BGP route reflector configuration broken due to T7760
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	fabrizziop
	Oct 3 2025, 8:57 AM

Description

This is caused by the changes in https://vyos.dev/T7760

Hi,
I know my network is configured somewhat esoterically but this has broken my route reflectors that are reflecting routes for a different network inside a VRF
system has AS 4200000001 globally - the VRF was configured with AS203528

set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv4-unicast addpath-tx-all
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv4-unicast route-reflector-client
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv6-unicast addpath-tx-all
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv6-unicast route-reflector-client
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 description 'PRG1BR1'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 remote-as 'internal'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 timers connect '1'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 update-source 'dum1'
set vrf name PUBLIC_VRF protocols bgp parameters route-reflector-allow-outbound-policy
set vrf name PUBLIC_VRF protocols bgp system-as '203528'

how this looks configured on FRR on the 09/17 nightly, working properly

router bgp 203528 vrf PUBLIC_VRF
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 bgp route-reflector allow-outbound-policy
 no bgp network import-check
...
 neighbor 192.168.248.12 remote-as internal
 neighbor 192.168.248.12 description PRG1BR1
 no neighbor 192.168.248.12 enforce-first-as
 neighbor 192.168.248.12 update-source dum1
 neighbor 192.168.248.12 timers connect 1

after the upgrade - note that "internal" effectively means that the remote AS is the system AS which is now 4200000001 so this is not going to work

set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv4-unicast addpath-tx-all
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv4-unicast allowas-in number '1'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv4-unicast route-reflector-client
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv6-unicast addpath-tx-all
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv6-unicast allowas-in number '1'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 address-family ipv6-unicast route-reflector-client
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 description 'PRG1BR1'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 local-as 203528 no-prepend replace-as
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 remote-as 'internal'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 timers connect '1'
set vrf name PUBLIC_VRF protocols bgp neighbor 192.168.248.12 update-source 'dum1'

and FRR

router bgp 4200000001 vrf PUBLIC_VRF
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 bgp route-reflector allow-outbound-policy
 no bgp network import-check
...
 neighbor 192.168.248.12 remote-as internal
 neighbor 192.168.248.12 local-as 203528 no-prepend replace-as
 neighbor 192.168.248.12 description PRG1BR1
 no neighbor 192.168.248.12 enforce-first-as
 neighbor 192.168.248.12 update-source dum1
 neighbor 192.168.248.12 timers connect 1

the problem is that VyOS doesn't let me configure the same "remote-as" as "local-as"

fabrizzio@PRG1RR3# commit 
[ vrf name PUBLIC_VRF protocols bgp ]
Neighbor "192.168.248.14" has local-as specified which is the same as
remote-as, this is not allowed!

however FRR doesn't care about this, I can configure it manually on FRR and make it work.

neighbor 192.168.248.12 remote-as 203528
neighbor 192.168.248.12 local-as 203528 no-prepend replace-as
neighbor 192.168.248.12 description PRG1BR1
no neighbor 192.168.248.12 enforce-first-as
neighbor 192.168.248.12 update-source dum1
neighbor 192.168.248.12 timers connect 1

Again I know this is a bit far fetched configuration but I would rather inform that the change & associated migration will cause breakage.

Best Regards,
Fabrizzio.

Details

Version: 2025.10.01-0021-rolling
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects
Search...

Status	Subtype	Assigned	Task
Resolved	BUG	c-po	T7665 Commit failed when attempted to create a new BGP instance for VRF linked with VXLAN(L3VNI).
Resolved	BUG	c-po	T7760 bgp: remove per vrf instance system-as node
Resolved	BUG	c-po	T7904 BGP route reflector configuration broken due to T7760

Event Timeline

fabrizziop created this task.Oct 3 2025, 8:57 AM

Viacheslav assigned this task to c-po.Oct 3 2025, 10:56 AM

Viacheslav triaged this task as High priority.

Viacheslav added a parent task: T7760: bgp: remove per vrf instance system-as node.Oct 3 2025, 11:55 AM

pasik subscribed.Oct 5 2025, 5:48 PM

Viacheslav mentioned this in T7760: bgp: remove per vrf instance system-as node.Oct 6 2025, 2:05 PM

Unknown Object (User) edited projects, added VyOS 1.5 Circinus (1.5-stream-2025-Q3), VyOS 1.4 Sagitta (1.4.4); removed VyOS 1.5 Circinus, VyOS 1.4 Sagitta.Oct 9 2025, 11:37 AM

Commit for https://vyos.dev/T7760, so this issue is fixed.

Unknown Object (User) moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.4) board.Oct 10 2025, 6:39 AM

Unknown Object (User) moved this task from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.

dmbaturin removed a project: VyOS 1.4 Sagitta (1.4.4).Wed, Nov 19, 2:20 PM

BGP route reflector configuration broken due to T7760Closed, ResolvedPublicBUGActions

Description

Details

Related ObjectsSearch...

Event Timeline

BGP route reflector configuration broken due to T7760
Closed, ResolvedPublicBUG
Actions

Related Objects
Search...