Page MenuHomeVyOS Platform

BGP export route-map only works after bgpd restart
Open, NormalPublicBUG

Description

Hi team,

i have as unexpected behaviour using export route-maps with bgp.

Export route-map does not working when i add a new bgp peer and using existing or new route-map as export filter. Same route-map works for other peers.

set protocols bgp peer-group xxx address-family ipv4-unicast maximum-prefix-out '100'
set protocols bgp peer-group xxx address-family ipv4-unicast nexthop-self
set protocols bgp peer-group xxx address-family ipv4-unicast remove-private-as
set protocols bgp peer-group xxx address-family ipv4-unicast route-map export 'XXX-I-OUT4'
set protocols bgp peer-group xxx address-family ipv4-unicast route-map import 'XXX-I-IN4'
set protocols bgp peer-group xxx address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp peer-group xxx description 'Peering: xxx v4'
set protocols bgp peer-group xxx remote-as 'xxx'

set protocols bgp neighbor xxx peer-group 'xxx'
commit

After that, import route-map works as expected but export won't work:

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
xxx   4      xxx       831        29        0    0    0 00:06:43         2544        0
BGP neighbor is xxx, remote AS xxx, local AS xxx, external link
 Member of peer-group xxx for session parameters
  BGP version 4, remote router ID xxx, local router ID xxx
  BGP state = Established, up for 00:13:58
  Last read 00:00:48, Last write 00:00:58
  Hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    4 Byte AS: advertised and received
    AddPath:
      IPv4 Unicast: RX advertised IPv4 Unicast
    Route refresh: advertised and received(old & new)
    Address Family IPv4 Unicast: advertised and received
    Hostname Capability: advertised (name: xxx,domain name: n/a) not received
    Graceful Restart Capability: advertised and received
      Remote Restart timer is 120 seconds
      Address families by peer:
        IPv4 Unicast(not preserved)
  Graceful restart information:
    End-of-RIB send: IPv4 Unicast
    End-of-RIB received: IPv4 Unicast
    Local GR Mode: Helper*
    Remote GR Mode: Restart
    R bit: False
    Timers:
      Configured Restart Time(sec): 120
      Received Restart Time(sec): 120
    IPv4 Unicast:
      F bit: False
      End-of-RIB sent: Yes
      End-of-RIB sent after update: Yes
      End-of-RIB received: Yes
      Timers:
        Configured Stale Path Time(sec): 360
  Message statistics:
    Inq depth is 0
    Outq depth is 0
                         Sent       Rcvd
    Opens:                  2          2
    Notifications:          2          0
    Updates:                2        808
    Keepalives:            30         29
    Route Refresh:          0          0
    Capability:             0          0
    Total:                 36        839
  Minimum time between advertisement runs is 0 seconds

 For address family: IPv4 Unicast
  xxx peer-group member
  Update group 9, subgroup 11
  Packet Queue length 0
  Inbound soft reconfiguration allowed
  Private AS numbers removed in updates to this neighbor
  NEXT_HOP is always this router
  Community attribute sent to this neighbor(all)
  Inbound path policy configured
  Outbound path policy configured
  Route map for incoming advertisements is *XXX-I-IN4
  Route map for outgoing advertisements is *XXX-I-OUT4
  2544 accepted prefixes
  Maximum allowed prefixes sent 0

  Connections established 2; dropped 1
  Last reset 00:14:00,  User reset
Local host: xxx, Local port: 55774
Foreign host: xxx, Foreign port: 179
Nexthop: xxx
Nexthop global: xxx
Nexthop local: xxx
BGP connection: shared network
BGP Connect Retry Timer in Seconds: 120
Estimated round trip time: 170 ms
Read thread: on  Write thread: on  FD used: 38

Now, when i restart bgpd:

run restart frr bgpd
WARNING: This is a potentially unsafe function! You may lose the connection to the router or active configuration after running this command. Use it at your own risk! Continue? [y/N]: y
The route-map 'XXX-I-OUT4' does not exist.

Restart of bgpd resets all peers and the route-map is working as planned until i add another peer. Then i have to restart the bgpd again:

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
xxx   4      xxx       267        21        0    0    0 00:03:11         2544        3

Looks like export route-map is not probably during commit und requires a restart for working. I think the export route-map is not set correct and it runs into deny all.

