The connection diagram
R-01 configuration
set interfaces ethernet eth0 vif 100 address '192.0.1.1/29' set interfaces ethernet eth1 vif 11 address '10.11.11.2/24' set interfaces ethernet eth1 vif 12 address '10.12.11.2/24' set interfaces ethernet eth1 vif 255 address '10.0.255.253/30' set interfaces loopback lo address '10.0.255.1/32' set high-availability vrrp group 11 address 10.11.11.1/24 set high-availability vrrp group 11 interface 'eth1.11' set high-availability vrrp group 11 priority '80' set high-availability vrrp group 11 track interface 'eth0' set high-availability vrrp group 11 track interface 'eth1' set high-availability vrrp group 11 vrid '11' set high-availability vrrp group 12 address 10.12.11.1/24 set high-availability vrrp group 12 interface 'eth1.12' set high-availability vrrp group 12 priority '70' set high-availability vrrp group 12 vrid '12' set policy prefix-list VRRP_Peer rule 11 action 'permit' set policy prefix-list VRRP_Peer rule 11 prefix '10.0.255.2/32' set policy prefix-list Net-Out rule 11 action 'permit' set policy prefix-list Net-Out rule 11 prefix '172.16.22.0/24' set policy prefix-list Net-Out rule 12 action 'permit' set policy prefix-list Net-Out rule 12 prefix '172.16.128.0/24' set policy route-map Net-Out rule 10 action 'permit' set policy route-map Net-Out rule 10 match ip address prefix-list 'Net-Out' set policy route-map VRRP_Peer rule 10 action 'permit' set policy route-map VRRP_Peer rule 10 match ip address prefix-list 'VRRP_Peer' set policy route-map Lo rule 10 action 'permit' set policy route-map Lo rule 10 match interface 'lo' set policy route-map ISP1 rule 10 action 'permit' set policy route-map ISP1 rule 10 match ip address prefix-list 'Net-Out' set policy route-map ISP2 rule 10 action 'permit' set policy route-map ISP2 rule 10 match ip address prefix-list 'Net-Out' set protocols bgp address-family ipv4-unicast redistribute ospf set protocols bgp address-family ipv4-unicast redistribute static route-map 'Net-Out' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast conditionally-advertise advertise-map 'Net-Out' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast conditionally-advertise exist-map 'VRRP_Peer' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast route-map export 'ISP1' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast weight '100' set protocols bgp neighbor 192.0.1.3 remote-as '65003' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast conditionally-advertise advertise-map 'Net-Out' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast conditionally-advertise exist-map 'VRRP_Peer' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast route-map export 'ISP2' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast nexthop-self set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast soft-reconfiguration inbound set protocols bgp neighbor 192.0.1.4 remote-as '65004' set protocols bgp parameters router-id '192.0.1.1' set protocols bgp system-as '65001' set protocols ospf area 0 network '10.0.255.252/30' set protocols ospf interface eth1.255 network 'point-to-point' set protocols ospf redistribute connected route-map 'Lo' set protocols static route 0.0.0.0/0 next-hop 10.0.255.254 distance '200' set protocols static route 172.16.22.0/24 next-hop 10.0.255.254 interface 'eth1.255' set protocols static route 172.16.128.0/24 next-hop 10.0.255.254 interface 'eth1.255'
R-02 configuration
set interfaces ethernet eth0 vif 100 address '192.0.1.2/29' set interfaces ethernet eth1 vif 11 address '10.11.11.3/24' set interfaces ethernet eth1 vif 12 address '10.12.11.3/24' set interfaces ethernet eth1 vif 255 address '10.0.255.254/30' set interfaces loopback lo address '10.0.255.2/32' set high-availability vrrp group 11 address 10.11.11.1/24 set high-availability vrrp group 11 interface 'eth1.11' set high-availability vrrp group 11 priority '80' set high-availability vrrp group 11 track interface 'eth0' set high-availability vrrp group 11 track interface 'eth1' set high-availability vrrp group 11 vrid '11' set high-availability vrrp group 12 address 10.12.11.1/24 set high-availability vrrp group 12 interface 'eth1.12' set high-availability vrrp group 12 priority '70' set high-availability vrrp group 12 vrid '12' set policy prefix-list VRRP_Peer rule 11 action 'permit' set policy prefix-list VRRP_Peer rule 11 prefix '10.0.255.2/32' set policy prefix-list