BGP route-map seems to have no effect

MoepMan · July 1, 2020, 12:42pm

Hello,

I have setup a route-map and want to debug it, so I decided to use “set metric +XX” statements in order to be able to see which rule actually was in effect.

However routes are still accepted with a metric of 0 - while I expect at least two of them to match.

See relevant config sections and output of show ip bgp x.x.x.x:

vyos@vyos1:~$ show configuration commands | grep route-map
set policy route-map CIX-IN-v4 rule 10 action 'permit'
set policy route-map CIX-IN-v4 rule 10 match as-path 'bogon-asns'
set policy route-map CIX-IN-v4 rule 10 set metric '+10'
set policy route-map CIX-IN-v4 rule 20 action 'permit'
set policy route-map CIX-IN-v4 rule 20 match ip address prefix-list 'bogon-v4'
set policy route-map CIX-IN-v4 rule 20 set metric '+20'
set policy route-map CIX-IN-v4 rule 40 action 'permit'
set policy route-map CIX-IN-v4 rule 40 set metric '+80'
set protocols bgp 65005 peer-group CIX address-family ipv4-unicast route-map import 'CIX-IN-v4'

vyos@vyos1:~$ show ip bgp 172.18.0.0
BGP routing table entry for 172.18.0.0/16
Paths: (1 available, best #1, table default)
  Advertised to non peer-group peers:
  100.64.10.11
  65009
    100.64.10.11 from 100.64.10.11 (100.64.10.11)
      Origin IGP, metric 0, valid, external, best (First path received)
      Last update: Wed Jul  1 12:30:40 2020

Viacheslav · July 1, 2020, 2:56pm

Hi @MoepMan
Can you share your prefix-list “bogon-v4”?
As far as I understand, do you expect this rule to work out (rule 20)?

MoepMan · July 1, 2020, 8:14pm

I expect most of them to match and cause their respective set action to be triggerd. However it looks like none did, not even rule 40 (which should always increase the metric by 80).

(Reason for chaning the action to set metrix +X instead of a deny action was to debug which ones trigger and which ones need adjusting. However I find it quite difficult to get proper documentation on the exact syntax for some of those policy related options.)

vyos@vyos1:~$ show configuration commands | match prefix
set policy prefix-list bogon-v4 rule 10 action 'permit'
set policy prefix-list bogon-v4 rule 10 prefix '0.0.0.0/8'
set policy prefix-list bogon-v4 rule 20 action 'permit'
set policy prefix-list bogon-v4 rule 20 prefix '10.0.0.0/8'
set policy prefix-list bogon-v4 rule 30 action 'permit'
set policy prefix-list bogon-v4 rule 30 prefix '100.64.0.0/10'
set policy prefix-list bogon-v4 rule 40 action 'permit'
set policy prefix-list bogon-v4 rule 40 prefix '127.0.0.0/8'
set policy prefix-list bogon-v4 rule 50 action 'permit'
set policy prefix-list bogon-v4 rule 50 prefix '169.254.0.0/16'
set policy prefix-list bogon-v4 rule 60 action 'permit'
set policy prefix-list bogon-v4 rule 60 prefix '172.16.0.0/12'
set policy prefix-list bogon-v4 rule 70 action 'permit'
set policy prefix-list bogon-v4 rule 70 prefix '192.0.2.0/24'
set policy prefix-list bogon-v4 rule 80 action 'permit'
set policy prefix-list bogon-v4 rule 80 prefix '192.88.99.0/24'
set policy prefix-list bogon-v4 rule 90 action 'permit'
set policy prefix-list bogon-v4 rule 90 prefix '192.168.0.0/16'
set policy prefix-list bogon-v4 rule 100 action 'permit'
set policy prefix-list bogon-v4 rule 100 prefix '198.18.0.0/15'
set policy prefix-list bogon-v4 rule 110 action 'permit'
set policy prefix-list bogon-v4 rule 110 prefix '198.51.100.0/24'
set policy prefix-list bogon-v4 rule 120 action 'permit'
set policy prefix-list bogon-v4 rule 120 prefix '203.0.113.0/24'
set policy prefix-list bogon-v4 rule 130 action 'permit'
set policy prefix-list bogon-v4 rule 130 prefix '224.0.0.0/4'
set policy prefix-list bogon-v4 rule 140 action 'permit'
set policy prefix-list bogon-v4 rule 140 prefix '240.0.0.0/4'

Viacheslav · July 2, 2020, 7:58am

@MoepMan What version of VyOS do you use?

show version

Regarding configuration.

You need to add in prefix-list param “le 24”, otherwise, a strict match is triggered for the prefix
An example you see prefix 172.18.0.0/16, but the filter will be accepted only strict prefix ‘172.16.0.0/12’
In this case (without “le”), the default value from the rule 40 “+80” should work.
Check if the neighbor 100.64.10.11 is present in the peer-group “CIX”?

