Summary

Vyos assumes that 'enforce-first-as' is DEFAULT OFF ala Juniper, whereas FRR now appears to be following the Cisco convention of DEFAULT ON. This makes it impossible to turn it OFF per neighbour or globally unless the backport from T8208 is applied, which makes for a very messy FRR config, where EVERY PEER automatically gets a 'no enforce-first-as' command.

Either Vyos should be automatically turning OFF 'enforce-first-as' globallly in FRR, or an option to turn it off in "protocols bgp parameters" should be introduced with "Juniper" or "Cisco" as the arguments.

Use case

Turning off enforce-first-as is a requirement for most Internet Exchange Route servers, whereas Direct Peering at an IXP can run to dozens of Peers where enforce-first-as is desired.

Additional information

There is a global command in FRR:

router BGP ASN

no bgp enforce-first-as

which turns a "Cisco"-like router into a "Juniper" like router.