Page MenuHomeVyOS Platform
Create Task
Maniphest T7616

BGPD : "Zombie" Route Map in FRR breaking BGP
Open, HighPublicBUG
Actions

Description

Hello,
I have found an issue with current rolling, regarding the use of route-maps in a BGP scenario.
It seems that the route maps can sometimes be installed as "zombies", what i mean by that is that they are available for every type of daemon of FRR, except BGP, see below :

vtysh# show route-map RPL-AS209768-TRANSIT-OUT-V4
...
...
OSPF6:
route-map: RPL-AS209768-TRANSIT-OUT-V4 Invoked: 0 Optimization: enabled Processed Change: false
 permit, sequence 10 Invoked 0
  Match clauses:
  Set clauses:
  Call clause:
    Call HANDLE-PEER-AS209768-COMMUNITIES
...
  Action:
    Exit routemap
BGP:
BGP: 'route-map RPL-AS209768-TRANSIT-OUT-V4' not found
ISIS:
route-map: RPL-AS209768-TRANSIT-OUT-V4 Invoked: 0 Optimization: enabled Processed Change: false
 permit, sequence 10 Invoked 0
  Match clauses:
  Set clauses:
  Call clause:
    Call HANDLE-PEER-AS209768-COMMUNITIES
...
  Action:
    Exit routemap
...
vtysh# show running-config
...
route-map RPL-AS209768-TRANSIT-OUT-V4 permit 20
 call HANDLE-PRIVATE-COMMUNITIES
 on-match next
exit
!
route-map RPL-AS209768-TRANSIT-OUT-V4 permit 30
 call RPL-ACT-TRANSIT-DELETE_COMMUNITY
 on-match next
exit
!
route-map RPL-AS209768-TRANSIT-OUT-V4 permit 200
 on-match next
exit
!
route-map RPL-AS209768-TRANSIT-OUT-V4 deny 210
exit
!
route-map RPL-AS209768-TRANSIT-OUT-V4 permit 300
 match ip address prefix-list PFX-AS211615-IRR-V4
exit
!
route-map RPL-AS209768-TRANSIT-OUT-V4 permit 310
exit
!
route-map RPL-AS209768-TRANSIT-OUT-V4 permit 320
exit
!
route-map RPL-AS209768-TRANSIT-OUT-V4 deny 9999
exit
!
...
# run show configuration commands | grep RPL-AS209768-TRANSIT-OUT-V4
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 10 action 'permit'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 10 call 'HANDLE-PEER-AS209768-COMMUNITIES'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 10 on-match next
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 20 action 'permit'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 20 call 'HANDLE-PRIVATE-COMMUNITIES'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 20 on-match next
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 30 action 'permit'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 30 call 'RPL-ACT-TRANSIT-DELETE_COMMUNITY'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 30 on-match next
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 200 action 'permit'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 200 on-match next
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 210 action 'deny'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 210 match large-community large-community-list 'FROM-TRANSIT'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 300 action 'permit'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 300 match ip address prefix-list 'PFX-AS211615-IRR-V4'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 310 action 'permit'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 310 match large-community large-community-list 'BLACKHOLE'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 310 set community add '9002:666'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 310 set large-community delete 'BLACKHOLE'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 320 action 'permit'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 320 match community community-list 'BLACKHOLE'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 320 set community add '9002:666'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 320 set community delete 'BLACKHOLE'
set policy route-map RPL-AS209768-TRANSIT-OUT-V4 rule 9999 action 'deny'

And when restarting BGPd daemon :

# run restart bgp 
WARNING: This is a potentially unsafe function!
You may lose the connection to the router or active configuration after
running this command. Use it at your own risk!

Continue? [y/N] y
The route-map 'RPL-AS209768-TRANSIT-IN-V4' does not exist.
The route-map 'RPL-AS211615-IBGP-IN-V4' does not exist.
The route-map 'RPL-AS211615-IBGP-OUT-V4' does not exist.
The route-map 'RPL-AS211615-TUNNEL-MESH-IN-V4' does not exist.
The route-map 'RPL-AS211615-TUNNEL-MESH-OUT-V4' does not exist.
The route-map 'PREPEND-3' does not exist.
The route-map 'RPL-AS209768-TRANSIT-IN-V6' does not exist.
The route-map 'RPL-AS209768-TRANSIT-OUT-V6' does not exist.
The route-map 'RPL-AS211615-IBGP-IN-V6' does not exist.
The route-map 'RPL-AS211615-IBGP-OUT-V6' does not exist.
The route-map 'RPL-AS211615-TUNNEL-MESH-IN-V6' does not exist.
The route-map 'RPL-AS211615-TUNNEL-MESH-OUT-V6' does not exist.

I tried every kind of configuration possible, it seems that it only happens when using more than ~16 route maps

A way to fix sometimes is to go in vtysh and re-set the route map there, sometimes it fixes, sometime it does not.
It isn't because of a specific parameter used in the route-map, for example :

# run show configuration commands | grep 'route-map PREPEND-3'
set policy route-map PREPEND-3 rule 10 action 'permit'
set policy route-map PREPEND-3 rule 10 set as-path prepend '211615 211615 211615'

Quite a simple route map, should not be causing issues
Seems present on latest versions and even old ones (2025.05.13-0019-rolling and 2025.07.06-0022-rolling have been tested)

If you have any idea on what is going on, i've checked and i can't figure anything out

Details

Version
2025.07.06-0022-rolling
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)