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202107271042
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

Can you please retrst with the latest 1.4? the was a bug related to route-maps in bgpd

Tried with latest version, issue still exist. I have that issue since July, some update broke export roue-maps. I have that error message "The route-map 'xxx' does not exist." since then.

show version

Version:          VyOS 1.4-rolling-202109100217
Release Train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Fri 10 Sep 2021 02:17 UTC
Build UUID:       4c13862f-704e-46b4-9b52-d4ff12e15c87
Build Commit ID:  73c319958802c5

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

After reboot all bgp sessions are showing 0 exported prefixes.

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
xxx    4      xxx       406         7        0    0    0 00:03:48         2544        0

After restart of bgpd:

restart bgp 
WARNING: This is a potentially unsafe function! You may lose the connection to the router or active configuration after running this command. Use it at your own risk! Continue? [y/N]: y
The route-map 'xxx-I-IN4' does not exist.
The route-map 'xxx-I-OUT4' does not exist.
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
xxx    4      xxx       406        13        0    0    0 00:04:12         2544        3

It looks like route-map for export is not applied during reboots and new peers. It requires a bgpd restart to work.

Can you please share your entire config and what to type to reproduce it? Happy to have a look later on.

c-po triaged this task as Normal priority.

Yes, sure. Here the whole configure (subnets, ips and asns replaced with xxx):

