ton31337
commented
1 year ago I tested with https://github.com/FRRouting/frr/pull/14599, and I can't reproduce it with 9.0.1, and/or the master version...
Closed DaniilHarun closed 8 months ago
ton31337
commented
1 year ago I tested with https://github.com/FRRouting/frr/pull/14599, and I can't reproduce it with 9.0.1, and/or the master version...
ton31337
commented
1 year ago Could you also show the libyang packet version installed on your system?
DaniilHarun
commented
1 year ago Could you also show the libyang packet version installed on your system?
2.1.80-1~deb12u1
ton31337
commented
12 months ago Then not related to libyang, this version is not affected.
aderumier
commented
10 months ago Hi, I think I trigger the same bug, It's working for me on 8.4.4 , but it's broken again since 8.5.0 and still broken on 9.1
I think it's related again to route-map optimization.
on 8.4.4, it's working with the below config: on 8.5.0 up to stable/8.5.2 + 7603eca36d7bf7d73f14f46aa5006063214f03e1 (lib: skip route-map optimization if !AF_INET(6)), I can workaround it with "no route-map ... optimization"
after 7603eca36d7bf7d73f14f46aa5006063214f03e1, i's not working with or without disabling optimization
(so maybe we have 2 bugs here)
here an example with a l3vni 10000 in vrf vrf_evpn, announce a default 0.0.0.0 type-5 route
auto vrf_evpn
iface vrf_evpn
vrf-table auto
auto vrfbr_evpn
iface vrfbr_evpn
bridge-ports vrfvx_evpn
bridge_stp off
bridge_fd 0
mtu 1450
vrf vrf_evpn
auto vrfvx_evpn
iface vrfvx_evpn
vxlan-id 10000
vxlan-local-tunnelip 10.3.94.11
bridge-learning off
bridge-arp-nd-suppress on
mtu 1450frr version 8.5.1
frr defaults datacenter
hostname formationkvm2
log syslog informational
service integrated-vtysh-config
!
!
vrf vrf_evpn
vni 10000
exit-vrf
!
router bgp 65000
bgp router-id 10.3.94.11
no bgp hard-administrative-reset
no bgp graceful-restart notification
no bgp default ipv4-unicast
coalesce-time 1000
neighbor VTEP peer-group
neighbor VTEP remote-as 65000
neighbor VTEP bfd
neighbor 10.3.94.10 peer-group VTEP
!
address-family ipv4 unicast
import vrf vrf_evpn
exit-address-family
!
address-family ipv6 unicast
import vrf vrf_evpn
exit-address-family
!
address-family l2vpn evpn
neighbor VTEP route-map MAP_VTEP_OUT out
neighbor VTEP activate
advertise-all-vni
exit-address-family
exit
!
router bgp 65000 vrf vrf_evpn
bgp router-id 10.3.94.11
no bgp hard-administrative-reset
no bgp graceful-restart notification
!
address-family ipv4 unicast
redistribute connected
exit-address-family
!
address-family ipv6 unicast
redistribute connected
exit-address-family
!
address-family l2vpn evpn
default-originate ipv4
exit-address-family
exit
!
route-map MAP_VTEP_OUT deny 10
match evpn route-type prefix
exit
!
route-map MAP_VTEP_OUT permit 20
exit
!
line vtya default type-5 is announced, but it should be filtered. (on frr 8.4.4, it's correctly filtered)
sh bgp l2vpn evpn neighbors 10.3.94.10 advertised-routes
BGP table version is 0, local router ID is 10.3.94.11
Default local pref 100, local AS 65000
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.3.94.11:2
*> [5]:[0]:[0]:[0.0.0.0]
100 32768 iI finish to bisect it, for my setup, it don't work since this commit
https://github.com/FRRouting/frr/commit/272c6d5db128ff7450fe9fcd16c046160594deb3
aderumier
commented
10 months ago I think I have a clue,
Using my same config but filtering with a prefix-list,
ip prefix-list only-default permit 0.0.0.0/0
!
route-map MAP_VTEP_OUT deny 10
match ip address prefix-list only-default
exit
!before https://github.com/FRRouting/frr/commit/272c6d5db128ff7450fe9fcd16c046160594deb3 it's not working and after the commit, it's working.
and for "match evpn", this is the reverse.
could it be related to
/*
* Convert type-2 and type-5 evpn route prefixes into the more
* general ipv4/ipv6 prefix types so we can match prefix lists
* and such.
*/
int evpn_prefix2prefix(const struct prefix *evpn, struct prefix *to)
{? so we can't use "match evpn" anymore ?
I'm adding issue about prefix-list filtering https://github.com/FRRouting/frr/issues/10559
ton31337
commented
10 months ago match evpn route-type should work fine, you can see that we have a topotest for this route-map command: https://github.com/FRRouting/frr/pull/14599/files. Could you check that example?
fdomain
commented
8 months ago Hello @ton31337 , I tested your topotest and indeed it works. However I defined a new topotest with type-5 evpn routes, and tested several evpn matchers (match evpn vni and match evpn route-type) and it doesn't work.
Here is my topotest if you want to test it by yourself: https://github.com/fdomain/frr/commit/47cef05b25140edaf0a8c6786bafc1d5edfd7548
Good news is that the match ip address prefix-list now works for EVPN prefixes (as mentioned by @aderumier in previous messages).
ton31337
commented
8 months ago @fdomain can you check this patch? https://github.com/FRRouting/frr/pull/15377
fdomain
commented
8 months ago thanks @ton31337 I'll have a look today
fdomain
commented
8 months ago @ton31337 I confirm it works fine now, thanks a lot! Would it be possible to backport this fix on older versions ?
Describe the bug
When using expression
match evpn route-typeno route matches. There are no problems in versions below 8.5.3.To Reproduce
Checking the route:
Expected behavior
Screenshots
Versions