Net-Out rule 11 action 'permit' set policy prefix-list Net-Out rule 11 prefix '172.16.22.0/24' set policy prefix-list Net-Out rule 12 action 'permit' set policy prefix-list Net-Out rule 12 prefix '172.16.128.0/24' set policy route-map VRRP_Peer rule 10 action 'permit' set policy route-map VRRP_Peer rule 10 match ip address prefix-list 'VRRP_Peer' set policy route-map Net-Out rule 10 action 'permit' set policy route-map Net-Out rule 10 match ip address prefix-list 'Net-Out' set policy route-map Lo rule 10 action 'permit' set policy route-map Lo rule 10 match interface 'lo' set policy route-map ISP1 rule 10 action 'permit' set policy route-map ISP1 rule 10 match ip address prefix-list 'Net-Out' set policy route-map ISP2 rule 10 action 'permit' set policy route-map ISP2 rule 10 match ip address prefix-list 'Net-Out' set protocols bgp address-family ipv4-unicast redistribute ospf set protocols bgp address-family ipv4-unicast redistribute static route-map 'Net-Out' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast conditionally-advertise advertise-map 'Net-Out' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast conditionally-advertise exist-map 'VRRP_Peer' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast route-map export 'ISP1' set protocols bgp neighbor 192.0.1.3 address-family ipv4-unicast weight '100' set protocols bgp neighbor 192.0.1.3 remote-as '65003' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast conditionally-advertise advertise-map 'Net-Out' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast conditionally-advertise exist-map 'VRRP_Peer' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast route-map export 'ISP2' set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast nexthop-self set protocols bgp neighbor 192.0.1.4 address-family ipv4-unicast soft-reconfiguration inbound set protocols bgp neighbor 192.0.1.4 remote-as '65004' set protocols bgp parameters router-id '192.0.1.1' set protocols bgp system-as '65001' set protocols ospf area 0 network '10.0.255.252/30' set protocols ospf interface eth1.255 network 'point-to-point' set protocols ospf redistribute connected route-map 'Lo' set protocols static route 0.0.0.0/0 next-hop 10.0.255.253 distance '200' set protocols static route 172.16.22.0/24 next-hop 10.0.255.253 interface 'eth1.255' set protocols static route 172.16.128.0/24 next-hop 10.0.255.253 interface 'eth1.255'
Condition is if a route prefix 10.0.255.2/32 is present, then BGP advertise prefixes 172.16.22.0/24 and 172.16.128.0/24.
Checking routing table:
vyos@R-01# run sh ip route | grep 10.0.255.2/32 O>* 10.0.255.2/32 [110/20] via 10.0.255.254, eth1.255, weight 1, 00:21:45
Prefix present and BGP can advertise:
vyos@R-01# run sh ip bgp neighbors 192.0.1.3 advertised-routes
BGP table version is 5, local router ID is 192.0.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 172.16.22.0/24 0.0.0.0 0 32768 ?
*> 172.16.128.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 2vyos@R-01# run sh ip bgp neighbors 192.0.1.4 advertised-routes
BGP table version is 5, local router ID is 192.0.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 172.16.22.0/24 0.0.0.0 0 32768 ?
*> 172.16.128.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 2Until now works OK
Then disconnecting the OSPF neighbor and waiting until 10.0.255.2/32 removes from RIB
Checking routing table via VyOS cli
vyos@R-01# run sh ip route | grep 10.0.255.2/32 [edit]
Inside FRR:
R-01# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
S>* 0.0.0.0/0 [200/0] via 10.0.255.254, eth1.255, weight 1, 01:27:51
C>* 10.0.255.1/32 is directly connected, lo, 01:27:56
O 10.0.255.252/30 [110/1] is directly connected, eth1.255, weight 1, 01:27:50
C>* 10.0.255.252/30 is directly connected, eth1.255, 01:27:53
C>* 10.11.11.0/24 is directly connected, eth1.11, 01:27:54
C>* 10.12.11.0/24 is directly connected, eth1.12, 01:27:53
S>* 172.16.22.0/24 [1/0] via 10.0.255.254, eth1.255, weight 1, 01:27:51
S>* 172.16.128.0/24 [1/0] via 10.0.255.254, eth1.255, weight 1, 01:27:51
C>* 192.0.1.0/29 is directly connected, eth0.100, 01:27:55Prefix has not been present and BGP should not advertise prefixes 172.16.22.0/24 and 172.16.128.0/24.
vyos@R-01# run sh ip bgp neighbors 192.0.1.3 advertised-routes
BGP table version is 6, local router ID is 192.0.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 172.16.22.0/24 0.0.0.0 0 32768 ?
