bgp ebgp-requires-policy

bgp ebgp-requires-policy

This command requires incoming and outgoing filters to be applied for eBGP sessions as part of RFC-8212 compliance. Without the incoming filter, no routes will be accepted. Without the outgoing filter, no routes will be announced.

This is enabled by default for the traditional configuration and turned off by default for datacenter configuration.

When you enable/disable this option you MUST clear the session.

When the incoming or outgoing filter is missing you will see “(Policy)” sign under

 For address family: IPv4 Unicast
  Update group 2, subgroup 2
  Packet Queue length 0
  Community attribute sent to this neighbor(all)
  Inbound updates discarded due to missing policy
  Outbound updates discarded due to missing policy
  0 accepted prefixes

  Connections established 1; dropped 0
  Last reset 00:32:15,  Waiting for peer OPEN
Local host: 10.10.18.31, Local port: 46790
Foreign host: 10.10.18.34, Foreign port: 179
Nexthop: 10.10.18.31
Nexthop global: fe80::f816:3eff:fe97:879e
Nexthop local: fe80::f816:3eff:fe97:879e
BGP connection: shared network
BGP Connect Retry Timer in Seconds: 120
Estimated round trip time: 5 ms
Read thread: on  Write thread: on  FD used: 30


(null)# show bgp neighbor sum
% No such neighbor in this view/vrf

(null)# sh ip bgp sum

IPv4 Unicast Summary:
BGP router identifier 10.10.18.31, local AS number 64514 vrf-id 0
BGP table version 2
RIB entries 1, using 192 bytes of memory
Peers 3, using 64 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
10.10.16.82     4      64512         0         0        0    0    0    never       Active        0
10.10.18.34     4      64513        35        35        0    0    0 00:32:29     (Policy) (Policy)

Total number of neighbors 2
(null)# 

通过配置no bgp ebgp-requires-policy解决问题

(null)# conf t
(null)(config)# router bgp 64514
(null)(config-router)# no bgp ebgp-requires-policy
(null)(config-router)# exit
(null)(config)# wr
% Unknown command: wr
(null)(config)# exit
(null)# wr
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Configuration saved to /etc/frr/zebra.conf
Can't backup old configuration file /etc/frr/bgpd.conf.sav.
Configuration saved to /etc/frr/staticd.conf
(null)# sh ip bgp sum

IPv4 Unicast Summary:
BGP router identifier 10.10.18.31, local AS number 64514 vrf-id 0
BGP table version 2
RIB entries 1, using 192 bytes of memory
Peers 3, using 64 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
10.10.16.82     4      64512         0         0        0    0    0    never       Active        0
10.10.18.34     4      64513        38        38        0    0    0 00:35:29            0        0

Total number of neighbors 2
(null)# 

节点1

[root@host-10-10-18-31 frr]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 31.31.31.31/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:97:87:9e brd ff:ff:ff:ff:ff:ff
    inet 10.10.18.31/24 brd 10.10.18.255 scope global dynamic noprefixroute eth0
       valid_lft 65588sec preferred_lft 65588sec
    inet6 fe80::f816:3eff:fe97:879e/64 scope link 
       valid_lft forever preferred_lft forever
[root@host-10-10-18-31 frr]# 

host-10-10-18-31# show run
Building configuration...

Current configuration:
!
frr version 7.5
frr defaults traditional
hostname host-10-10-18-31
no ip forwarding
no ipv6 forwarding
hostname bgpd
log stdout
no service integrated-vtysh-config
!
password zebra
!
router bgp 64514
 bgp router-id 10.10.18.31
 no bgp ebgp-requires-policy
 neighbor 10.10.16.82 remote-as 64512
 neighbor 10.10.18.34 remote-as 64513
 !
 address-family ipv4 unicast
  network 31.31.31.31/32
 exit-address-family
!
line vty
!
end

[root@host-10-10-18-34 ~]# vtysh

Hello, this is FRRouting (version 7.5).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

host-10-10-18-34# sh ip bgp nei  10.10.18.31   routes
BGP table version is 3, local router ID is 10.10.18.34, vrf id 0
Default local pref 100, local AS 64513
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 31.31.31.31/32   10.10.18.31              0             0 64514 i

Displayed  1 routes and 1 total paths
host-10-10-18-34# sh run
Building configuration...

Current configuration:
!
frr version 7.5
frr defaults traditional
hostname host-10-10-18-34
log file /var/log/frr/frr.log
no ip forwarding
no ipv6 forwarding
hostname bgpd
log stdout
no service integrated-vtysh-config
!
debug bgp neighbor-events
debug bgp nht
debug bgp updates in
debug bgp updates out
debug bgp zebra
!
password zebra
!
router bgp 64513
 bgp router-id 10.10.18.34
 no bgp ebgp-requires-policy
 neighbor 10.10.16.47 remote-as 64512
 neighbor 10.10.18.31 remote-as 64514
!
line vty
!
end
host-10-10-18-34# 

节点2

[root@host-10-10-18-34 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:e3:68:97 brd ff:ff:ff:ff:ff:ff
    inet 10.10.18.34/24 brd 10.10.18.255 scope global dynamic noprefixroute eth0
       valid_lft 65538sec preferred_lft 65538sec
    inet6 fe80::f816:3eff:fee3:6897/64 scope link 
       valid_lft forever preferred_lft forever
[root@host-10-10-18-34 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.18.254    0.0.0.0         UG    100    0        0 eth0
10.10.18.0      0.0.0.0         255.255.255.0   U     100    0        0 eth0
31.31.31.31     10.10.18.31     255.255.255.255 UGH   20     0        0 eth0
169.254.169.254 10.10.18.254    255.255.255.255 UGH   100    0        0 eth0
[root@host-10-10-18-34 ~]# 

[root@host-10-10-18-34 ~]# vtysh

Hello, this is FRRouting (version 7.5).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

host-10-10-18-34# sh ip bgp nei  10.10.18.31   routes
BGP table version is 3, local router ID is 10.10.18.34, vrf id 0
Default local pref 100, local AS 64513
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 31.31.31.31/32   10.10.18.31              0             0 64514 i

Displayed  1 routes and 1 total paths
host-10-10-18-34# sh run
Building configuration...

Current configuration:
!
frr version 7.5
frr defaults traditional
hostname host-10-10-18-34
log file /var/log/frr/frr.log
no ip forwarding
no ipv6 forwarding
hostname bgpd
log stdout
no service integrated-vtysh-config
!
debug bgp neighbor-events
debug bgp nht
debug bgp updates in
debug bgp updates out
debug bgp zebra
!
password zebra
!
router bgp 64513
 bgp router-id 10.10.18.34
 no bgp ebgp-requires-policy
 neighbor 10.10.16.47 remote-as 64512
 neighbor 10.10.18.31 remote-as 64514
!
line vty
!
end
host-10-10-18-34# 

实验一: 使用frr搭建一个bgp网络环境