search

natesales / pathvector

Declarative routing platform that automates BGP route optimization and control plane configuration with secure and repeatable routing policy.
https://pathvector.io
MIT License
218 stars 28 forks source link

filter-as-set not working when only peer ASN is in the specified AS-set #210

Closed potvinp closed 4 months ago

potvinp commented 8 months ago

Describe the bug When filter-as-set is set to true, generation of the configuration fails with an error message of FATA[0001] peer has filter-as-set enabled but no members in it's as-set if only the peer's ASN is in the AS-set without any others present.

Environment

Pathvector 6.3.2
Built c35220bf121f366ff05a51d93c6236e8c324d682 on 2023-06-11T07:03:14Z
No plugins
BIRD: ready.
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian

To Reproduce Steps to reproduce the behavior:

  1. Ensure the specified AS-set for a peer only contains said peer's ASN.
  2. Enable filter-as-set on the peer's session configuration
  3. Receive error of FATA[0001] peer has filter-as-set enabled but no members in it's as-set

Expected behavior Generation succeeds without error

potvinp commented 8 months ago

Partially resolved, filter-as-set also requires auto-as-set-members to be enabled to ensure it can fetch the AS-set members to filter on.

One thing I noticed is that the filter logic for filter-as-set only checks that the first ASN in the path, instead of the last ASN which is usually the originating ASN. I'm making a pull request now to fix this to ensure the function works as intended.