTIVE_ROUTE_DOWNLOAD_V4
-{% endif %}
-  exit-address-family
-  address-family ipv6
-{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'ToRRouter' %}
-    neighbor PEER_V6 allowas-in 1
-{% elif CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'LeafRouter' %}
-{%   if CONFIG_DB__BGP_BBR['status'] == 'enabled' %}
-    neighbor PEER_V6 allowas-in 1
-{%   endif %}
-{% endif %}
-    neighbor PEER_V6 soft-reconfiguration inbound
-    neighbor PEER_V6 route-map FROM_BGP_PEER_V6 in
-    neighbor PEER_V6 route-map TO_BGP_PEER_V6 out
-{% if (CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC') or CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'UpperSpineRouter' %}
-    table-map SELECTIVE_ROUTE_DOWNLOAD_V6
-{% endif %}
-  exit-address-family
+{% from "bgpd/templates/general/router.j2" import general_routing with context %}
+{{ general_routing("peer-group") }}
 !
 ! end of template: bgpd/templates/general/peer-group.conf.j2
 !