Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flow-VPN routes can't be created on the CLI #1015

Open
jonlangemak opened this issue Dec 22, 2020 · 3 comments
Open

Flow-VPN routes can't be created on the CLI #1015

jonlangemak opened this issue Dec 22, 2020 · 3 comments
Assignees
@thomas-mangin
Labels
feature-request

Comments

@jonlangemak
Copy link

** Bug Report **

Describe the bug

I'm trying to create a flow-vpn type BGP advertisement from the CLI using the following syntax....

exabgpcli neighbor <neighbor ip> announce flow route rd 65000:65000 source 4.0.0.0/24 destination 127.0.0.0/24 protocol [ udp ] destination-port [ =80 ]

This command is rejected and the API returns this error in debug mode...

| reactor         | async | api-internal-cli-31ed77b2 | problem with function
| reactor         | async | api-internal-cli-31ed77b2 | 'rd'

So it appears that the CLI itself doesn't like to see the RD in the route but I believe that's the proper way to turn a flow route into a flow-vpn type route. From a configuration example I see that this type of configuration....

neighbor <neighbor IP> {
    local-address <local IP>;
    local-as 65100;
    peer-as 65100;
    family {
        ipv4 mpls-vpn;
		ipv4 flow-vpn;
        ipv4 flow;
    }
	flow {
		route first-vpn-route {
			rd 65535:65536;
			match {
				source 10.0.0.1/32;
			}
			then {
				discard;
			}
		}
	}
}

Does generate a flow-vpn route in the adj-rib....

exabgpcli show adj-rib out extensive
neighbor <IP> local-ip <IP> local-as 65100 peer-as 65100 router-id <IP> family-allowed in-open ipv4 flow-vpn flow source-ipv4 10.0.0.1/32 rd 65535:65536 extended-community rate-limit:0

Possibly an issue with the CLI just not expecting that parameter?

To Reproduce

Attempt to create a flow-vpn route from the CLI as shown above

Expected behavior

A flow-vpn route being created in the adj-rib as is possible with the static config shown above.

Additional context

Both peers are configured for the correct AFI/SAFI and that has been validated. The problem here is with originating the route in the CLI versus doing it through the configuration.

Based on the chat we had in the exabgp slack about this. Please let me know if you need any other information!
@jonlangemak
Copy link
Author

Just wanted to add that I've done pretty extensive testing at this point and believe that this is a issue with the CLI just not expecting the RD to be passed. Thanks again for looking at this!

@thomas-mangin
Copy link
Member

I am currently quite slow when it comes to non-work-related tasks. It may be a problem with the configuration parser not expecting rd for that family when it should and in that case it needs to be fixed in the code.

@thomas-mangin
Copy link
Member

Sorry, now that I have time to look into it. You want to use FlowSpec to match a route based on the RD. What you configured, is not going to work. You configured the capability as:

family {
        ipv4 mpls-vpn;
		ipv4 flow-vpn;
        ipv4 flow;
    }

So you can share normal ipv4 flow/mpls routes AND you can share flow routes. if you are looking for https://tools.ietf.org/html/draft-ietf-idr-flowspec-mpls-match-01 support - ExaBGP does not implement it (yet?).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomas-mangin thomas-mangin

Labels
feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thomas-mangin @jonlangemak