Page MenuHomeVyOS Platform

BGP local-as accept wrong values
Backport candidate, NormalPublicBUG


We need to add another one check to set protocols bgp XXX neighbor YYY local-as command. In current version we can set the same value, as in remote-as for peers, which is not in router AS. Like this:

vyos@test-01# show protocols bgp 
 bgp 64512 {
     neighbor {
         local-as 64513 {
         remote-as 64513

This is not acceptable by FRRouting, as we can't establish iBGP session with eBGP peer and FRRouting silently skip this. So we need to add check for this command which will block possibility to make configurations like this if ( local-as == remote-as AND remote-as != router AS ).


Difficulty level
Normal (likely a few hours)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation

Event Timeline

syncer changed the task status from Open to Confirmed.Apr 17 2019, 8:00 PM
syncer assigned this task to hagbard.
syncer triaged this task as Normal priority.
hagbard changed the task status from Confirmed to In progress.Apr 23 2019, 5:37 PM
hagbard changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).Apr 23 2019, 5:40 PM

@zsdc is local-as required anyway? Isn't it always the same as the router-as?

can it be that the fix for T1243 is broken? I can understand that local-as can't be the same like remote-as if router-as diff from local-as but the patch forbit to set remote-as to the same like router-as that will break ibgp

ibgp: router-as == remote-as
ibgp: router-as == local-as == remote-as
broken: router-as != (local-as == remote-as)

from Slack

afics [6:27 PM]
I just upgraded some of my test routers from 1.2.0-rolling+201901160337 to 1.2.0-rolling+201905210337. After rebooting my BGP configuration was lost. When trying to load it manually I get:

[ protocols bgp 202928 neighbor remote-as 202928 ]
remote-as and router AS can't be the same value

local-as in the peer is not set.

I suspect this is because of T1243. My configuration is normal for iBGP peerings. Can anybody reproduce this?

syncer reopened this task as Backport candidate.Aug 31 2019, 4:32 AM
syncer reassigned this task from hagbard to dmbaturin.
syncer added a subscriber: hagbard.
dmbaturin set Is it a breaking change? to Stricter validation.

As I see it's already fixed:

vyos@r4-1.3# set protocols bgp 64512 neighbor local-as 64513
vyos@r4-1.3# set protocols bgp 64512 neighbor remote-as 64513
vyos@r4-1.3# commit
[ protocols bgp 64512 neighbor local-as 64513 ]
local-as: 64513 and remote-as: 64513 can't be the same

[[protocols bgp 64512]] failed
Commit failed