Page MenuHomeVyOS Platform
Create Task
Maniphest T5357

Policy: BGP communities fail to apply when loaded from config file
Closed, InvalidPublicBUG
Actions

Description

When loading a configuration from a file, route-maps with BGP communities get mangled and updated with "replace":

# test.config

interfaces {
   ethernet eth0 {
     address "dhcp"
     ipv6 {
         address {
             autoconf 
         }
      }
   }
}
policy {
    route-map TEST {
        rule 10 {
            action "permit"
            set {
                community {
                    add 65000:1
                }
                large-community {
                    add 4200000000:100:1
                }
            }
        }
    }
}
jvoss@test# load test.conf
Loading configuration from 'test.conf'
Load complete. Use 'commit' to make changes effective.
[edit]

jvoss@test# compare
+ TEST {
+     rule 10 {
+         action "permit"
+         set {
+             community {
+                 replace ""
+             }
+             large-community {
+                 replace ""
+             }
+         }
+     }
+ }

This appears to be caused by the migration script src/migration-scripts/policy/3-to-4 deleting every rule regardless of migration state:
https://github.com/vyos/vyos-1x/blob/ac60fe7d1840b8768542ee4b3f28f46544c290f2/src/migration-scripts/policy/3-to-4#L54

Refactoring this to delete existing configuration only when migrate took action resolves the issue.

After refactor:

jvoss@test# load test.conf
Loading configuration from 'test.conf'
Load complete. Use 'commit' to make changes effective.
[edit]

jvoss@test# compare
+ TEST {
+     rule 10 {
+         action "permit"
+         set {
+             community {
+                 add "65000:1"
+             }
+             large-community {
+                 add "4200000000:100:1"
+             }
+         }
+     }
+ }

jvoss@test# commit
[edit]
jvoss@test#

Details

Difficulty level
Easy (less than an hour)
Version
1.4-rolling-202307110210
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

jvoss created this task.Jul 13 2023, 9:25 PM
pasik added a subscriber: pasik.Jul 13 2023, 10:23 PM
fernando added a subscriber: fernando.Oct 25 2023, 7:38 PM

I've tested this issues in our lasted rolling-realese , after last commit , it seems works without problems :

vyos@vyos# load test.conf
Loading configuration from 'test.conf'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@vyos# compare
[policy]
+ route-map TEST {
+     rule 10 {
+         action "permit"
+         set {
+             community {
+                 add "65001:1"
+             }
+             large-community {
+                 add "4200000000:100:1"
+             }
+         }
+     }
+ }

[edit]
vyos@vyos# commit
[edit]
vyos@vyos# show confi

  Configuration path: [confi] is not valid

[edit]
vyos@vyos# run show configuration commands
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 ipv6 address autoconf
set policy route-map TEST rule 10 action 'permit'
set policy route-map TEST rule 10 set community add '65001:1'
set policy route-map TEST rule 10 set large-community add '4200000000:100:1'

version :

vyos@vyos# run show version
Version:          VyOS 1.5-rolling-202310240118
Release train:    current

Built by:         [email protected]
Built on:         Tue 24 Oct 2023 02:41 UTC
Build UUID:       66471dfc-8348-4dbf-953e-133854c539ff
Build commit ID:  142e8770563716

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    2cff0c30-3cb4-4e58-8ad3-c0adc651e637

Copyright:        VyOS maintainers and contributors

Could you test it again @jvoss ?

fernando changed the task status from Open to Needs testing.Oct 25 2023, 7:39 PM
fernando triaged this task as Low priority.
fernando added a project: VyOS 1.5 Circinus.
jvoss added a comment.Oct 26 2023, 1:09 AM

Hi @fernando. I can confirm this behavior is still working correctly after this was merged:

+ policy {
+     route-map TEST {
+         rule 10 {
+             action "permit"
+             set {
+                 community {
+                     add "65000:1"
+                 }
+                 large-community {
+                     add "4200000000:100:1"
+                 }
+             }
+         }
+     }
+ }

Tested with: VyOS 1.5-rolling-202310200118

Version:          VyOS 1.5-rolling-202310200118
Release train:    current

Built by:         [email protected]
Built on:         Fri 20 Oct 2023 02:38 UTC
Build UUID:       8e9bdc60-8846-46f9-9806-ce498cdfb666
Build commit ID:  a1402d5779fd8f

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    205ee74f-6e3f-4678-a908-34123e332fab

Copyright:        VyOS maintainers and contributors

Thanks!

Viacheslav closed this task as Invalid.Oct 26 2023, 7:12 AM
fernando added a comment.Oct 26 2023, 10:53 AM

@jvoss thanks to confirm !