Page MenuHomeVyOS Platform

FRR 7.5 and 7.4 requires eBGP policy, without no routes are exchanged
Closed, DuplicatePublicBUG

Description

From Slack:

Is there a VyOS equivalent to [no] bgp ebgp-requires-policy in FRR? I'm seeing (Policy) in the output of show ip bgp sum in newer versions of VyOS, and I'm guessing this is why.

trae@cr01a-vyos:~$ show ip bgp sum
IPv4 Unicast Summary:
BGP router identifier 192.168.253.2, local AS number 4242420666 vrf-id 0
BGP table version 26
RIB entries 36, using 6912 bytes of memory
Peers 5, using 107 KiB of memory
Peer groups 4, using 256 bytes of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
192.168.253.6   4 4242420668       468       464        0    0    0 07:41:04     (Policy) (Policy)
192.168.253.7   4 4242420668       467       464        0    0    0 07:41:04     (Policy) (Policy)
192.168.253.1   4 4242420666       470       466        0    0    0 07:41:05           14        1
192.168.253.3   4 4242420666       448       448        0    0    0 07:12:14            5        1
192.168.253.12  4 4242420669       465       464        0    0    0 07:41:04     (Policy) (Policy)

Details

Version
1.3-rolling
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

This infact hit me, too which is super annoying and could kill your entire AS.

This is due to RFC 8212, which was added on FRR 7.4. Please see here...

https://github.com/FRRouting/frr/releases

You'll see it on 7.4, and 7.5.

Just tried this with 7.4 yeah, issue persists. Using 7.3 which is also in the LTS version for so long...

c-po renamed this task from FRR 7.5 requires eBGP policy, without no routes are exchanged to FRR 7.5 and 7.4 requires eBGP policy, without no routes are exchanged.Jan 3 2021, 8:09 PM

So, this option can be disabled here per the FRR manual:

http://docs.frrouting.org/en/latest/bgp.html

Require policy on EBGP

[no] bgp ebgp-requires-policy

This command requires incoming and outgoing filters to be applied for eBGP sessions. Without the incoming filter, no routes will be accepted. Without the outgoing filter, no routes will be announced.

This is enabled by default.

So to fix this we could do a workaround of adding the "no bgp ebgp-requires-policy" by default and allowing it to be enabled which restores normal (per FRR) operation.

Or you could implement import and export policies for BGP, which is what I did.
We already had export policies but it is good practice to have both.

@drac, while yes that is an option I am unsure which VyOS should as a software package should use.

I figure we could propose 3 options...

  1. Be very explicit in telling everyone of this change and letting the operators make this change on their own.
  2. Find a way to enable/disable this functionality (if given the choice).
  3. Make a change on behalf of the operators to preserve old behavior.

I personally would prefer all 3, but I think option 2 and 3 being the path we take is probably the correct one.