Page MenuHomeVyOS Platform

BGP Peer group without 'remote-as' gives shell error
Closed, InvalidPublicBUG

Description

vyos@vmcore-3# set protocols bgp 9449 peer-group as9449 address-family ipv4-unicast route-reflector-client
[edit]
vyos@vmcore-3# set protocols bgp 9449 peer-group as9449 address-family ipv6-unicast route-reflector-client
[edit]
vyos@vmcore-3# commit
[ protocols bgp 9449 peer-group as9449 address-family ipv4-unicast route-reflector-client ]
sh: line 0: [: 9449: unary operator expected

[ protocols bgp 9449 peer-group as9449 address-family ipv6-unicast route-reflector-client ]
sh: line 0: [: 9449: unary operator expected

[ protocols bgp 9449 ]
% Invalid command. Not an internal neighbor
Error configuring routing subsystem.  See log for more detailed information

[edit]
vyos@vmcore-3# run show configuration commands | grep bgp
set protocols bgp 9449 peer-group as9449 address-family ipv4-unicast route-reflector-client
set protocols bgp 9449 peer-group as9449 address-family ipv6-unicast route-reflector-client
[edit]
vyos@vmcore-3#

I'm not sure where that code is, but it seems like it's a pretty trivial patch to write - if someone wants to point me at the location of the script, I'm sure I can fix it!

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.3-beta-202107121144
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

@xrobau You have to set remote-as for peer-group or for neighbor

[email protected]# set protocols bgp 65001 peer-group FOO 
[edit]
[email protected]# set protocols bgp 65001 neighbor 203.0.113.2 peer-group FOO
[edit]
[email protected]# set protocols bgp 65001 neighbor 203.0.113.2 remote-as 65002
[edit]
[email protected]# commit
[edit]
[email protected]#

Neighbor without "remote-as" can't exist.

You COULD have a peer-group without remote-as, as you could apply that peer group to multiple remotes, and override the remote-as. But that is an edge case. The BETTER way to handle it is to enforce having a remote-as -- especially if you enable route-reflector-client

@xrobau As I mentioned before, peer-group can't exist without peer-as/remote-as in your case remote-as should be internal. It can exist without remote-as but with "route-reflector-client" it shouldn't
You can check it with vtysh FRR:

r4-1.3(config)# router bgp 9449
r4-1.3(config-router)#  no bgp ebgp-requires-policy
r4-1.3(config-router)#  no bgp network import-check
r4-1.3(config-router)#  neighbor as9449 peer-group
r4-1.3(config-router)# 
r4-1.3(config-router)# address-family ipv4 unicast
r4-1.3(config-router-af)#  neighbor as9449 route-reflector-client
% Invalid command. Not an internal neighbor
r4-1.3(config-router-af)#