ljluestc
commented
1 month ago # Define neighbor sets
[[defined-sets.neighbor-sets]]
neighbor-set-name = "ns-all"
neighbor-info-list = []
# Define policy to reject all neighbors (or modify as needed)
[[policy-definitions]]
name = "reject-all-neighbors"
[[policy-definitions.statements]]
[policy-definitions.statements.conditions.match-neighbor-set]
neighbor-set = "ns-all"
[policy-definitions.statements.actions]
route-disposition = "reject-route"
# Global configuration
[global.config]
as = 65001
router-id = "10.10.10.10"
[global.apply-policy.config]
import-policy-list = ["reject-all-neighbors"] # Applying the reject-all-neighbors policy
default-import-policy = "accept-route" # Change default to accept-route to allow local prefixes
default-export-policy = "accept-route"
# Define neighbors
[[neighbors]]
[neighbors.config]
neighbor-address = "172.16.4.2"
peer-as = 65002
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[[neighbors]]
[neighbors.config]
neighbor-address = "172.16.5.2"
peer-as = 65002
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
# Zebra configuration
[zebra]
[zebra.config]
enabled = true
url = "unix:/var/run/frr/zserv.api"
version = 5
# Logging configuration
[logging]
level = "debug"
Running GoBGP 2.12.
If I have:
And try to add a local prefix:
gobgp global rib -a ipv4-flowspec add match destination 192.0.2.1/32 then discardIt's not being accepted:gobgp global rib -a ipv4-flowspecreturns:Network not in tableBut if change the configuration to:
Which should have the same end results as there are only
reject-routefor imports. But in this case:gobgp global rib -a ipv4-flowspec add match destination 192.0.2.1/32 then discardgobgp global rib -a ipv4-flowspecIt works:As a side note, changing the policy to a
accept-routeit works as well.