FRR refuses to export to BGP peers in same confederation unless no bgp ebgp-requires-policy is set.
Show bgp neighbors will include the following (which is wrong because a policy is set):
Inbound path policy configured
Outbound path policy configured
Incoming update prefix filter list is xxx
Outgoing update prefix filter list is hostroutes
Inbound updates discarded due to missing policy
Outbound updates discarded due to missing policy
The exact same configuration without confederation is fine.
The configuration:
frr version 8.1
frr defaults traditional
hostname bng2
log syslog informational
service integrated-vtysh-config
!
ip router-id 91.x.x.7
!
router bgp 65004
no bgp ebgp-requires-policy
bgp confederation identifier 2xxxxx
bgp confederation peers 65001 65002 65003
neighbor edge peer-group
neighbor 91.x.x.6 remote-as 65001
neighbor 91.x.x.6 peer-group edge
neighbor 91.x.x.10 remote-as 65001
neighbor 91.x.x.10 peer-group edge
!
address-family ipv4 unicast
redistribute kernel
redistribute connected
neighbor edge soft-reconfiguration inbound
neighbor edge prefix-list nnn in
neighbor edge prefix-list hostroutes out
exit-address-family
exit
!
ip prefix-list hostroutes seq 1 deny 91.x.x.1/32
ip prefix-list hostroutes seq 2 deny 91.x.x.1/32
ip prefix-list hostroutes seq 5 permit 91.x.x.0/23 ge 32
ip prefix-list hostroutes seq 10 deny 0.0.0.0/0
ip prefix-list nnn seq 5 permit 91.x.x.0/23 ge 23
ip prefix-list nnn seq 10 deny 0.0.0.0/0
!
end
Export some routes to a iBGP peer without using confederation. Use show ip bgp 91.x.x.x to verify that it is advertised. Switch to a confederation setup with the peer in same confederation but a different member AS. Verify that the route is no longer advertised. Make sure there is a policy configured. Verify that the route is still not advertised. Use the "no bgp ebgp-requires-policy" command and verify that the path is advertised again.
Expected behavior
Routes are advertised to peers with a policy configured. I am not sure if it should behave identically to iBGP or not (ie. not require a policy at all).
Actual behavior
Routes are not advertised to peers even with a policy configured.
Additional context
No response
Checklist
[X] I have searched the open issues for this bug.
[X] I have not included sensitive information in this report.
Description
FRR refuses to export to BGP peers in same confederation unless no bgp ebgp-requires-policy is set.
Show bgp neighbors will include the following (which is wrong because a policy is set):
Inbound path policy configured Outbound path policy configured Incoming update prefix filter list is xxx Outgoing update prefix filter list is hostroutes Inbound updates discarded due to missing policy Outbound updates discarded due to missing policy
The exact same configuration without confederation is fine.
The configuration:
frr version 8.1 frr defaults traditional hostname bng2 log syslog informational service integrated-vtysh-config ! ip router-id 91.x.x.7 ! router bgp 65004 no bgp ebgp-requires-policy bgp confederation identifier 2xxxxx bgp confederation peers 65001 65002 65003 neighbor edge peer-group neighbor 91.x.x.6 remote-as 65001 neighbor 91.x.x.6 peer-group edge neighbor 91.x.x.10 remote-as 65001 neighbor 91.x.x.10 peer-group edge ! address-family ipv4 unicast redistribute kernel redistribute connected neighbor edge soft-reconfiguration inbound neighbor edge prefix-list nnn in neighbor edge prefix-list hostroutes out exit-address-family exit ! ip prefix-list hostroutes seq 1 deny 91.x.x.1/32 ip prefix-list hostroutes seq 2 deny 91.x.x.1/32 ip prefix-list hostroutes seq 5 permit 91.x.x.0/23 ge 32 ip prefix-list hostroutes seq 10 deny 0.0.0.0/0 ip prefix-list nnn seq 5 permit 91.x.x.0/23 ge 23 ip prefix-list nnn seq 10 deny 0.0.0.0/0 ! end
Version
How to reproduce
Export some routes to a iBGP peer without using confederation. Use show ip bgp 91.x.x.x to verify that it is advertised. Switch to a confederation setup with the peer in same confederation but a different member AS. Verify that the route is no longer advertised. Make sure there is a policy configured. Verify that the route is still not advertised. Use the "no bgp ebgp-requires-policy" command and verify that the path is advertised again.
Expected behavior
Routes are advertised to peers with a policy configured. I am not sure if it should behave identically to iBGP or not (ie. not require a policy at all).
Actual behavior
Routes are not advertised to peers even with a policy configured.
Additional context
No response
Checklist