search

osrg / gobgp

BGP implemented in the Go Programming Language
https://osrg.github.io/gobgp/
Apache License 2.0
3.59k stars 684 forks source link

About the real-time effect of BGP Policy configuration #2164

Open shengslin opened 4 years ago

shengslin commented 4 years ago

| RouterA | -----------------iBGP------------------| RouterB | ---------- 169.254.0.1 ------------- 169.254.0.254 -----------

  1. Add two network segments in the rib of RouterA

    #gobgp global rib add  1.1.1.0/24
#gobgp global rib add  2.2.2.0/24
#gobgp neigh 169.254.0.254 adj-out
ID  Network              Next Hop             AS_PATH              Attrs
1   1.1.1.0/24           169.254.0.1                               [{Origin: ?} {LocalPref: 100}]
2   2.2.2.0/24           169.254.0.1                               [{Origin: ?} {LocalPref: 100}]

    Can be seen in RouterB:

    # gobgp neigh 169.254.0.1 adj-in
ID  Network              Next Hop             AS_PATH              Age        Attrs
0   1.1.1.0/24           169.254.0.1                               14:19:42   [{Origin: ?} {LocalPref: 100}]
0   2.2.2.0/24           169.254.0.1                               14:16:04   [{Origin: ?} {LocalPref: 100}]

  2. Configure the default Reject export routing policy.

    
#gobgp policy add p_1
#gobgp global policy export add p_1 default reject
#gobgp global policy
Import policy:
Default: NONE
Export policy:
Default: REJECT
Name p_1:

3. As you can see on RouterA, adj-out has no network segments 1.1.1.0/24 and 2.2.2.0/24.
The routing policy takes effect on the local end but does not take effect on the peer end.

gobgp neigh 169.254.0.254 adj-out

Network not in table

But on RouterB, the network segments 1.1.1.0/24 and 2.2.2.0/24  still exists.

gobgp neigh 169.254.0.1 adj-in

ID Network Next Hop AS_PATH Age Attrs 0 1.1.1.0/24 169.254.0.1 14:19:42 [{Origin: ?} {LocalPref: 100}] 0 2.2.2.0/24 169.254.0.1 14:16:04 [{Origin: ?} {LocalPref: 100}]


When RouterA applies the routing policy, it does not send a route revocation message to RouterB. Like the debug information below:

{"Key":"1.1.1.0/24","Topic":"Table","level":"debug","msg":"Removing withdrawals","time":"2019-09-17T03:03:09Z"} {"Key":"169.254.0.254","State":"BGP_FSM_ESTABLISHED","Topic":"Peer","attributes":null,"level":"debug","msg":"sent update","nlri":null,"time":"2019-09-17T03:03:09Z","withdrawals":[{"prefix":"1.1.1.0/24"}]} {"Key":"169.254.0.253","State":"BGP_FSM_ESTABLISHED","Topic":"Peer","attributes":null,"level":"debug","msg":"sent update","nlri":null,"time":"2019-09-17T03:03:09Z","withdrawals":[{"prefix":"1.1.1.0/24"}]}



**we used FRR and Huawei routers to test, routing policies can be effective in real time on the peer.**
shengslin commented 4 years ago

I tested the non-default policy again, and also have this problem.

#gobgp policy prefix add  1.1  1.1.1.0/24
#gobgp policy statement  add to_254
#gobgp policy statement to_254 add condition prefix 1.1
#gobgp policy statement to_254 add action reject
#gobgp policy add p_to_254 to_254
#gobgp global policy export add p_to_254
#gobgp global policy
Import policy:
    Default: NONE
Export policy:
    Default: ACCEPT
    Name p_to_254:
        StatementName to_254:
          Conditions:
            PrefixSet: any 1.1
          Actions:
             reject

On RouterA:

#gobgp neigh 169.254.0.254 adj-out
   ID  Network              Next Hop             AS_PATH              Attrs
   1   2.2.2.0/24           169.254.0.1                               [{Origin: ?} {LocalPref: 100}]

RouterB,1.1.1.0/24 has not been revoked :

# gobgp neigh 169.254.0.1 adj-in
   ID  Network              Next Hop             AS_PATH              Age        Attrs
   0   1.1.1.0/24           169.254.0.1                               00:10:17   [{Origin: ?} {LocalPref: 100}]
   0   2.2.2.0/24           169.254.0.1                               00:10:02   [{Origin: ?} {LocalPref: 100}]