Page MenuHomeVyOS Platform
Create Task
Maniphest T4542

route-map: "match prefix-len" incorrect behavior
Closed, ResolvedPublic
Actions

Description

Tested in VyOS 1.4-rolling-202207160217

When trying to perform a "match" on the length of a prefix, it matches all prefixes
Simple example

image.png (116×537 px, 19 KB)

To recreate:
VyOS1 config:

set interfaces dummy dum1 address '1.1.1.1/24'
set interfaces dummy dum9 address '9.9.9.9/24'
set interfaces ethernet eth0 address '12.12.12.1/24'
set policy route-map EXT-IN rule 100 action 'permit'
set policy route-map EXT-IN rule 100 match ip address prefix-len '24'
set policy route-map EXT-IN rule 100 set community '100:24'
set policy route-map EXT-IN rule 200 action 'permit'
set policy route-map EXT-IN rule 200 match ip address prefix-len '23'
set policy route-map EXT-IN rule 200 set community '100:23'
set policy route-map EXT-IN rule 300 action 'permit'
set policy route-map EXT-IN rule 300 match ip address prefix-len '22'
set policy route-map EXT-IN rule 300 set community '100:22'
set protocols bgp address-family ipv4-unicast network 1.1.1.0/24
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp local-as '65001'
set protocols bgp neighbor 12.12.12.2 address-family ipv4-unicast nexthop-self
set protocols bgp neighbor 12.12.12.2 address-family ipv4-unicast route-map import 'EXT-IN'
set protocols bgp neighbor 12.12.12.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 12.12.12.2 remote-as '65002'

VyOS2 config:

set interfaces dummy dum2 address '2.2.2.2/24'
set interfaces ethernet eth0 address '12.12.12.2/24'
set protocols bgp address-family ipv4-unicast network 2.2.2.0/24
set protocols bgp address-family ipv4-unicast network 8.0.0.0/22
set protocols bgp address-family ipv4-unicast network 8.0.0.0/23
set protocols bgp address-family ipv4-unicast network 8.0.0.0/24
set protocols bgp local-as '65002'
set protocols bgp neighbor 12.12.12.1 address-family ipv4-unicast nexthop-self
set protocols bgp neighbor 12.12.12.1 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 12.12.12.1 remote-as '65001'
set protocols static route 8.0.0.0/22 blackhole
set protocols static route 8.0.0.0/23 blackhole
set protocols static route 8.0.0.0/24 blackhole

Expect to see these communities on VyOS-1:

community '100:24': 2.2.2.0/24, 8.0.0.0/24
community '100:23': 8.0.0.0/23
community '100:22': 8.0.0.0/22

However, we see these communities:

vyos@vyos:~$ sh ip bgp community 100:22
<EMPTY>
vyos@vyos:~$ sh ip bgp community 100:23
<EMPTY>
vyos@vyos:~$ sh ip bgp community 100:24
BGP table version is 23, local router ID is 12.12.12.1, vrf id 0
Default local pref 100, local AS 65001
   Network          Next Hop            Metric LocPrf Weight Path
*> 2.2.2.0/24       12.12.12.2               0             0 65002 i
*> 8.0.0.0/22       12.12.12.2               0             0 65002 i
*> 8.0.0.0/23       12.12.12.2               0             0 65002 i
*> 8.0.0.0/24       12.12.12.2               0             0 65002 i

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202207160217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

Unknown Object (User) created this task.Jul 19 2022, 6:52 AM
Unknown Object (User) created this object in space S1 VyOS Public.
Unknown Object (User) renamed this task from route-map: "match prefix-len" does not function correctly to route-map: "match prefix-len" incorrect behavior.Jul 19 2022, 6:55 AM
Unknown Object (User) added a comment.Jul 19 2022, 6:59 AM

Probably a problem with FRR

vyos@vyos:~$ vtysh
Hello, this is FRRouting (version 8.2.2).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
router bgp 65001
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 12.12.12.2 remote-as 65002
 !
 address-family ipv4 unicast
  network 1.1.1.0/24
  redistribute connected
  neighbor 12.12.12.2 activate
  neighbor 12.12.12.2 next-hop-self
  neighbor 12.12.12.2 soft-reconfiguration inbound
  neighbor 12.12.12.2 route-map EXT-IN in
 exit-address-family
exit
!
route-map EXT-IN permit 100
 match ip address prefix-len 24
 set community 100:24
exit
!
route-map EXT-IN permit 200
 match ip address prefix-len 23
 set community 100:23
exit
!
route-map EXT-IN permit 300
 match ip address prefix-len 22
 set community 100:22
exit
vyos# sh ip bgp community 100:22
vyos# sh ip bgp community 100:23
vyos# sh ip bgp community 100:24
BGP table version is 23, local router ID is 12.12.12.1, vrf id 0
Default local pref 100, local AS 65001
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*> 2.2.2.0/24       12.12.12.2               0             0 65002 i
*> 8.0.0.0/22       12.12.12.2               0             0 65002 i
*> 8.0.0.0/23       12.12.12.2               0             0 65002 i
*> 8.0.0.0/24       12.12.12.2               0             0 65002 i
pasik added a subscriber: pasik.Jul 19 2022, 8:51 AM
c-po added a subscriber: c-po.Jul 19 2022, 9:21 AM

Can you check with the latest rolling release? it uses FRR 8.3

zsdc changed the task status from Open to Confirmed.Jul 19 2022, 12:41 PM
zsdc assigned this task to Unknown Object (User).
zsdc added a subscriber: zsdc.

This is a behavior "by design". The prefix-len option cannot be used for BGP routes. We should add this notice to the CLI.
Check: http://docs.frrouting.org/en/latest/routemap.html#clicmd-match-ip-address-prefix-len-0-32

zsdc triaged this task as Low priority.Jul 19 2022, 12:41 PM
zsdc changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
Unknown Object (User) added a comment.Jul 20 2022, 9:26 AM

PR with notice:
https://github.com/vyos/vyos-1x/pull/1419

Unknown Object (User) added a comment.Jul 23 2022, 9:38 AM

New PR (Notice corrected):
https://github.com/vyos/vyos-1x/pull/1427

Unknown Object (User) changed the task status from Confirmed to Needs testing.Jul 30 2022, 4:59 AM

If "notice" in CLI and documentation is enough, the task can be closed.

n.fort closed this task as Resolved.Jul 11 2023, 12:29 PM