Page MenuHomeVyOS Platform
Create Task
Maniphest T3183

FRR 7.5 and 7.4 requires eBGP policy, without no routes are exchanged
Closed, DuplicatePublicBUG
Actions

Description

From Slack:

Is there a VyOS equivalent to [no] bgp ebgp-requires-policy in FRR? I'm seeing (Policy) in the output of show ip bgp sum in newer versions of VyOS, and I'm guessing this is why.

trae@cr01a-vyos:~$ show ip bgp sum
IPv4 Unicast Summary:
BGP router identifier 192.168.253.2, local AS number 4242420666 vrf-id 0
BGP table version 26
RIB entries 36, using 6912 bytes of memory
Peers 5, using 107 KiB of memory
Peer groups 4, using 256 bytes of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
192.168.253.6   4 4242420668       468       464        0    0    0 07:41:04     (Policy) (Policy)
192.168.253.7   4 4242420668       467       464        0    0    0 07:41:04     (Policy) (Policy)
192.168.253.1   4 4242420666       470       466        0    0    0 07:41:05           14        1
192.168.253.3   4 4242420666       448       448        0    0    0 07:12:14            5        1
192.168.253.12  4 4242420669       465       464        0    0    0 07:41:04     (Policy) (Policy)

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects
Search...

Event Timeline

c-po created this task.Jan 3 2021, 4:52 PM

This infact hit me, too which is super annoying and could kill your entire AS.

Cheeze_It added a subscriber: Cheeze_It.Jan 3 2021, 6:38 PM

This is due to RFC 8212, which was added on FRR 7.4. Please see here...

https://github.com/FRRouting/frr/releases

You'll see it on 7.4, and 7.5.

c-po added a comment.EditedJan 3 2021, 8:09 PM

Just tried this with 7.4 yeah, issue persists. Using 7.3 which is also in the LTS version for so long...

c-po renamed this task from FRR 7.5 requires eBGP policy, without no routes are exchanged to FRR 7.5 and 7.4 requires eBGP policy, without no routes are exchanged.Jan 3 2021, 8:09 PM
pasik added a subscriber: pasik.Jan 3 2021, 8:27 PM
Cheeze_It added a comment.EditedJan 3 2021, 8:31 PM

So, this option can be disabled here per the FRR manual:

http://docs.frrouting.org/en/latest/bgp.html

Require policy on EBGP

[no] bgp ebgp-requires-policy

This command requires incoming and outgoing filters to be applied for eBGP sessions. Without the incoming filter, no routes will be accepted. Without the outgoing filter, no routes will be announced.

This is enabled by default.

So to fix this we could do a workaround of adding the "no bgp ebgp-requires-policy" by default and allowing it to be enabled which restores normal (per FRR) operation.

drac added a subscriber: drac.Jan 3 2021, 8:49 PM

Or you could implement import and export policies for BGP, which is what I did.
We already had export policies but it is good practice to have both.

Cheeze_It added a comment.Jan 3 2021, 8:52 PM

@drac, while yes that is an option I am unsure which VyOS should as a software package should use.

I figure we could propose 3 options...

  1. Be very explicit in telling everyone of this change and letting the operators make this change on their own.
  2. Find a way to enable/disable this functionality (if given the choice).
  3. Make a change on behalf of the operators to preserve old behavior.

I personally would prefer all 3, but I think option 2 and 3 being the path we take is probably the correct one.

Viacheslav added a subscriber: Viacheslav.Jan 16 2021, 11:36 AM

T2100

c-po closed this task as a duplicate of T2100: BGP route adverisement wih checks rib.Jan 16 2021, 12:08 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 11:43 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.