set policy large-community-list customer_allow_4 rule 10 action 'permit'
set policy large-community-list customer_allow_4 rule 10 regex '1:555:0'
set policy large-community-list customer_allow_6 rule 12 action 'permit'
set policy large-community-list customer_allow_6 rule 12 regex '1:555:1'
set policy prefix-list AS1-IN4 rule 100 action 'deny'
set policy prefix-list AS1-IN4 rule 100 prefix '0.0.0.0/0'
set policy prefix-list AS1-IN4 rule 101 action 'deny'
set policy prefix-list AS1-IN4 rule 101 le '32'
set policy prefix-list AS1-IN4 rule 101 prefix '10.0.0.0/8'
set policy prefix-list AS1-IN4 rule 102 action 'deny'
set policy prefix-list AS1-IN4 rule 102 le '32'
set policy prefix-list AS1-IN4 rule 102 prefix '127.0.0.0/8'
set policy prefix-list AS1-IN4 rule 103 action 'deny'
set policy prefix-list AS1-IN4 rule 103 le '32'
set policy prefix-list AS1-IN4 rule 103 prefix '192.168.0.0/16'
set policy prefix-list AS1-IN4 rule 104 action 'deny'
set policy prefix-list AS1-IN4 rule 104 le '32'
set policy prefix-list AS1-IN4 rule 104 prefix '172.16.0.0/12'
set policy prefix-list AS1-IN4 rule 105 action 'deny'
set policy prefix-list AS1-IN4 rule 105 le '32'
set policy prefix-list AS1-IN4 rule 105 prefix '224.0.0.0/3'
set policy prefix-list AS1-IN4 rule 106 action 'deny'
set policy prefix-list AS1-IN4 rule 106 le '32'
set policy prefix-list AS1-IN4 rule 106 prefix 'xxx'
set policy prefix-list AS1-IN4 rule 999 action 'permit'
set policy prefix-list AS1-IN4 rule 999 le '24'
set policy prefix-list AS1-IN4 rule 999 prefix '0.0.0.0/0'
set policy prefix-list AS1-OUT4 rule 200 action 'permit'
set policy prefix-list AS1-OUT4 rule 200 prefix 'xxx'
set policy prefix-list AS1-CUS-OUT4 rule 999 action 'permit'
set policy prefix-list AS1-CUS-OUT4 rule 999 le '24'
set policy prefix-list AS1-CUS-OUT4 rule 999 prefix '0.0.0.0/0'
set policy prefix-list all rule 10 action 'permit'
set policy prefix-list all rule 10 le '32'
set policy prefix-list all rule 10 prefix '0.0.0.0/0'
set policy prefix-list6 AS1-IN6 rule 100 action 'deny'
set policy prefix-list6 AS1-IN6 rule 100 le '0'
set policy prefix-list6 AS1-IN6 rule 100 prefix '::/0'
set policy prefix-list6 AS1-IN6 rule 101 action 'deny'
set policy prefix-list6 AS1-IN6 rule 101 le '128'
set policy prefix-list6 AS1-IN6 rule 101 prefix 'xxx'
set policy prefix-list6 AS1-IN6 rule 102 action 'deny'
set policy prefix-list6 AS1-IN6 rule 102 le '128'
set policy prefix-list6 AS1-IN6 rule 102 prefix 'xxx'
set policy prefix-list6 AS1-IN6 rule 103 action 'deny'
set policy prefix-list6 AS1-IN6 rule 103 le '128'
set policy prefix-list6 AS1-IN6 rule 103 prefix 'xxx'
set policy prefix-list6 AS1-IN6 rule 104 action 'deny'
set policy prefix-list6 AS1-IN6 rule 104 le '128'
set policy prefix-list6 AS1-IN6 rule 104 prefix 'xxx'
set policy prefix-list6 AS1-IN6 rule 105 action 'deny'
set policy prefix-list6 AS1-IN6 rule 105 le '128'
set policy prefix-list6 AS1-IN6 rule 105 prefix 'xxx'
set policy prefix-list6 AS1-IN6 rule 999 action 'permit'
set policy prefix-list6 AS1-IN6 rule 999 le '48'
set policy prefix-list6 AS1-IN6 rule 999 prefix '::/0'
set policy prefix-list6 AS1-OUT6 rule 200 action 'permit'
set policy prefix-list6 AS1-OUT6 rule 200 prefix 'xxx'
set policy prefix-list6 AS1-OUT6 rule 201 action 'permit'
set policy prefix-list6 AS1-OUT6 rule 201 prefix 'xxx'
set policy prefix-list6 AS1-OUT6 rule 202 action 'permit'
set policy prefix-list6 AS1-OUT6 rule 202 prefix 'xxx'
set policy prefix-list6 AS1-OUT6 rule 203 action 'permit'
set policy prefix-list6 AS1-OUT6 rule 203 prefix 'xxx'
set policy prefix-list6 AS1-OUT6 rule 204 action 'permit'
set policy prefix-list6 AS1-OUT6 rule 204 prefix 'xxx'
set policy prefix-list6 AS1-OUT6 rule 205 action 'permit'
set policy prefix-list6 AS1-OUT6 rule 205 prefix 'xxx'
set policy prefix-list6 AS1-CUS-OUT6 rule 999 action 'permit'
set policy prefix-list6 AS1-CUS-OUT6 rule 999 le '48'
set policy prefix-list6 AS1-CUS-OUT6 rule 999 prefix '::/0'
set policy prefix-list6 all rule 10 action 'permit'
set policy prefix-list6 all rule 10 le '128'
set policy prefix-list6 all rule 10 prefix '::/0'
set policy route-map AS1-CUS-OUT4 rule 10 action 'permit'
set policy route-map AS1-CUS-OUT4 rule 10 match ip address prefix-list 'AS1-CUS-OUT4'
