Page MenuHomeVyOS Platform

Vyos views IPv6 routers received from BGP peer as internal
Open, LowPublicBUG

Description

  • we have an external peer that provides full IPv6 table
  • we do filter routes based on origin
  • it appears that Vyos views IPv6 routes as internal even if explicitly told that they are from an external system
  • IPv4 routes received from the same peer are treated properly

Here is the setup:

r2# show protocols bgp | strip-private
 bgp XXXXXX {
     neighbor xxx.xxx.169.254 {
         address-family {
             ipv4-unicast {
                 route-map {
                     import NO-ADVERTISE-IN
                 }
                 soft-reconfiguration {
                     inbound
                 }
             }
         }
         description "Vultr IPv4"
         ebgp-multihop 2
         password xxxxxx
         remote-as XXXXXX
         update-source xxx.xxx.58.231
     }
     neighbor xxxx:xxxx:ffff::1 {
         address-family {
             ipv6-unicast {
                 prefix-list {
                     import DEFAULT-ROUTE-IPV6
                 }
                 route-map {
                     import NO-EXPORT-IN
                 }
                 soft-reconfiguration {
                     inbound
                 }
             }
         }
         description "Vultr IPv6"
         ebgp-multihop 2
         password xxxxxx
         remote-as external
         update-source xxxx:xxxx:b001:9ef:5400:03ff:fe48:1774
     }
     parameters {
         router-id xxx.xxx.128.17
     }
 }

policies

r2# show policy
 prefix-list DEFAULT-ROUTE-IPV4 {
     rule 10 {
         action deny
         prefix 0.0.0.0/0
     }
     rule 20 {
         action permit
         le 24
         prefix 0.0.0.0/0
     }
 }
 prefix-list6 DEFAULT-ROUTE-IPV6 {
     rule 10 {
         action deny
         prefix ::/0
     }
     rule 20 {
         action permit
         le 64
         prefix ::/0
     }
 }
 route-map NO-ADVERTISE-IN {
     description "Do not propagate received routes ouside of this router"
     rule 10 {
         action permit
         match {
             origin egp
         }
         set {
             community no-advertise
         }
     }
 }
 route-map NO-EXPORT-IN {
     description "Do not export any of received routes outside of AS"
     rule 10 {
         action permit
         match {
             origin egp
         }
         set {
             community no-export
         }
     }
     rule 20 {
         action permit
     }
 }

here is the view of the IPv6 route table (note) that all routes are labeled as IGP

r2:~$ show ipv6 bgp neighbors 2001:19f0:ffff::1 routes
BGP table version is 0, local router ID is 23.153.128.17, vrf id 0
Default local pref 100, local AS 396142
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
   2001:4:112::/48  2001:19f0:ffff::1
                                                           0 64515 65534 20473 6939 112 i
   2001:200::/32    2001:19f0:ffff::1
                                                           0 64515 65534 20473 3356 2914 2500 2500 i
   2001:200:900::/40
                    2001:19f0:ffff::1
                                                           0 64515 65534 20473 6939 2516 7660 7660 7660 i
   2001:200:c000::/35
                    2001:19f0:ffff::1
                                                           0 64515 65534 20473 6939 7500 23634 i
   2001:200:e000::/35
                    2001:19f0:ffff::1
                                                           0 64515 65534 20473 6939 2516 7660 7660 7660 i
   2001:218::/32    2001:19f0:ffff::1
                                                           0 64515 65534 20473 3356 2914 i
   2001:218:2200::/40
                    2001:19f0:ffff::1
                                                           0 64515 65534 20473 3356 2914 18259 i
   2001:218:3004::/48
                    2001:19f0:ffff::1
                                                           0 64515 65534 20473 3356 2914 20940 20940 i
   2001:218:8000::/38
                    2001:19f0:ffff::1
                                                           0 64515 65534 20473 3356 2914 i
   2001:240::/32    2001:19f0:ffff::1
                                                           0 64515 65534 20473 3356 2497 i
   2001:250::/32    2001:19f0:ffff::1
                                                           0 64515 65534 20473 6939 23911 23910 i
   2001:251::/32    2001:19f0:ffff::1
                                                           0 64515 65534 20473 6939 23911 23910 i
   2001:252::/32    2001:19f0:ffff::1
                                                           0 64515 65534 20473 6939 23911 i
   2001:256:100::/48
                    2001:19f0:ffff::1
...

the same command for IPv4 show routes as EGP, which is correct

BGP table version is 445, local router ID is 23.153.128.17, vrf id 0
Default local pref 100, local AS 396142
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 2.56.184.0/22    169.254.169.254                        0 64515 65534 20473 1299 61317 213085 e
*> 2.58.144.0/22    169.254.169.254                        0 64515 65534 20473 1299 61317 207461 e
*> 2.58.232.0/22    169.254.169.254                        0 64515 65534 20473 1299 61317 207461 e
*> 2.58.232.0/24    169.254.169.254                        0 64515 65534 20473 1299 61317 207461 e
...

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3.0-rc3
Why the issue appeared?
Issues in third-party code
Is it a breaking change?
Perfectly compatible

Event Timeline

Viacheslav changed Why the issue appeared? from Will be filled on close to Issues in third-party code.
Viacheslav changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
Viacheslav added a project: VyOS 1.3 Equuleus.