Page MenuHomeVyOS Platform
Create Task
Maniphest T7220

Add the option to disable enforce-first-as at peer level
Open, WishlistPublic
Actions

Description

When connecting to route servers at IXPs, I've discovered VyOS rejects routes that don't have the peer-AS as the first AS in the AS-path. While this behavior can be temporarily disabled using vtysh commands, the configuration doesn't persist after reboot.

vtysh
configure terminal
router bgp 123456 
no neighbor 10.0.0.1 enforce-first-as
no neighbor 10.0.0.2 enforce-first-as
end

Currently, VyOS only implements the option to enable enforce-first-as at the neighbor level, but it's enabled by default with no CLI option to disable it.

Request:

Add the ability to disable enforce-first-as through the VyOS CLI

Details

Version
VyOS 1.5-rolling
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)
Forum thread
https://forum.vyos.io/t/how-to-disable-enforce-first-as-at-neighbor-level/16198

Event Timeline

carlos created this task.Tue, Mar 4, 5:10 PM
carlos triaged this task as Wishlist priority.
carlos created this object in space S1 VyOS Public.
Viacheslav subscribed.EditedTue, Mar 4, 5:55 PM

FRR changed this behavior several times https://github.com/FRRouting/frr/commit/322462920e2a2c8b73191c6eb5157d64cf4a593e
Sometimes it is disabled by default, sometimes enabled :)
So, depending on the FRR version, the behavior could be different.

Since FRR 10. it is enabled by default https://frrouting.org/release/10.0/

Enable enforce-first-as by default for BGP
pasik subscribed.Tue, Mar 4, 6:27 PM
carlos added a comment.Thu, Mar 6, 9:08 PM

So I guess this is very low priority for you guys, but it is very critical for me, so quick question, do you accept PR from general public? If yes, I might go ahead and take a look in how to get this done :)

In the meantime I'll setup a post-commit hook.

Viacheslav added a comment.Mon, Mar 10, 1:30 PM
In T7220#217503, @carlos wrote:

So I guess this is very low priority for you guys, but it is very critical for me, so quick question, do you accept PR from general public? If yes, I might go ahead and take a look in how to get this done :)

In the meantime I'll setup a post-commit hook.

Sure, feel free to create a PR for the rolling/current
At first glance there should be no option for ELSE https://github.com/vyos/vyos-1x/blob/344455475089ee03e3e3a1ad9f7e61b69a2fdfff/data/templates/frr/bgpd.frr.j2#L99-L101

Something like

{% if config.enforce_first_as is vyos_defined %}
  neighbor {{ neighbor }} enforce-first-as
{% else %}
  no neighbor {{ neighbor }} enforce-first-as
{% endif %}