I checked on LTS next configuration:

set policy prefix-list NET-10 rule 10 action 'permit'
set policy prefix-list NET-10 rule 10 le '24'
set policy prefix-list NET-10 rule 10 prefix '10.0.0.0/8'
set policy prefix-list NET-100 rule 10 action 'permit'
set policy prefix-list NET-100 rule 10 le '24'
set policy prefix-list NET-100 rule 10 prefix '100.64.0.0/12'
set policy prefix-list NET-192 rule 10 action 'permit'
set policy prefix-list NET-192 rule 10 le '24'
set policy prefix-list NET-192 rule 10 prefix '192.168.0.0/16'

set policy route-map CIX-IN-v4 rule 10 action 'permit'
set policy route-map CIX-IN-v4 rule 10 match ip address prefix-list 'NET-10'
set policy route-map CIX-IN-v4 rule 10 set metric '+10'
set policy route-map CIX-IN-v4 rule 20 action 'permit'
set policy route-map CIX-IN-v4 rule 20 match ip address prefix-list 'NET-100'
set policy route-map CIX-IN-v4 rule 20 set metric '+20'
set policy route-map CIX-IN-v4 rule 30 action 'permit'
set policy route-map CIX-IN-v4 rule 30 match ip address prefix-list 'NET-192'
set policy route-map CIX-IN-v4 rule 30 set metric '+80'
set policy route-map CIX-IN-v4 rule 40 action 'permit'
set policy route-map CIX-IN-v4 rule 40 set metric '+120'

set protocols bgp 65001 neighbor 10.0.0.2 address-family ipv4-unicast
set protocols bgp 65001 neighbor 10.0.0.2 peer-group 'CIX'
set protocols bgp 65001 peer-group CIX address-family ipv4-unicast route-map import 'CIX-IN-v4'
set protocols bgp 65001 peer-group CIX remote-as '65002'

Show “ip bgp” for checking metrics:

vyos@vyos:~$ show ip bgp
BGP table version is 31, local router ID is 100.64.0.1, vrf id 0
Default local pref 100, local AS 65001
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.20.30.0/24    10.0.0.2                10             0 65002 i
*> 20.30.40.0/24    10.0.0.2               120             0 65002 i
*> 100.64.0.0/24    10.0.0.2                20             0 65002 i
*> 192.168.0.0/24   10.0.0.2                80             0 65002 i

And so all metrics work.

Perhaps for some reason, the route-map did not apply to the peer-group.
Also, for testing, you can use “local-pref”.

set policy route-map CIX-IN-v4 rule 10 set local-preference 110

Please, check your configuration and reapply the route-map. If errors appear after the commit, send them here.

MoepMan · July 2, 2020, 8:26am

Version is a rolling release from about a month ago, it is probably time to upgrade.

vyos@vyos1:~$ show version  
Version:          VyOS 1.3-rolling-202005300935

I had planned to add some kind of le/ge statement and since I was not sure which one I needed, I planned to do a trial and error run using the metric to see if it actually worked.

vyos@vyos1:~$ show configuration commands | match protocols
set protocols bgp 65005 address-family ipv4-unicast network 100.64.20.0/24
set protocols bgp 65005 neighbor 100.64.10.11 address-family ipv4-unicast soft-reconfiguration nbound
set protocols bgp 65005 neighbor 100.64.10.11 peer-group 'CIX'
set protocols bgp 65005 neighbor 100.64.10.11 remote-as '65009'
set protocols bgp 65005 parameters router-id '100.64.0.1'
set protocols bgp 65005 peer-group CIX address-family ipv4-unicast route-map import 'CIX-IN-v4'

vyos@vyos1:~$ configure 
[edit]
vyos@vyos1# set policy route-map CIX-IN-v4 rule 10 set local-preference 110
[edit]
vyos@vyos1# commit
[edit]
vyos@vyos1# exit
Warning: configuration changes have not been saved.
exit
vyos@vyos1:~$ show ip bgp
BGP table version is 3, local router ID is 100.64.0.1, vrf id 0
Default local pref 100, local AS 65005
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.0/8       100.64.10.11             0             0 65009 i
*> 100.64.20.0/24   0.0.0.0                  0         32768 i
*> 172.18.0.0/16    100.64.10.11             0             0 65009 i

Displayed  3 routes and 3 total paths

This does not change if I apply the route-map directly to the peer instead of the peer group:

vyos@vyos1# set protocols bgp 65005 neighbor 100.64.10.11 address-family ipv4-unicast route-map import CIX-IN-v4

I’ll try and upgrade to the latest rolling release and check wether the observed behaviour is still there.

MoepMan · July 2, 2020, 8:48am

After updating to the latest rolling release I see the following output (using both local-pref X and metric +X):

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.0/8       100.64.10.11            20     20      0 65009 i
*> 100.64.20.0/24   0.0.0.0                  0         32768 i
*> 172.18.0.0/16    100.64.10.11            20     20      0 65009 i

So it seems that only the first matching rule triggers and the rest is skipped, which I can probaly fix with “on-match next”.

Viacheslav · July 2, 2020, 8:56am

This prefix is local on that router. So you don’t receive it from the neighbor.

MoepMan · July 2, 2020, 10:02am

Yes, that is expected and okay. It really seems that updating to the latest rolling release fixed the problem of no metric/local pref being set.

system · July 4, 2020, 10:02am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.