set policy route-map AS1-CUS-OUT4 rule 999 action 'deny'
set policy route-map AS1-CUS-OUT6 rule 10 action 'permit'
set policy route-map AS1-CUS-OUT6 rule 10 match ipv6 address prefix-list 'AS1-CUS-OUT6'
set policy route-map AS1-CUS-OUT6 rule 999 action 'deny'
set policy route-map AS1-I-IN4 rule 10 action 'permit'
set policy route-map AS1-I-IN4 rule 10 match ip address prefix-list 'AS1-IN4'
set policy route-map AS1-I-IN4 rule 10 set large-community '1:3:1'
set policy route-map AS1-I-IN4 rule 10 set local-preference '300'
set policy route-map AS1-I-IN4 rule 999 action 'deny'
set policy route-map AS1-I-IN6 rule 10 action 'permit'
set policy route-map AS1-I-IN6 rule 10 match ipv6 address prefix-list 'AS1-IN6'
set policy route-map AS1-I-IN6 rule 10 set large-community '1:3:1'
set policy route-map AS1-I-IN6 rule 10 set local-preference '300'
set policy route-map AS1-I-IN6 rule 999 action 'deny'
set policy route-map AS1-I-OUT4 rule 10 action 'permit'
set policy route-map AS1-I-OUT4 rule 10 match ip address prefix-list 'AS1-OUT4'
set policy route-map AS1-I-OUT4 rule 11 action 'permit'
set policy route-map AS1-I-OUT4 rule 11 match large-community large-community-list 'customer_allow_4'
set policy route-map AS1-I-OUT6 rule 10 action 'permit'
set policy route-map AS1-I-OUT6 rule 10 match ipv6 address prefix-list 'AS1-OUT6'
set policy route-map AS1-I-OUT6 rule 11 action 'permit'
set policy route-map AS1-I-OUT6 rule 11 match large-community large-community-list 'customer_allow_6'
set policy route-map AS1-P-IN4 rule 10 action 'permit'
set policy route-map AS1-P-IN4 rule 10 match ip address prefix-list 'AS1-IN4'
set policy route-map AS1-P-IN4 rule 10 set large-community '1:2:1'
set policy route-map AS1-P-IN4 rule 10 set local-preference '400'
set policy route-map AS1-P-IN4 rule 999 action 'deny'
set policy route-map AS1-P-IN6 rule 10 action 'permit'
set policy route-map AS1-P-IN6 rule 10 match ipv6 address prefix-list 'AS1-IN6'
set policy route-map AS1-P-IN6 rule 10 set large-community '1:2:1'
set policy route-map AS1-P-IN6 rule 10 set local-preference '400'
set policy route-map AS1-P-IN6 rule 999 action 'deny'
set policy route-map AS1-P-OUT4 rule 10 action 'permit'
set policy route-map AS1-P-OUT4 rule 10 match ip address prefix-list 'AS1-OUT4'
set policy route-map AS1-P-OUT4 rule 11 action 'permit'
set policy route-map AS1-P-OUT4 rule 11 match large-community large-community-list 'customer_allow_4'
set policy route-map AS1-P-OUT4 rule 999 action 'deny'
set policy route-map AS1-P-OUT6 rule 10 action 'permit'
set policy route-map AS1-P-OUT6 rule 10 match ipv6 address prefix-list 'AS1-OUT6'
set policy route-map AS1-P-OUT6 rule 11 action 'permit'
set policy route-map AS1-P-OUT6 rule 11 match large-community large-community-list 'customer_allow_6'
set policy route-map AS1-P-OUT6 rule 999 action 'deny'
set policy route-map AS1-T-IN4 rule 10 action 'permit'
set policy route-map AS1-T-IN4 rule 10 match ip address prefix-list 'AS1-IN4'
set policy route-map AS1-T-IN4 rule 10 set large-community '1:1:1'
set policy route-map AS1-T-IN4 rule 10 set local-preference '1'
set policy route-map AS1-T-IN4 rule 999 action 'deny'
set policy route-map AS1-T-IN6 rule 10 action 'permit'
set policy route-map AS1-T-IN6 rule 10 match ipv6 address prefix-list 'AS1-IN6'
set policy route-map AS1-T-IN6 rule 10 set large-community '1:1:1'
set policy route-map AS1-T-IN6 rule 10 set local-preference '1'
set policy route-map AS1-T-IN6 rule 999 action 'deny'
set policy route-map AS1-T-OUT4 rule 10 action 'permit'
set policy route-map AS1-T-OUT4 rule 10 match ip address prefix-list 'AS1-OUT4'
set policy route-map AS1-T-OUT4 rule 999 action 'deny'
set policy route-map AS1-T-OUT6 rule 10 action 'permit'
set policy route-map AS1-T-OUT6 rule 10 match ipv6 address prefix-list 'AS1-OUT6'
set policy route-map AS1-T-OUT6 rule 999 action 'deny'
set policy route-map AS1-TC-IN4 rule 10 action 'permit'
set policy route-map AS1-TC-IN4 rule 10 match ip address prefix-list 'AS1-IN4'
set policy route-map AS1-TC-IN4 rule 10 set large-community '1:4:1'
set policy route-map AS1-TC-IN4 rule 10 set local-preference '290'
set policy route-map AS1-TC-IN4 rule 999 action 'deny'
