In 1.4.0-rc1, when using route-target both, it prevents you from importing route-targets from different VRFs.
With route-target both:
set vrf name ADMINS protocols bgp address-family ipv4-unicast route-target vpn both '65200:2'
set vrf name ADMINS protocols bgp address-family ipv4-unicast route-target vpn import '65200:1'
set vrf name USERS protocols bgp address-family ipv4-unicast route-target vpn both '65200:1'
set vrf name USERS protocols bgp address-family ipv4-unicast route-target vpn import '65200:2'
vyos@Region1-Spoke2# run show ip bgp vrf USERS
Network Next Hop Metric LocPrf Weight Path
*> 10.12.1.0/24 0.0.0.0 0 32768 ?
vyos@Region1-Spoke2# run show ip bgp vrf ADMINS
Network Next Hop Metric LocPrf Weight Path
*> 10.12.2.0/24 0.0.0.0 0 32768 ?
Without route-target both:
set vrf name ADMINS protocols bgp address-family ipv4-unicast route-target vpn export '65200:2'
set vrf name ADMINS protocols bgp address-family ipv4-unicast route-target vpn import '65200:1 65200:2'
set vrf name USERS protocols bgp address-family ipv4-unicast route-target vpn export '65200:1'
set vrf name USERS protocols bgp address-family ipv4-unicast route-target vpn import '65200:1 65200:2'
vyos@Region1-Spoke2# run show ip bgp vrf USERS
Network Next Hop Metric LocPrf Weight Path
*> 10.12.1.0/24 0.0.0.0 0 32768 ?
*> 10.12.2.0/24 0.0.0.0@33< 0 32768 ?
vyos@Region1-Spoke2# run show ip bgp vrf ADMINS
Network Next Hop Metric LocPrf Weight Path
*> 10.12.1.0/24 0.0.0.0@37< 0 32768 ?
*> 10.12.2.0/24 0.0.0.0 0 32768 ?
Some more info:
The additional imports don’t appear to make it into the FRR BGP config. Manually adding the imports into FRR also allows leaking between VRFs.
set vrf name ADMINS protocols bgp address-family ipv4-unicast route-target vpn both '65200:2'
set vrf name ADMINS protocols bgp address-family ipv4-unicast route-target vpn import '65200:1'
router bgp 65000 vrf ADMINS
address-family ipv4 unicast
rt vpn both 65200:2
set vrf name USERS protocols bgp address-family ipv4-unicast route-target vpn both '65200:1'
set vrf name USERS protocols bgp address-family ipv4-unicast route-target vpn import '65200:2'
router bgp 65000 vrf USERS
address-family ipv4 unicast
rt vpn both 65200:1
thanks for report this issues , as a workaround you can use a rt list ,instead of ipv4-unicast route-target vpn both command until we fixed it :
task with bug :
Thank you for creating that! I’ve been very impressed with how responsive you guys have been to bugs and feature requests.
Request:
This is beyond the scope of a simple bug, but I’d love to see the behavior of creating additional imports be an append action to existing imports instead of rewriting the existing import. This is more in line with how enterprise gear would handle this.
Someone could cause an outage if they’re not aware of how that behavior differs from what they’ve known.
For instance, if this already exists:
set vrf name red protocols bgp address-family ipv4-unicast route-target vpn import '65500:200'
And I type this:
set vrf name red protocols bgp address-family ipv4-unicast route-target vpn import '65500:300'
It should create this instead of rewriting the original import:
set vrf name red protocols bgp address-family ipv4-unicast route-target vpn import '65500:200 65500:300'
Maybe add a switch to the end of the command that allows the append behavior. Something like:
set vrf name red protocols bgp address-family ipv4-unicast route-target vpn import '65500:300' append