Page MenuHomeVyOS Platform
Create Task
Maniphest T1698

prefix-list and/or route-map not configured before referencing BGP neighbor is configured (BGP session established before filters applied)
Closed, DuplicatePublicBUG
Actions

Assigned To
Unknown Object (User)
Authored By
maznu
Sep 29 2019, 9:23 AM
Tags
None
Referenced Files
F527768: r2.txt
May 6 2020, 12:40 PM
F527767: r3.txt
May 6 2020, 12:40 PM
F527766: routers.png
May 6 2020, 12:40 PM
F527769: r1.txt
May 6 2020, 12:40 PM
Subscribers
danfoster2
egoistdream
maznu
njh
pasik
Viacheslav
Active contributors
Maintainers

Description

Our VyOS config is relatively large:

  • dozens of BGP sessions
  • dozens of route-maps and prefix-lists
  • potentially tens of thousands of entries in route-maps and prefix-lists (auto-generated via bgpq3)

After a reboot of a router (with multiple transit and peering sessions), we found numerous peerings would not come up. We still have a couple down, and they are showing as tripped because:

Connections established 1; dropped 1
Last reset 04:44:43, due to NOTIFICATION received (Cease/Maximum Number of Prefixes Reached)

Cloudflare NOC emailed to say:

- IP: 195.66.244.97 - Manchester, GB - Number of prefixes received when sessions went down: 401.

This seemed strange to us, because the affected peers above have the same prefix-list out and route-map out applied that they had before a reboot. And the same prefix-list out and route-map out as many other peers, so should only be receiving ~20 prefixes right now:

show ip bgp neigh 195.66.244.80 advertised-routes
[snip]
Total number of prefixes 14

I assume, therefore that just like in T944, the BGP neighbor is established before when any referenced route-map and prefix-list is configured.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0-rolling+201906220337
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

maznu created this task.Sep 29 2019, 9:23 AM
maznu updated the task description. (Show Details)
pasik added a subscriber: pasik.Sep 29 2019, 11:23 AM
njh added a subscriber: njh.Feb 4 2020, 9:47 AM
danfoster2 added a subscriber: danfoster2.Mar 16 2020, 4:38 PM
Viacheslav added a subscriber: Viacheslav.Mar 27 2020, 10:06 AM
egoistdream added a subscriber: egoistdream.Apr 19 2020, 2:24 AM
Viacheslav added a comment.May 6 2020, 12:40 PM

To reproduce it in a test lab.
R1 Originate 1000 prefixes
R2 import 1000 and export 40 prefixes to R3
R3 prefix-limit 40 prefixes.

reboot R2
After rebooting on R3

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
192.168.0.1     4      65002      50      44        0    0    0 00:00:02 Idle (PfxCt)

routers.png (260×760 px, 16 KB)

r1.txt78 KBDownload

r2.txt7 KBDownload

r3.txt1 KBDownload

maznu added a comment.May 6 2020, 12:44 PM

The good news is that this can be fixed with:

set protocols bgp 65432 parameters default no-ipv4-unicast

…and making sure you specify ipv4-unicast with route-maps and prefix-lists on all peers.

I believe this is the default now for 1.3?

Viacheslav added a comment.May 6 2020, 12:50 PM

@maznu I think this will be the default only after BGP switches to a new XML/python format.
https://phabricator.vyos.net/T2174

Viacheslav added a subscriber: Unknown Object (User).May 6 2020, 1:01 PM
Unknown Object (User) claimed this task.May 8 2020, 10:54 AM
Unknown Object (User) added a comment.May 8 2020, 6:40 PM

I confirm that this can be mitigated by:

  1. add to ALL ipv4 peers "address-family ipv4-unicast" set
set protocols bgp xxxxxx neighbor x.x.x.x address-family ipv4-unicast
  1. disable default ipv4 peering
set protocols bgp xxxxxx parameters default no-ipv4-unicast

Duplicated with T1945

Unknown Object (User) closed this task as a duplicate of T1945: FRR: Committing large number of peers in configuration results in temporarily incomplete config resulting in route leaks.May 8 2020, 6:41 PM
danhusan mentioned this in T2979: BGP route leak at system boot.Oct 15 2020, 12:14 PM