gobgp icon indicating copy to clipboard operation
gobgp copied to clipboard
verified publisher icon osrg

GoBGP doesn't accept local prefixes if no import-policy-list is set

Open XioNoX opened this issue 5 years ago • 1 comments

Running GoBGP 2.12.

If I have:

[global.apply-policy.config]
default-import-policy = "reject-route"
default-export-policy = "accept-route"

And try to add a local prefix: gobgp global rib -a ipv4-flowspec add match destination 192.0.2.1/32 then discard It's not being accepted: gobgp global rib -a ipv4-flowspec returns: Network not in table

But if change the configuration to:

[[defined-sets.neighbor-sets]]
  neighbor-set-name = "ns-all"
  neighbor-info-list = []
[[policy-definitions]]
  name = "reject-all-neighbors"
  [[policy-definitions.statements]]
    [policy-definitions.statements.conditions.match-neighbor-set]
      neighbor-set = "ns1"
    [policy-definitions.statements.actions]
      route-disposition = "reject-route"

[global.apply-policy.config]
import-policy-list = ["reject-all-neighbors"]
default-import-policy = "reject-route"
default-export-policy = "accept-route"

Which should have the same end results as there are only reject-route for imports. But in this case: gobgp global rib -a ipv4-flowspec add match destination 192.0.2.1/32 then discard gobgp global rib -a ipv4-flowspec It works:

   Network                     Next Hop             AS_PATH              Age        Attrs
*> [destination: 192.0.2.1/32] fictitious                                00:00:05   [{Origin: ?} {Extcomms: [discard]}]

As a side note, changing the policy to a accept-route it works as well.

XioNoX avatar Feb 26 '20 21:02 XioNoX 

# Define neighbor sets
[[defined-sets.neighbor-sets]]
  neighbor-set-name = "ns-all"
  neighbor-info-list = []

# Define policy to reject all neighbors (or modify as needed)
[[policy-definitions]]
  name = "reject-all-neighbors"
  [[policy-definitions.statements]]
    [policy-definitions.statements.conditions.match-neighbor-set]
      neighbor-set = "ns-all"
    [policy-definitions.statements.actions]
      route-disposition = "reject-route"

# Global configuration
[global.config]
  as = 65001
  router-id = "10.10.10.10"

[global.apply-policy.config]
  import-policy-list = ["reject-all-neighbors"]  # Applying the reject-all-neighbors policy
  default-import-policy = "accept-route"         # Change default to accept-route to allow local prefixes
  default-export-policy = "accept-route"

# Define neighbors
[[neighbors]]
  [neighbors.config]
    neighbor-address = "172.16.4.2"
    peer-as = 65002

  [[neighbors.afi-safis]]
    [neighbors.afi-safis.config]
      afi-safi-name = "ipv4-unicast"

[[neighbors]]
  [neighbors.config]
    neighbor-address = "172.16.5.2"
    peer-as = 65002

  [[neighbors.afi-safis]]
    [neighbors.afi-safis.config]
      afi-safi-name = "ipv4-unicast"

# Zebra configuration
[zebra]
  [zebra.config]
    enabled = true
    url = "unix:/var/run/frr/zserv.api"
    version = 5

# Logging configuration
[logging]
  level = "debug"

ljluestc avatar Aug 11 '24 17:08 ljluestc