Page MenuHomeVyOS Platform
Create Task
Maniphest T3311

BGP Error: Remote AS must be set for neighbor or peer-group
Closed, ResolvedPublicBUG
Actions

Description

I am currently having issues with the following configuration working on 1.4. On 1.3 it works fine, but on 1.4 I receive an error:

vyos@cr01b-vyos# load
Loading configuration from 'config.boot'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@cr01b-vyos# comp
[edit protocols]
+bgp 4242420666 {
+    address-family {
+        ipv4-unicast {
+            redistribute {
+                connected {
+                    route-map BGP-REDISTRIBUTE
+                }
+                static {
+                    route-map BGP-REDISTRIBUTE
+                }
+            }
+        }
+        ipv6-unicast {
+            redistribute {
+                connected {
+                    route-map BGP-REDISTRIBUTE
+                }
+            }
+        }
+    }
+    neighbor 192.168.253.1 {
+        peer-group INT
+    }
+    neighbor 192.168.253.2 {
+        peer-group INT
+    }
+    neighbor 192.168.253.6 {
+        peer-group DAL13
+    }
+    neighbor 192.168.253.7 {
+        peer-group DAL13
+    }
+    neighbor 192.168.253.12 {
+        address-family {
+            ipv4-unicast {
+                route-map {
+                    export BGP-BACKBONE-OUT
+                    import BGP-BACKBONE-IN
+                }
+                soft-reconfiguration {
+                    inbound
+                }
+            }
+        }
+        bfd {
+        }
+        ebgp-multihop 2
+        remote-as 4242420669
+        update-source dum0
+    }
+    neighbor fd52:d62e:8011:fffe:192:168:253:1 {
+        address-family {
+            ipv6-unicast {
+                peer-group INTv6
+            }
+        }
+    }
+    neighbor fd52:d62e:8011:fffe:192:168:253:2 {
+        address-family {
+            ipv6-unicast {
+                peer-group INTv6
+            }
+        }
+    }
+    neighbor fd52:d62e:8011:fffe:192:168:253:6 {
+        address-family {
+            ipv6-unicast {
+                peer-group DAL13v6
+            }
+        }
+    }
+    neighbor fd52:d62e:8011:fffe:192:168:253:7 {
+        address-family {
+            ipv6-unicast {
+                peer-group DAL13v6
+            }
+        }
+    }
+    neighbor fd52:d62e:8011:fffe:192:168:253:12 {
+        address-family {
+            ipv6-unicast {
+                route-map {
+                    export BGP-BACKBONE-OUT
+                    import BGP-BACKBONE-IN
+                }
+                soft-reconfiguration {
+                    inbound
+                }
+            }
+        }
+        bfd {
+        }
+        ebgp-multihop 2
+        remote-as 4242420669
+        update-source dum0
+    }
+    parameters {
+        confederation {
+            identifier 4242420696
+            peers 4242420669
+        }
+        default {
+            no-ipv4-unicast
+        }
+        distance {
+            global {
+                external 220
+                internal 220
+                local 220
+            }
+        }
+        graceful-restart {
+        }
+    }
+    peer-group DAL13 {
+        address-family {
+            ipv4-unicast {
+                route-map {
+                    export BGP-BACKBONE-OUT
+                    import BGP-BACKBONE-IN
+                }
+                soft-reconfiguration {
+                    inbound
+                }
+            }
+        }
+        bfd {
+        }
+        ebgp-multihop 2
+        remote-as 4242420668
+        update-source dum0
+    }
+    peer-group DAL13v6 {
+        address-family {
+            ipv6-unicast {
+                route-map {
+                    export BGP-BACKBONE-OUT
+                    import BGP-BACKBONE-IN
+                }
+                soft-reconfiguration {
+                    inbound
+                }
+            }
+        }
+        bfd {
+        }
+        ebgp-multihop 2
+        remote-as 4242420668
+        update-source dum0
+    }
+    peer-group INT {
+        address-family {
+            ipv4-unicast {
+                default-originate {
+                }
+                soft-reconfiguration {
+                    inbound
+                }
+            }
+        }
+        bfd {
+        }
+        remote-as 4242420666
+        update-source dum0
+    }
+    peer-group INTv6 {
+        address-family {
+            ipv6-unicast {
+                default-originate {
+                }
+                soft-reconfiguration {
+                    inbound
+                }
+                }
+            }
+        }
+        bfd {
+        }
+        remote-as 4242420666
+        update-source dum0
+    }
+}
[edit]
vyos@cr01b-vyos# commit
Remote AS must be set for neighbor or peer-group!
[[protocols bgp 4242420666]] failed
Commit failed
[edit]

