received-routes and advertised-routes commands showing the same addresses

[wshamroukh]

• FRR VERSION: 8.1
• OPERATING SYSTEM VERSION: Ubuntu 20.04
• KERNEL VERSION: Linux onprem-gw 5.11.0-1028-azure Freebsd route update fix for 2.0 #31~20.04.2-Ubuntu SMP Tue Jan 18 08:46:15 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Put "x" in "[ ]" if you already tried following:

[x ] Did you check if this is a duplicate issue?
[x ] Did you test it on the latest FRRouting/frr master branch?

I am using FRR for testing purposes to establish a vpn connection with bgp routing to Azure VPN Gateway. When the VPN connection is established, I have noticed both the received-routes and advertised-routes are the same and they are all the addresses from azure side (advertised-routes). Here is my config:

!
frr version 8.1
frr defaults traditional
hostname onprem-gw
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 65016
 bgp router-id 172.16.0.4
 no bgp ebgp-requires-policy
 neighbor 10.1.0.4 remote-as 65515
 neighbor 10.1.0.4 description azgw1
 neighbor 10.1.0.5 remote-as 65515
 neighbor 10.1.0.5 description azgw2
 !
 address-family ipv4 unicast
  network 172.16.0.0/16
  neighbor 10.1.0.4 soft-reconfiguration inbound
  neighbor 10.1.0.5 soft-reconfiguration inbound
 exit-address-family
exit
!

And here is the output of bgp table:

onprem-gw# sho ip bgp summary

IPv4 Unicast Summary (VRF default):
BGP router identifier 172.16.0.4, local AS number 65016 vrf-id 0
BGP table version 4
RIB entries 5, using 920 bytes of memory
Peers 2, using 1446 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.1.0.4        4      65515        35        34        0    0    0 00:28:49            2        2 azgw1
10.1.0.5        4      65515        36        33        0    0    0 00:28:51            2        2 azgw2

Total number of neighbors 2

onprem-gw# sho ip bgp
BGP table version is 4, local router ID is 172.16.0.4, vrf id 0
Default local pref 100, local AS 65016
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*= 7.7.7.7/32       10.1.0.4                 0             0 65515 65001 i
*>                  10.1.0.5                 0             0 65515 65001 i
*= 10.1.0.0/16      10.1.0.4                               0 65515 i
*>                  10.1.0.5                               0 65515 i
   172.16.0.0/16    0.0.0.0                  0         32768 i

Displayed  3 routes and 5 total paths

Here is the received-routes from the azure side - which is correct:

onprem-gw# sho ip bgp neighbors 10.1.0.4 received-routes
BGP table version is 4, local router ID is 172.16.0.4, vrf id 0
Default local pref 100, local AS 65016
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*> 7.7.7.7/32       10.1.0.4                 0             0 65515 65001 i
*> 10.1.0.0/16      10.1.0.4                               0 65515 i

Total number of prefixes 2

Here is the output for the advertised-routes which are the ones from the azure side. I would expect to see the one i advertised from the frr router side 172.16.0.0/16

onprem-gw# sho ip bgp neighbors 10.1.0.4 advertised-routes
BGP table version is 4, local router ID is 172.16.0.4, vrf id 0
Default local pref 100, local AS 65016
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*> 7.7.7.7/32       0.0.0.0                                0 65515 65001 i
*> 10.1.0.0/16      0.0.0.0                                0 65515 i

Total number of prefixes 2

when I check the check the bgp table for the 172.16.0.0/16 i get there is no best path and it is invalid as per the following output:

onprem-gw# sho ip bgp 172.16.0.0
BGP routing table entry for 172.16.0.0/16, version 0
Paths: (1 available, no best path)
  Not advertised to any peer
  Local
    0.0.0.0 (inaccessible) from 0.0.0.0 (172.16.0.4)
      Origin IGP, metric 0, weight 32768, invalid, sourced, local
      Last update: Sun Feb 27 20:53:39 2022

Am I missing something in the configuration here?

