1 files changed, 33 insertions, 2 deletions

diff --git a/server/server.go b/server/server.go
index 8e26a45b..17710f11 100644
--- a/server/server.go
+++ b/server/server.go
@@ -816,8 +816,13 @@ func (server *BgpServer) handleFSMMessage(peer *Peer, e *FsmMsg) {
 			}
 
 			if len(pathList) > 0 {
-				var altered []*table.Path
-				altered = server.propagateUpdate(peer, pathList)
+				if v := peer.fsm.pConf.Config.Vrf; v != "" {
+					vrf := server.globalRib.Vrfs[v]
+					for idx, path := range pathList {
+						pathList[idx] = path.ToGlobal(vrf)
+					}
+				}
+				altered := server.propagateUpdate(peer, pathList)
 				if server.isWatched(WATCH_EVENT_TYPE_POST_UPDATE) {
 					_, y := peer.fsm.capMap[bgp.BGP_CAP_FOUR_OCTET_AS_NUMBER]
 					l, _ := peer.fsm.LocalHostPort()
@@ -1288,6 +1293,13 @@ func (s *BgpServer) DeleteVrf(name string) (err error) {
 	s.mgmtCh <- func() {
 		defer close(ch)
 
+		for _, n := range s.neighborMap {
+			if n.fsm.pConf.Config.Vrf == name {
+				err = fmt.Errorf("failed to delete VRF %s: neighbor %s is in use", name, n.ID())
+				return
+			}
+		}
+
 		pathList, err := s.globalRib.DeleteVrf(name)
 		if err == nil && len(pathList) > 0 {
 			s.propagateUpdate(nil, pathList)
@@ -1644,6 +1656,25 @@ func (server *BgpServer) addNeighbor(c *config.Neighbor) error {
 		return fmt.Errorf("Can't overwrite the existing peer: %s", addr)
 	}
 
+	if vrf := c.Config.Vrf; vrf != "" {
+		if c.RouteServer.Config.RouteServerClient {
+			return fmt.Errorf("route server client can't be enslaved to VRF")
+		}
+		if c.RouteReflector.Config.RouteReflectorClient {
+			return fmt.Errorf("route reflector client can't be enslaved to VRF")
+		}
+		families, _ := config.AfiSafis(c.AfiSafis).ToRfList()
+		for _, f := range families {
+			if f != bgp.RF_IPv4_UC && f != bgp.RF_IPv6_UC {
+				return fmt.Errorf("%s is not supported for VRF enslaved neighbor", f)
+			}
+		}
+		_, y := server.globalRib.Vrfs[vrf]
+		if !y {
+			return fmt.Errorf("VRF not found: %s", vrf)
+		}
+	}
+
 	if server.bgpConfig.Global.Config.Port > 0 {
 		for _, l := range server.Listeners(addr) {
 			if err := SetTcpMD5SigSockopts(l, addr, c.Config.AuthPassword); err != nil {