set policy route-map AS1-TC-IN6 rule 10 action 'permit'
set policy route-map AS1-TC-IN6 rule 10 match ipv6 address prefix-list 'AS1-IN6'
set policy route-map AS1-TC-IN6 rule 10 set large-community '1:4:1'
set policy route-map AS1-TC-IN6 rule 10 set local-preference '290'
set policy route-map AS1-TC-IN6 rule 999 action 'deny'
set policy route-map AS1-TC-OUT4 rule 10 action 'permit'
set policy route-map AS1-TC-OUT4 rule 10 match ip address prefix-list 'AS1-OUT4'
set policy route-map AS1-TC-OUT4 rule 11 action 'permit'
set policy route-map AS1-TC-OUT4 rule 11 match large-community large-community-list 'customer_allow_4'
set policy route-map AS1-TC-OUT4 rule 999 action 'deny'
set policy route-map AS1-TC-OUT6 rule 10 action 'permit'
set policy route-map AS1-TC-OUT6 rule 10 match ipv6 address prefix-list 'AS1-OUT6'
set policy route-map AS1-TC-OUT6 rule 11 action 'permit'
set policy route-map AS1-TC-OUT6 rule 11 match large-community large-community-list 'customer_allow_6'
set policy route-map AS1-TC-OUT6 rule 999 action 'deny'
set policy route-map bgp-set-src rule 10 action 'permit'
set policy route-map bgp-set-src rule 10 description 'BGP - Set preferred IPv4 source:'
set policy route-map bgp-set-src rule 10 match ip address prefix-list 'all'
set policy route-map bgp-set-src rule 10 set src 'xxx'
set policy route-map bgp-set-src rule 20 action 'permit'
set policy route-map bgp-set-src rule 20 description 'BGP - Set preferred IPv6 source:'
set policy route-map bgp-set-src rule 20 match ipv6 address prefix-list 'all'
set policy route-map bgp-set-src rule 20 set src 'xxx'
set protocols bgp address-family ipv4-unicast maximum-paths ebgp '64'
set protocols bgp address-family ipv4-unicast maximum-paths ibgp '64'
set protocols bgp address-family ipv4-unicast network xxx
set protocols bgp address-family ipv6-unicast maximum-paths ebgp '64'
set protocols bgp address-family ipv6-unicast maximum-paths ibgp '64'
set protocols bgp address-family ipv6-unicast network xxx
set protocols bgp local-as '1'
set protocols bgp neighbor xxx peer-group 'xxx4'
set protocols bgp neighbor xxx peer-group 'xxx6'
set protocols bgp parameters bestpath as-path multipath-relax
set protocols bgp parameters default no-ipv4-unicast
set protocols bgp parameters log-neighbor-changes
set protocols bgp parameters router-id 'xxx'
set protocols bgp peer-group xxx4 address-family ipv4-unicast maximum-prefix-out '100'
set protocols bgp peer-group xxx4 address-family ipv4-unicast nexthop-self
set protocols bgp peer-group xxx4 address-family ipv4-unicast remove-private-as
set protocols bgp peer-group xxx4 address-family ipv4-unicast route-map export 'AS1-I-OUT4'
set protocols bgp peer-group xxx4 address-family ipv4-unicast route-map import 'AS1-I-IN4'
set protocols bgp peer-group xxx4 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp peer-group xxx4 description 'Peering: xxx v4'
set protocols bgp peer-group xxx4 remote-as '4'
set protocols bgp peer-group xxx6 address-family ipv6-unicast allowas-in
set protocols bgp peer-group xxx6 address-family ipv6-unicast maximum-prefix-out '1000'
set protocols bgp peer-group xxx6 address-family ipv6-unicast nexthop-self
set protocols bgp peer-group xxx6 address-family ipv6-unicast remove-private-as
set protocols bgp peer-group xxx6 address-family ipv6-unicast route-map export 'AS1-I-OUT6'
set protocols bgp peer-group xxx6 address-family ipv6-unicast route-map import 'AS1-I-IN6'
set protocols bgp peer-group xxx6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp peer-group xxx6 description 'Peering: xxx v6'
set protocols bgp peer-group xxx6 remote-as '4'
set protocols bgp route-map 'bgp-set-src'
set protocols rpki cache xxx port '3323'
set protocols rpki cache xxx preference '1'
set protocols rpki cache xxx port '3323'
set protocols rpki cache xxx preference '2'
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name 'xxx'
set system ip multipath layer4-hashing
set system ipv6 multipath layer4-hashing
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set vrf bind-to-all

Okay, trying to reproduce this. In the meantime, can you please check the behavior with vtysh as restarting bgpd is actually a bad idea.
My gut tells me this might be an FRR issue.