Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

goBGP do not export route to neighbor using route-server clients #2874

Open
Zerka30 opened this issue Feb 5, 2025 · 0 comments
Open

goBGP do not export route to neighbor using route-server clients #2874

Zerka30 opened this issue Feb 5, 2025 · 0 comments

Comments

@Zerka30
Copy link

Zerka30 commented Feb 5, 2025

Description

I'm using GoBGP to set up an internal BGP (iBGP) session between two routers (R1 and R2) before establishing sessions with our border routers.

The goal of this setup is:

  • The border routers should send us all routes except those tagged with a specific community (65000:500).
  • We need to inject specific routes into R1 with community 65000:500, which will be sent back to the border routers.
  • I have another BGP daemon (R2) to receive all routes except those tagged with 65000:500.

Currently, I'm facing an issue where routes injected on R1 do not appear in the adj-out table for R2, meaning they are not being exported.

This problem is similar to #2424

Setup Details

compose.yml 
---
services:
r1:
  build:
    context: .
    dockerfile: Dockerfile
  command: gobgpd -t yaml -f /etc/gobgp/gobgpd.yml -l debug
  volumes:
    - ${PWD}/configs/R1.yml:/etc/gobgp/gobgpd.yml
  restart: always
  networks:
    docker-gobgp:
      ipv4_address: 172.21.99.2

r2:
  build:
    context: .
    dockerfile: Dockerfile
  command: gobgpd -t yaml -f /etc/gobgp/gobgpd.yml
  volumes:
    - ${PWD}/configs/filtered/R2.yml:/etc/gobgp/gobgpd.yml
  restart: always
  networks:
    docker-gobgp:
      ipv4_address: 172.21.99.3

networks:
docker-gobgp:
  driver: bridge
  ipam:
    driver: default
    config:
      - subnet: 172.21.99.0/24
Dockerfile 
FROM golang:alpine

ARG VERSION=3.34.0

WORKDIR /go/src/app

RUN apk add curl ca-certificates

RUN curl -fLO https://github.com/osrg/gobgp/releases/download/v${VERSION}/gobgp_${VERSION}_linux_amd64.tar.gz && \
  tar -tvf gobgp_${VERSION}_linux_amd64.tar.gz && \
  tar -xvf gobgp_${VERSION}_linux_amd64.tar.gz && \
  install gobgp /usr/local/bin/gobgp && \
  install gobgpd /usr/local/bin/gobgpd
R1.yml 
---
global:
config:
  as: 65001
  router-id: 172.21.99.2

defined-sets:
bgp-defined-sets:
  community-sets:
    - community-set-name: SDN_COMMUNITY
      community-list:
        - "65000:500"

policy-definitions:
- name: ALLOW_ALL
  statements:
    - actions:
        route-disposition: accept-route

- name: ACCEPT_SDN_FILTER
  statements:
    - conditions:
        bgp-conditions:
          match-community-set:
            community-set: SDN_COMMUNITY
            match-set-options: all
      actions:
        route-disposition: accept-route
    - actions:
        route-disposition: reject-route

- name: REJECT_SDN_FILTER
  statements:
    - conditions:
        bgp-conditions:
          match-community-set:
            community-set: SDN_COMMUNITY
            match-set-options: all
      actions:
        route-disposition: reject-route
    - actions:
        route-disposition: accept-route

neighbors:
- config:
    neighbor-address: 172.21.99.3
    peer-as: 65001
  transport:
    config:
      remote-port: 179
  afi-safis:
    - config:
        afi-safi-name: ipv4-unicast
    - config:
        afi-safi-name: ipv6-unicast
  route-server:
    config:
      route-server-client: true
  apply-policy:
    config:
      default-import-policy: reject-route
      default-export-policy: reject-route
      import-policy-list:
        - ALLOW_ALL
      export-policy-list:
        - ALLOW_ALL
R2.yml 
---
global:
config:
  as: 65001
  router-id: 172.21.99.3

defined-sets:
bgp-defined-sets:
  community-sets:
    - community-set-name: ACCEPT_ONLY_SDN
      community-list:
        - "65000:500"

policy-definitions:
- name: ALLOW_ALL
  statements:
    - actions:
        route-disposition: accept-route

- name: ACCEPT_ONLY_SDN_FILTER
  statements:
    - conditions:
        bgp-conditions:
          match-community-set:
            community-set: ACCEPT_ONLY_SDN
            match-set-options: all
      actions:
        route-disposition: accept-route
    - actions:
        route-disposition: reject-route

- name: REJECT_SDN_FILTER
  statements:
    - conditions:
        bgp-conditions:
          match-community-set:
            community-set: ACCEPT_ONLY_SDN
            match-set-options: all
      actions:
        route-disposition: reject-route
    - actions:
        route-disposition: accept-route

neighbors:
- config:
    neighbor-address: 172.21.99.2
    peer-as: 65001
  transport:
    config:
      remote-port: 179
  afi-safis:
    - config:
        afi-safi-name: ipv4-unicast
    - config:
        afi-safi-name: ipv6-unicast
  route-server:
    config:
      route-server-client: true
  apply-policy:
    config:
      default-import-policy: reject-route
      default-export-policy: reject-route
      import-policy-list:
        - REJECT_SDN_FILTER
      export-policy-list:
        - ALLOW_ALL

How to reproduce ?

  1. Deploy lab throught Docker
  2. Add a route to R1 : gobgp global rib add 10.0.0.0/30 nexthop 1.1.1.1 aspath 100 community 65000:1001

Expected behavior

The route should be visible in the adj-out table on R1 for neighbor R2 and R2 should receive the route if allowed by its import policy.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Zerka30