Page MenuHomePhabricator

BGP local-as accept wrong values
Backport candidate, NormalPublicBUG

Description

Hello!
We need to add another one check to set protocols bgp XXX neighbor YYY local-as command. In current version we can set the same value, as in remote-as for peers, which is not in router AS. Like this:

vyos@test-01# show protocols bgp 
 bgp 64512 {
     neighbor 192.168.5.5 {
         local-as 64513 {
         }
         remote-as 64513
     }
 }

This is not acceptable by FRRouting, as we can't establish iBGP session with eBGP peer and FRRouting silently skip this. So we need to add check for this command which will block possibility to make configurations like this if ( local-as == remote-as AND remote-as != router AS ).

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.0-LTS
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation

Event Timeline

zsdc created this task.Feb 12 2019, 5:15 PM
pasik added a subscriber: pasik.Mar 12 2019, 5:18 PM
syncer changed the task status from Open to Confirmed.Apr 17 2019, 8:00 PM
syncer assigned this task to hagbard.
syncer triaged this task as Normal priority.
hagbard changed the task status from Confirmed to In progress.Apr 23 2019, 5:37 PM
hagbard changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).Apr 23 2019, 5:40 PM

@zsdc is local-as required anyway? Isn't it always the same as the router-as?

hagbard changed the task status from In progress to Needs testing.Apr 23 2019, 9:28 PM

@zsdc Can you please test?

hagbard closed this task as Resolved.Apr 29 2019, 4:20 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.May 6 2019, 4:54 PM

can it be that the fix for T1243 is broken? I can understand that local-as can't be the same like remote-as if router-as diff from local-as but the patch forbit to set remote-as to the same like router-as that will break ibgp

ibgp: router-as == remote-as
ibgp: router-as == local-as == remote-as
broken: router-as != (local-as == remote-as)

from Slack

afics [6:27 PM]
I just upgraded some of my test routers from 1.2.0-rolling+201901160337 to 1.2.0-rolling+201905210337. After rebooting my BGP configuration was lost. When trying to load it manually I get:

[ protocols bgp 202928 neighbor 1.2.3.4 remote-as 202928 ]
remote-as and router AS can't be the same value

local-as in the peer is not set.

I suspect this is because of T1243. My configuration is normal for iBGP peerings. Can anybody reproduce this?

syncer reopened this task as Backport candidate.Sat, Aug 31, 4:32 AM
syncer reassigned this task from hagbard to dmbaturin.
syncer added a subscriber: hagbard.
dmbaturin set Is it a breaking change? to Stricter validation.