Page MenuHomeVyOS Platform
Create Task
Maniphest T1243

BGP local-as accept wrong values
Closed, ResolvedPublicBUG
Actions

Description

Hello!
We need to add another one check to set protocols bgp XXX neighbor YYY local-as command. In current version we can set the same value, as in remote-as for peers, which is not in router AS. Like this:

vyos@test-01# show protocols bgp 
 bgp 64512 {
     neighbor 192.168.5.5 {
         local-as 64513 {
         }
         remote-as 64513
     }
 }

This is not acceptable by FRRouting, as we can't establish iBGP session with eBGP peer and FRRouting silently skip this. So we need to add check for this command which will block possibility to make configurations like this if ( local-as == remote-as AND remote-as != router AS ).

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.0-LTS
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation

Event Timeline

zsdc created this task.Feb 12 2019, 5:15 PM
pasik added a subscriber: pasik.Mar 12 2019, 5:18 PM
syncer changed the task status from Open to Confirmed.Apr 17 2019, 8:00 PM
syncer assigned this task to hagbard.
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux.
hagbard changed the task status from Confirmed to In progress.Apr 23 2019, 5:37 PM
hagbard changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).Apr 23 2019, 5:40 PM
hagbard added a comment.Apr 23 2019, 8:17 PM

@zsdc is local-as required anyway? Isn't it always the same as the router-as?

hagbard changed the task status from In progress to Needs testing.Apr 23 2019, 9:28 PM

Fix, should be in the next rolling release:
https://github.com/vyos/vyatta-cfg-quagga/commit/41df1579f6ca3e5a1618ee85bbb337011148f1ef

hagbard added a comment.Apr 24 2019, 7:05 PM

@zsdc Can you please test?

hagbard closed this task as Resolved.Apr 29 2019, 4:20 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.May 6 2019, 4:54 PM
rherold added a subscriber: rherold.May 28 2019, 2:26 PM

can it be that the fix for T1243 is broken? I can understand that local-as can't be the same like remote-as if router-as diff from local-as but the patch forbit to set remote-as to the same like router-as that will break ibgp

ibgp: router-as == remote-as
ibgp: router-as == local-as == remote-as
broken: router-as != (local-as == remote-as)

rherold added a comment.May 28 2019, 2:27 PM

from Slack

afics [6:27 PM]
I just upgraded some of my test routers from 1.2.0-rolling+201901160337 to 1.2.0-rolling+201905210337. After rebooting my BGP configuration was lost. When trying to load it manually I get:

[ protocols bgp 202928 neighbor 1.2.3.4 remote-as 202928 ]
remote-as and router AS can't be the same value

local-as in the peer is not set.

I suspect this is because of T1243. My configuration is normal for iBGP peerings. Can anybody reproduce this?

rherold added a comment.May 29 2019, 12:54 PM

Try: https://github.com/vyos/vyatta-cfg-quagga/pull/27/commits/8c741da0691cb392a86f249b61c3686a034f908a

syncer reopened this task as Backport candidate.Aug 31 2019, 4:32 AM
syncer reassigned this task from hagbard to dmbaturin.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.3); removed VyOS 1.2 Crux (VyOS 1.2.2).
syncer added a subscriber: hagbard.
dmbaturin removed a project: VyOS 1.2 Crux (VyOS 1.2.3).Aug 31 2019, 4:36 AM
dmbaturin set Is it a breaking change? to Stricter validation.
dmbaturin added a project: test.Jul 29 2021, 12:07 PM
dmbaturin added a project: VyOS 1.4 Sagitta.
Viacheslav added a subscriber: Viacheslav.Jul 30 2021, 1:29 PM

As I see it's already fixed:

[email protected]# set protocols bgp 64512 neighbor 192.168.5.5 local-as 64513
[edit]
[email protected]# set protocols bgp 64512 neighbor 192.168.5.5 remote-as 64513
[edit]
[email protected]# commit
[ protocols bgp 64512 neighbor 192.168.5.5 local-as 64513 ]
local-as: 64513 and remote-as: 64513 can't be the same

[[protocols bgp 64512]] failed
Commit failed
[edit]
[email protected]#
syncer closed this task as Resolved.Oct 17 2021, 12:33 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
syncer moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.