*> 172.16.128.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 2
[edit]vyos@R-01# run sh ip bgp neighbors 192.0.1.4 advertised-routes
BGP table version is 6, local router ID is 192.0.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 172.16.22.0/24 0.0.0.0 0 32768 ?
*> 172.16.128.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 2
[edit]Removing the default route just in case:
vyos@R-01# delete protocols static route 0.0.0.0/0
[edit]
vyos@R-01# commit
[edit]
vyos@R-01# run sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 10.0.255.1/32 is directly connected, lo, 01:31:59
O 10.0.255.252/30 [110/1] is directly connected, eth1.255, weight 1, 01:31:53
C>* 10.0.255.252/30 is directly connected, eth1.255, 01:31:56
C>* 10.11.11.0/24 is directly connected, eth1.11, 01:31:57
C>* 10.12.11.0/24 is directly connected, eth1.12, 01:31:56
S>* 172.16.22.0/24 [1/0] via 10.0.255.254, eth1.255, weight 1, 01:31:54
S>* 172.16.128.0/24 [1/0] via 10.0.255.254, eth1.255, weight 1, 01:31:54
C>* 192.0.1.0/29 is directly connected, eth0.100, 01:31:58
[edit]R-01# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 10.0.255.1/32 is directly connected, lo, 01:34:20
O 10.0.255.252/30 [110/1] is directly connected, eth1.255, weight 1, 01:34:14
C>* 10.0.255.252/30 is directly connected, eth1.255, 01:34:17
C>* 10.11.11.0/24 is directly connected, eth1.11, 01:34:18
C>* 10.12.11.0/24 is directly connected, eth1.12, 01:34:17
S>* 172.16.22.0/24 [1/0] via 10.0.255.254, eth1.255, weight 1, 01:34:15
S>* 172.16.128.0/24 [1/0] via 10.0.255.254, eth1.255, weight 1, 01:34:15
C>* 192.0.1.0/29 is directly connected, eth0.100, 01:34:19The result is the same:
vyos@R-01# run sh ip bgp neighbors 192.0.1.3 advertised-routes
BGP table version is 6, local router ID is 192.0.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 172.16.22.0/24 0.0.0.0 0 32768 ?
*> 172.16.128.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 2
[edit]vyos@R-01# run sh ip bgp neighbors 192.0.1.4 advertised-routes
BGP table version is 6, local router ID is 192.0.1.1, vrf id 0
Default local pref 100, local AS 65001
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 172.16.22.0/24 0.0.0.0 0 32768 ?
*> 172.16.128.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 2
[edit]Should not advertise but advertises
Sharing FRR configuration outputs
frr version 9.1 frr defaults traditional hostname vyos log syslog log facility local7 hostname R-01 service integrated-vtysh-config ! ip route 172.16.22.0/24 10.0.255.254 eth1.255 ip route 172.16.128.0/24 10.0.255.254 eth1.255 ! interface eth1.255 ip ospf dead-interval 40 ip ospf network point-to-point exit ! router bgp 65001 bgp router-id 192.0.1.1 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check neighbor 192.0.1.3 remote-as 65003 neighbor 192.0.1.4 remote-as 65004 ! address-family ipv4 unicast redistribute static route-map Net-Out redistribute ospf neighbor 192.0.1.3 activate neighbor 192.0.1.3 weight 100 neighbor 192.0.1.3 route-map ISP1 out neighbor 192.0.1.3 advertise-map Net-Out exist-map VRRP_Peer neighbor 192.0.1.4 activate neighbor 192.0.1.4 next-hop-self neighbor 192.0.1.4 soft-reconfiguration inbound neighbor 192.0.1.4 route-map ISP2 out neighbor 192.0.1.4 advertise-map Net-Out exist-map VRRP_Peer exit-address-family exit ! router ospf auto-cost reference-bandwidth 100 timers throttle spf 200 1000 10000 redistribute connected route-map Lo network 10.0.255.252/30 area 0 exit ! ip prefix-list Net-Out seq 11 permit 172.16.22.0/24 ip prefix-list Net-Out seq 12 permit 172.16.128.0/24 ip prefix-list VRRP_Peer seq 11 permit 10.0.255.2/32 ! route-map Lo permit 10 match interface lo exit ! route-map VRRP_Peer permit 10 match ip address prefix-list VRRP_Peer exit ! route-map Net-Out permit 10 match ip address prefix-list Net-Out exit ! route-map ISP1 permit 10 match ip address prefix-list Net-Out exit ! route-map ISP2 permit 10 match ip address prefix-list Net-Out exit ! rpki exit ! end
VyOS version:
vyos@R-01# run sh version | grep -i version Version: VyOS 1.4.0-epa3 [edit]