Inadvertently, accepting inter-domain routes via BGP can be hazardous to health. Generally speaking, networks have only a small number of EBGP peering sessions that provide a full-table of internet routing information, and any other EBGP peers which accidentally advertise routes that they should not, can be contained by deploying import policies to filter the routes accepted.
In order to implement this check, we use an XPath expression to analyze the configuration under the [ protocols bgp ] hierarchy. What we want to see is that for every BGP group we have that is an external type, every neighbor within that group has an import directive. Or if that is not the case, the group itself should have an import directive.