[ton31337]

Do you have 172.16.0.0/16 in a RIB? If not, it won't be advertised unless disabling http://docs.frrouting.org/en/stable-8.1/bgp.html#clicmd-bgp-network-import-check.

[wshamroukh]

no bgp ebgp-requires-policy

Do you have 172.16.0.0/16 in a RIB? If not, it won't be advertised unless disabling http://docs.frrouting.org/en/stable-8.1/bgp.html#clicmd-bgp-network-import-check.

I have disabled bgp network import-check and now the config is like this

!
frr version 8.1
frr defaults traditional
hostname onprem-gw
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 65016
 bgp router-id 172.16.0.4
 no bgp ebgp-requires-policy
 no bgp network import-check
 neighbor 10.1.0.4 remote-as 65515
 neighbor 10.1.0.4 description azgw1
 neighbor 10.1.0.4 ebgp-multihop 255
 neighbor 10.1.0.5 remote-as 65515
 neighbor 10.1.0.5 description azgw2
 neighbor 10.1.0.5 ebgp-multihop 255
 !
 address-family ipv4 unicast
  network 172.16.0.0/16
  neighbor 10.1.0.4 soft-reconfiguration inbound
  neighbor 10.1.0.5 soft-reconfiguration inbound
 exit-address-family
exit
!

Now I see the local address 172.16.0.0/16 but I still see the remote addresses are also advertised to bgp peers - why is that?

onprem-gw# sho ip bgp neighbors 10.1.0.4 advertised-routes
BGP table version is 8, local router ID is 172.16.0.4, vrf id 0
Default local pref 100, local AS 65016
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*> 7.7.7.7/32       0.0.0.0                                0 65515 65001 i
*> 10.1.0.0/16      0.0.0.0                                0 65515 i
*> 172.16.0.0/16    0.0.0.0                  0         32768 i

Total number of prefixes 3

[wshamroukh]

I have even done it differently like the below config by adding a static route to 172.16.0.0/16 :

!
frr version 8.1
frr defaults traditional
hostname onprem-gw
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!
ip route 0.0.0.0/1 172.16.0.1
ip route 128.0.0.0/1 172.16.0.1
ip route 172.16.0.0/16 172.16.0.1
!
router bgp 65016
 bgp router-id 172.16.0.4
 no bgp ebgp-requires-policy
 neighbor 10.1.0.4 remote-as 65515
 neighbor 10.1.0.4 description azgw1
 neighbor 10.1.0.4 ebgp-multihop 255
 neighbor 10.1.0.5 remote-as 65515
 neighbor 10.1.0.5 description azgw2
 neighbor 10.1.0.5 ebgp-multihop 255
 !
 address-family ipv4 unicast
  network 172.16.0.0/16
  neighbor 10.1.0.4 soft-reconfiguration inbound
  neighbor 10.1.0.5 soft-reconfiguration inbound
 exit-address-family
exit
!

but i still see received-addresses are re-advertised to bgp peer:

onprem-gw# sho ip bgp neighbors 10.1.0.4 advertised-routes
BGP table version is 15, local router ID is 172.16.0.4, vrf id 0
Default local pref 100, local AS 65016
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0/1        0.0.0.0                                0 65515 65001 i
*> 7.7.7.7/32       0.0.0.0                                0 65515 65001 i
*> 10.1.0.0/16      0.0.0.0                                0 65515 i
*> 10.11.1.0/24     0.0.0.0                                0 65515 i
*> 10.12.1.0/24     0.0.0.0                                0 65515 i
*> 128.0.0.0/1      0.0.0.0                                0 65515 65001 i
*> 172.16.0.0/16    0.0.0.0                  0         32768 i

Total number of prefixes 7

[ton31337]

@wshamroukh this is a normal BGP behavior, receiving side will filter properly incoming routes as it sees them as own AS and discards (not processed further). You can filter out outgoing prefixes by using lots of techniques: distribute-lists, as-path lists, prefix-lists.

Another one trick would be using a separate subgroup for updates. You can try enabling neighbor 10.1.0.4 solo.

[ton31337]

@frrbot autoclose in 1 week.

[frrbot]

This issue will be automatically closed in the specified period unless there is further activity.