bgp ebgp-requires-policy
bgp ebgp-requires-policy
This command requires incoming and outgoing filters to be applied for eBGP sessions as part of RFC-8212 compliance. Without the incoming filter, no routes will be accepted. Without the outgoing filter, no routes will be announced.
This is enabled by default for the traditional configuration and turned off by default for datacenter configuration.
When you enable/disable this option you MUST clear the session.
When the incoming or outgoing filter is missing you will see “(Policy)” sign under
For address family: IPv4 Unicast Update group 2, subgroup 2 Packet Queue length 0 Community attribute sent to this neighbor(all) Inbound updates discarded due to missing policy Outbound updates discarded due to missing policy 0 accepted prefixes Connections established 1; dropped 0 Last reset 00:32:15, Waiting for peer OPEN Local host: 10.10.18.31, Local port: 46790 Foreign host: 10.10.18.34, Foreign port: 179 Nexthop: 10.10.18.31 Nexthop global: fe80::f816:3eff:fe97:879e Nexthop local: fe80::f816:3eff:fe97:879e BGP connection: shared network BGP Connect Retry Timer in Seconds: 120 Estimated round trip time: 5 ms Read thread: on Write thread: on FD used: 30 (null)# show bgp neighbor sum % No such neighbor in this view/vrf (null)# sh ip bgp sum IPv4 Unicast Summary: BGP router identifier 10.10.18.31, local AS number 64514 vrf-id 0 BGP table version 2 RIB entries 1, using 192 bytes of memory Peers 3, using 64 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt 10.10.16.82 4 64512 0 0 0 0 0 never Active 0 10.10.18.34 4 64513 35 35 0 0 0 00:32:29 (Policy) (Policy) Total number of neighbors 2 (null)#
通过配置no bgp ebgp-requires-policy解决问题
(null)# conf t (null)(config)# router bgp 64514 (null)(config-router)# no bgp ebgp-requires-policy (null)(config-router)# exit (null)(config)# wr % Unknown command: wr (null)(config)# exit (null)# wr Note: this version of vtysh never writes vtysh.conf Building Configuration... Configuration saved to /etc/frr/zebra.conf Can't backup old configuration file /etc/frr/bgpd.conf.sav. Configuration saved to /etc/frr/staticd.conf (null)# sh ip bgp sum IPv4 Unicast Summary: BGP router identifier 10.10.18.31, local AS number 64514 vrf-id 0 BGP table version 2 RIB entries 1, using 192 bytes of memory Peers 3, using 64 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt 10.10.16.82 4 64512 0 0 0 0 0 never Active 0 10.10.18.34 4 64513 38 38 0 0 0 00:35:29 0 0 Total number of neighbors 2 (null)#
节点1
[root@host-10-10-18-31 frr]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 31.31.31.31/32 scope global lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether fa:16:3e:97:87:9e brd ff:ff:ff:ff:ff:ff inet 10.10.18.31/24 brd 10.10.18.255 scope global dynamic noprefixroute eth0 valid_lft 65588sec preferred_lft 65588sec inet6 fe80::f816:3eff:fe97:879e/64 scope link valid_lft forever preferred_lft forever [root@host-10-10-18-31 frr]#
host-10-10-18-31# show run Building configuration... Current configuration: ! frr version 7.5 frr defaults traditional hostname host-10-10-18-31 no ip forwarding no ipv6 forwarding hostname bgpd log stdout no service integrated-vtysh-config ! password zebra ! router bgp 64514 bgp router-id 10.10.18.31 no bgp ebgp-requires-policy neighbor 10.10.16.82 remote-as 64512 neighbor 10.10.18.34 remote-as 64513 ! address-family ipv4 unicast network 31.31.31.31/32 exit-address-family ! line vty ! end
[root@host-10-10-18-34 ~]# vtysh Hello, this is FRRouting (version 7.5). Copyright 1996-2005 Kunihiro Ishiguro, et al. host-10-10-18-34# sh ip bgp nei 10.10.18.31 routes BGP table version is 3, local router ID is 10.10.18.34, vrf id 0 Default local pref 100, local AS 64513 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 31.31.31.31/32 10.10.18.31 0 0 64514 i Displayed 1 routes and 1 total paths host-10-10-18-34# sh run Building configuration... Current configuration: ! frr version 7.5 frr defaults traditional hostname host-10-10-18-34 log file /var/log/frr/frr.log no ip forwarding no ipv6 forwarding hostname bgpd log stdout no service integrated-vtysh-config ! debug bgp neighbor-events debug bgp nht debug bgp updates in debug bgp updates out debug bgp zebra ! password zebra ! router bgp 64513 bgp router-id 10.10.18.34 no bgp ebgp-requires-policy neighbor 10.10.16.47 remote-as 64512 neighbor 10.10.18.31 remote-as 64514 ! line vty ! end host-10-10-18-34#
节点2
[root@host-10-10-18-34 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether fa:16:3e:e3:68:97 brd ff:ff:ff:ff:ff:ff inet 10.10.18.34/24 brd 10.10.18.255 scope global dynamic noprefixroute eth0 valid_lft 65538sec preferred_lft 65538sec inet6 fe80::f816:3eff:fee3:6897/64 scope link valid_lft forever preferred_lft forever [root@host-10-10-18-34 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.18.254 0.0.0.0 UG 100 0 0 eth0 10.10.18.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 31.31.31.31 10.10.18.31 255.255.255.255 UGH 20 0 0 eth0 169.254.169.254 10.10.18.254 255.255.255.255 UGH 100 0 0 eth0 [root@host-10-10-18-34 ~]#
[root@host-10-10-18-34 ~]# vtysh Hello, this is FRRouting (version 7.5). Copyright 1996-2005 Kunihiro Ishiguro, et al. host-10-10-18-34# sh ip bgp nei 10.10.18.31 routes BGP table version is 3, local router ID is 10.10.18.34, vrf id 0 Default local pref 100, local AS 64513 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 31.31.31.31/32 10.10.18.31 0 0 64514 i Displayed 1 routes and 1 total paths host-10-10-18-34# sh run Building configuration... Current configuration: ! frr version 7.5 frr defaults traditional hostname host-10-10-18-34 log file /var/log/frr/frr.log no ip forwarding no ipv6 forwarding hostname bgpd log stdout no service integrated-vtysh-config ! debug bgp neighbor-events debug bgp nht debug bgp updates in debug bgp updates out debug bgp zebra ! password zebra ! router bgp 64513 bgp router-id 10.10.18.34 no bgp ebgp-requires-policy neighbor 10.10.16.47 remote-as 64512 neighbor 10.10.18.31 remote-as 64514 ! line vty ! end host-10-10-18-34#
实验一: 使用frr搭建一个bgp网络环境