search

FRRouting / frr

The FRRouting Protocol Suite
https://frrouting.org/
Other
3.12k stars 1.2k forks source link

FRR with confederation fails to export unless no bgp ebgp-requires-policy #16304

Closed baldurn closed 6 days ago

baldurn commented 1 week ago

Description

FRR refuses to export to BGP peers in same confederation unless no bgp ebgp-requires-policy is set.

Show bgp neighbors will include the following (which is wrong because a policy is set):

Inbound path policy configured Outbound path policy configured Incoming update prefix filter list is xxx Outgoing update prefix filter list is hostroutes Inbound updates discarded due to missing policy Outbound updates discarded due to missing policy

The exact same configuration without confederation is fine.

The configuration:

frr version 8.1 frr defaults traditional hostname bng2 log syslog informational service integrated-vtysh-config ! ip router-id 91.x.x.7 ! router bgp 65004 no bgp ebgp-requires-policy bgp confederation identifier 2xxxxx bgp confederation peers 65001 65002 65003 neighbor edge peer-group neighbor 91.x.x.6 remote-as 65001 neighbor 91.x.x.6 peer-group edge neighbor 91.x.x.10 remote-as 65001 neighbor 91.x.x.10 peer-group edge ! address-family ipv4 unicast redistribute kernel redistribute connected neighbor edge soft-reconfiguration inbound neighbor edge prefix-list nnn in neighbor edge prefix-list hostroutes out exit-address-family exit ! ip prefix-list hostroutes seq 1 deny 91.x.x.1/32 ip prefix-list hostroutes seq 2 deny 91.x.x.1/32 ip prefix-list hostroutes seq 5 permit 91.x.x.0/23 ge 32 ip prefix-list hostroutes seq 10 deny 0.0.0.0/0 ip prefix-list nnn seq 5 permit 91.x.x.0/23 ge 23 ip prefix-list nnn seq 10 deny 0.0.0.0/0 ! end

Version

bng2# show version
FRRouting 8.1 (bng2).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

How to reproduce

Export some routes to a iBGP peer without using confederation. Use show ip bgp 91.x.x.x to verify that it is advertised. Switch to a confederation setup with the peer in same confederation but a different member AS. Verify that the route is no longer advertised. Make sure there is a policy configured. Verify that the route is still not advertised. Use the "no bgp ebgp-requires-policy" command and verify that the path is advertised again.

Expected behavior

Routes are advertised to peers with a policy configured. I am not sure if it should behave identically to iBGP or not (ie. not require a policy at all).

Actual behavior

Routes are not advertised to peers even with a policy configured.

Additional context

No response

Checklist