BGP configuration (with prefix lists and stuff):
Route maps:

 vyos@cr01b-vyos# run show conf com | grep -P 'set policy route-map.*BGP'
set policy route-map BGP-REDISTRIBUTE rule 10 action 'permit'
set policy route-map BGP-REDISTRIBUTE rule 10 description 'Prepend AS and allow VPN and modem'
set policy route-map BGP-REDISTRIBUTE rule 10 match ip address prefix-list 'GLOBAL'
set policy route-map BGP-REDISTRIBUTE rule 10 set as-path-prepend '4242420666'
set policy route-map BGP-REDISTRIBUTE rule 20 action 'permit'
set policy route-map BGP-REDISTRIBUTE rule 20 description 'Allow VPN'
set policy route-map BGP-REDISTRIBUTE rule 20 match ipv6 address prefix-list 'GLOBAL-V6'
set policy route-map BGP-BACKBONE-IN rule 10 action 'permit'
set policy route-map BGP-BACKBONE-IN rule 10 match ip address prefix-list 'BGP-BACKBONE-IN'
set policy route-map BGP-BACKBONE-IN rule 20 action 'permit'
set policy route-map BGP-BACKBONE-IN rule 20 match ipv6 address prefix-list 'BGP-BACKBONE-IN-V6'
set policy route-map BGP-BACKBONE-IN rule 30 action 'permit'
set policy route-map BGP-BACKBONE-IN rule 30 match large-community large-community-list 'ANYCAST_ALL'
set policy route-map BGP-BACKBONE-OUT rule 10 action 'permit'
set policy route-map BGP-BACKBONE-OUT rule 10 match ip address prefix-list 'BGP-BACKBONE-OUT'
set policy route-map BGP-BACKBONE-OUT rule 20 action 'permit'
set policy route-map BGP-BACKBONE-OUT rule 20 match ipv6 address prefix-list 'BGP-BACKBONE-OUT-V6'
set policy route-map BGP-BACKBONE-OUT rule 30 action 'permit'
set policy route-map BGP-BACKBONE-OUT rule 30 match large-community large-community-list 'ANYCAST_INT'
set policy route-map BGP-BACKBONE-OUT rule 30 set as-path-prepend '4242420666'

Large communities:

vyos@cr01b-vyos# run show conf com | grep 'set policy large-community'
set policy large-community-list ANYCAST_ALL rule 10 action 'permit'
set policy large-community-list ANYCAST_ALL rule 10 description 'Allow all anycast from anywhere'
set policy large-community-list ANYCAST_ALL rule 10 regex '4242420696:100:.*'
set policy large-community-list ANYCAST_INT rule 10 action 'permit'
set policy large-community-list ANYCAST_INT rule 10 description 'Allow all anycast from int'
set policy large-community-list ANYCAST_INT rule 10 regex '4242420696:100:1'

Prefix lists:

vyos@cr01b-vyos# run show conf com | grep -P 'set policy prefix-list.*BGP|GLOBAL'
set policy prefix-list BGP-BACKBONE-IN description 'Inbound backbone routes from other sites'
set policy prefix-list BGP-BACKBONE-IN rule 10 action 'deny'
set policy prefix-list BGP-BACKBONE-IN rule 10 description 'Block default route'
set policy prefix-list BGP-BACKBONE-IN rule 10 prefix '0.0.0.0/0'
set policy prefix-list BGP-BACKBONE-IN rule 20 action 'deny'
set policy prefix-list BGP-BACKBONE-IN rule 20 description 'Block int primary'
set policy prefix-list BGP-BACKBONE-IN rule 20 ge '21'
set policy prefix-list BGP-BACKBONE-IN rule 20 prefix '192.168.0.0/20'
set policy prefix-list BGP-BACKBONE-IN rule 30 action 'deny'
set policy prefix-list BGP-BACKBONE-IN rule 30 description 'Block loopbacks'
set policy prefix-list BGP-BACKBONE-IN rule 30 ge '25'
set policy prefix-list BGP-BACKBONE-IN rule 30 prefix '192.168.253.0/24'
set policy prefix-list BGP-BACKBONE-IN rule 40 action 'deny'
set policy prefix-list BGP-BACKBONE-IN rule 40 description 'Block backbone peering'
set policy prefix-list BGP-BACKBONE-IN rule 40 ge '25'
set policy prefix-list BGP-BACKBONE-IN rule 40 prefix '192.168.254.0/24'
set policy prefix-list BGP-BACKBONE-IN rule 999 action 'permit'
set policy prefix-list BGP-BACKBONE-IN rule 999 description 'Allow everything else'
set policy prefix-list BGP-BACKBONE-IN rule 999 ge '1'
set policy prefix-list BGP-BACKBONE-IN rule 999 prefix '0.0.0.0/0'
set policy prefix-list BGP-BACKBONE-OUT description 'Outbound backbone routes to other sites'
set policy prefix-list BGP-BACKBONE-OUT rule 10 action 'permit'
set policy prefix-list BGP-BACKBONE-OUT rule 10 description 'Int primary'
set policy prefix-list BGP-BACKBONE-OUT rule 10 ge '23'
set policy prefix-list BGP-BACKBONE-OUT rule 10 prefix '192.168.0.0/20'
set policy prefix-list GLOBAL description 'Globally redistributed routes'
set policy prefix-list GLOBAL rule 10 action 'permit'
set policy prefix-list GLOBAL rule 10 prefix '192.168.100.1/32'
set policy prefix-list GLOBAL rule 20 action 'permit'
set policy prefix-list GLOBAL rule 20 prefix '192.168.7.128/25'
set policy prefix-list6 BGP-BACKBONE-IN-V6 description 'Inbound backbone routes from other sites'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 action 'deny'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 description 'Block default route'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 prefix '::/0'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 action 'deny'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 description 'Block int primary'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 ge '53'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 prefix 'fd52:d62e:8011::/52'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 action 'deny'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 description 'Block peering and stuff'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 ge '53'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 prefix 'fd52:d62e:8011:f000::/52'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 action 'permit'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 description 'Allow everything else'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 ge '1'
set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 prefix '::/0'
set policy prefix-list6 BGP-BACKBONE-OUT-V6 description 'Outbound backbone routes to other sites'
set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 action 'permit'
set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 ge '64'
set policy prefix-list6 BGP-BACKBONE-OUT-V6 rule 10 prefix 'fd52:d62e:8011::/52'
set policy prefix-list6 GLOBAL-V6 description 'Globally redistributed routes'
set policy prefix-list6 GLOBAL-V6 rule 10 action 'permit'
set policy prefix-list6 GLOBAL-V6 rule 10 ge '64'
set policy prefix-list6 GLOBAL-V6 rule 10 prefix 'fd52:d62e:8011:2::/63'
set policy route-map BGP-REDISTRIBUTE rule 10 match ip address prefix-list 'GLOBAL'
set policy route-map BGP-REDISTRIBUTE rule 20 match ipv6 address prefix-list 'GLOBAL-V6'

BGP config:

vyos@cr01b-vyos# run show conf com | grep 'set protocols bgp'
set protocols bgp 4242420666 address-family ipv4-unicast redistribute connected route-map 'BGP-REDISTRIBUTE'
set protocols bgp 4242420666 address-family ipv4-unicast redistribute static route-map 'BGP-REDISTRIBUTE'
set protocols bgp 4242420666 address-family ipv6-unicast redistribute connected route-map 'BGP-REDISTRIBUTE'
set protocols bgp 4242420666 neighbor 192.168.253.1 peer-group 'INT'
set protocols bgp 4242420666 neighbor 192.168.253.2 peer-group 'INT'
set protocols bgp 4242420666 neighbor 192.168.253.6 peer-group 'DAL13'
set protocols bgp 4242420666 neighbor 192.168.253.7 peer-group 'DAL13'
set protocols bgp 4242420666 neighbor 192.168.253.12 address-family ipv4-unicast route-map export 'BGP-BACKBONE-OUT'
set protocols bgp 4242420666 neighbor 192.168.253.12 address-family ipv4-unicast route-map import 'BGP-BACKBONE-IN'
set protocols bgp 4242420666 neighbor 192.168.253.12 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4242420666 neighbor 192.168.253.12 bfd
set protocols bgp 4242420666 neighbor 192.168.253.12 ebgp-multihop '2'
set protocols bgp 4242420666 neighbor 192.168.253.12 remote-as '4242420669'
set protocols bgp 4242420666 neighbor 192.168.253.12 update-source 'dum0'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:1 address-family ipv6-unicast peer-group 'INTv6'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:2 address-family ipv6-unicast peer-group 'INTv6'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:6 address-family ipv6-unicast peer-group 'DAL13v6'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:7 address-family ipv6-unicast peer-group 'DAL13v6'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast route-map export 'BGP-BACKBONE-OUT'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast route-map import 'BGP-BACKBONE-IN'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:12 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:12 bfd
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:12 ebgp-multihop '2'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:12 remote-as '4242420669'
set protocols bgp 4242420666 neighbor fd52:d62e:8011:fffe:192:168:253:12 update-source 'dum0'
set protocols bgp 4242420666 parameters confederation identifier '4242420696'
set protocols bgp 4242420666 parameters confederation peers '4242420668'
set protocols bgp 4242420666 parameters confederation peers '4242420669'
set protocols bgp 4242420666 parameters default no-ipv4-unicast
set protocols bgp 4242420666 parameters distance global external '220'
set protocols bgp 4242420666 parameters distance global internal '220'
set protocols bgp 4242420666 parameters distance global local '220'
set protocols bgp 4242420666 parameters graceful-restart
set protocols bgp 4242420666 peer-group DAL13 address-family ipv4-unicast route-map export 'BGP-BACKBONE-OUT'
set protocols bgp 4242420666 peer-group DAL13 address-family ipv4-unicast route-map import 'BGP-BACKBONE-IN'
set protocols bgp 4242420666 peer-group DAL13 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4242420666 peer-group DAL13 bfd
set protocols bgp 4242420666 peer-group DAL13 ebgp-multihop '2'
set protocols bgp 4242420666 peer-group DAL13 remote-as '4242420668'
set protocols bgp 4242420666 peer-group DAL13 update-source 'dum0'
set protocols bgp 4242420666 peer-group DAL13v6 address-family ipv6-unicast route-map export 'BGP-BACKBONE-OUT'
set protocols bgp 4242420666 peer-group DAL13v6 address-family ipv6-unicast route-map import 'BGP-BACKBONE-IN'
set protocols bgp 4242420666 peer-group DAL13v6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242420666 peer-group DAL13v6 bfd
set protocols bgp 4242420666 peer-group DAL13v6 ebgp-multihop '2'
set protocols bgp 4242420666 peer-group DAL13v6 remote-as '4242420668'
set protocols bgp 4242420666 peer-group DAL13v6 update-source 'dum0'
set protocols bgp 4242420666 peer-group INT address-family ipv4-unicast default-originate
set protocols bgp 4242420666 peer-group INT address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4242420666 peer-group INT bfd
set protocols bgp 4242420666 peer-group INT remote-as '4242420666'
set protocols bgp 4242420666 peer-group INT update-source 'dum0'
set protocols bgp 4242420666 peer-group INTv6 address-family ipv6-unicast default-originate
set protocols bgp 4242420666 peer-group INTv6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242420666 peer-group INTv6 bfd
set protocols bgp 4242420666 peer-group INTv6 remote-as '4242420666'
set protocols bgp 4242420666 peer-group INTv6 update-source 'dum0'

BFD config:

set protocols bfd peer 192.168.253.1 interval receive '50'
set protocols bfd peer 192.168.253.1 interval transmit '50'
set protocols bfd peer 192.168.253.1 multihop
set protocols bfd peer 192.168.253.1 source address '192.168.253.3'
set protocols bfd peer 192.168.253.2 interval receive '50'
set protocols bfd peer 192.168.253.2 interval transmit '50'
set protocols bfd peer 192.168.253.2 multihop
set protocols bfd peer 192.168.253.2 source address '192.168.253.3'
set protocols bfd peer 192.168.253.6 interval receive '50'
set protocols bfd peer 192.168.253.6 interval transmit '50'
set protocols bfd peer 192.168.253.6 multihop
set protocols bfd peer 192.168.253.6 source address '192.168.253.3'
set protocols bfd peer 192.168.253.7 interval receive '50'
set protocols bfd peer 192.168.253.7 interval transmit '50'
set protocols bfd peer 192.168.253.7 multihop
set protocols bfd peer 192.168.253.7 source address '192.168.253.3'
set protocols bfd peer 192.168.253.12 interval receive '100'
set protocols bfd peer 192.168.253.12 interval transmit '100'
set protocols bfd peer 192.168.253.12 multihop
set protocols bfd peer 192.168.253.12 source address '192.168.253.3'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 interval receive '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 interval transmit '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 multihop
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:1 source address 'fd52:d62e:8011:fffe:192:168:253:3'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 interval receive '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 interval transmit '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 multihop
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:2 source address 'fd52:d62e:8011:fffe:192:168:253:3'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 interval receive '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 interval transmit '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 multihop
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:6 source address 'fd52:d62e:8011:fffe:192:168:253:3'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 interval receive '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 interval transmit '50'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 multihop
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:7 source address 'fd52:d62e:8011:fffe:192:168:253:3'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 interval receive '100'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 interval transmit '100'
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 multihop
set protocols bfd peer fd52:d62e:8011:fffe:192:168:253:12 source address 'fd52:d62e:8011:fffe:192:168:253:3'

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202102130218
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Related Objects