Print Page - os-frr + bgp + route map

Title: os-frr + bgp + route map
Post by: MaDe on October 19, 2023, 11:44:12 AM

Good day,
I have an issue with the BGP routing. I use prefix-lists and add them to a route map.
I get this error msg:

[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='rt_bgp_map']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]

So the error msg points me to the prefix lists but I can't determine what is wrong with the prefix lists.

Code Select


vtysh -c "show running-config"
Current configuration:
!
frr version 8.5.3
frr defaults traditional
hostname hostname
log syslog informational
!
router bgp 64720
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 neighbor 10.113.255.0 remote-as 64512
 neighbor 10.113.255.0 update-source ipsec10
 neighbor 10.113.255.0 timers 1 5
 neighbor 10.113.255.0 timers connect 2
 neighbor 10.113.255.8 remote-as 64841
 neighbor 10.113.255.8 update-source ipsec30
 neighbor 10.113.255.8 timers 1 5
 neighbor 10.113.255.8 timers connect 2
 neighbor 10.113.255.17 remote-as 64729
 neighbor 10.113.255.17 update-source ipsec50
 neighbor 10.113.255.17 timers 1 5
 neighbor 10.113.255.17 timers connect 2
 !
 address-family ipv4 unicast
  redistribute connected
  neighbor 10.113.255.0 activate
  neighbor 10.113.255.0 weight 200
  neighbor 10.113.255.0 route-map rt_bgp_map out
  neighbor 10.113.255.8 activate
  neighbor 10.113.255.8 weight 99
  neighbor 10.113.255.8 route-map rt_bgp_map out
  neighbor 10.113.255.17 activate
  neighbor 10.113.255.17 weight 98
  neighbor 10.113.255.17 route-map rt_bgp_map out
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute connected
 exit-address-family
exit
!
ip prefix-list acl_bgp_filter_out seq 10 deny x.x.x.x/29
ip prefix-list acl_bgp_filter_out seq 11 deny x.x.x.x/30
ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32
!
route-map rt_bgp_map permit 10
exit
!
end

Code Select


# nano /usr/local/etc/frr/bgpd.conf
  GNU nano 7.2                                                                                /usr/local/etc/frr/bgpd.conf                                                                                Modified
 neighbor 10.113.255.17 remote-as 64729
 neighbor 10.113.255.17 weight 98
 neighbor 10.113.255.17 update-source ipsec50
 neighbor 10.113.255.17 timers 5 5
 neighbor 10.113.255.17 timers connect 2

 address-family ipv4 unicast
  redistribute connected
 neighbor 10.113.255.0 activate
  neighbor 10.113.255.0 route-map rt_bgp_map out
 neighbor 10.113.255.17 activate
  neighbor 10.113.255.17 route-map rt_bgp_map out
 exit-address-family
!
 address-family ipv6 unicast
  redistribute connected
 exit-address-family
!

ip prefix-list acl_bgp_filter_out seq 10 deny x.x.x.x/29
!
ip prefix-list acl_bgp_filter_out seq 11 deny x.x.x.x/30
!
ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32
!
!
!
!
route-map rt_bgp_map permit 10
 match ip address prefix-list acl_bgp_filter_out
!
!
!
line vty
!

When I compare the two outputs I see only the difference

Code Select


vtysh
route-map rt_bgp_map permit 10

Code Select


/usr/local/etc/frr/bgpd.conf
route-map rt_bgp_map permit 10
 match ip address prefix-list acl_bgp_filter_out

OPNsense 23.7.6-amd64 is running on both systems.
Now I wonder if I have overlooked anything in the configuration. Maybe someone has an idea what I can still check. Thanks a lot,
MaDe

Title: Re: os-frr + bgp + route map
Post by: Seimus on October 19, 2023, 12:23:13 PM

If you remove the prefix-list object from the route-map seq 10, and let the route-map applied on the neighbor, do you get the same error?

Regards,
S.

Title: Re: os-frr + bgp + route map
Post by: MaDe on October 19, 2023, 12:53:40 PM

No errors when I remove the prefix-list from the route map

Code Select


 address-family ipv4 unicast
  redistribute connected
 neighbor 10.113.255.0 activate
  neighbor 10.113.255.0 route-map rt_bgp_map out
 neighbor 10.113.255.17 activate
  neighbor 10.113.255.17 route-map rt_bgp_map out
 exit-address-family
!
 address-family ipv6 unicast
  redistribute connected
 exit-address-family
!

ip prefix-list acl_bgp_filter_out seq 10 deny x.x.x.x/29
!
ip prefix-list acl_bgp_filter_out seq 11 deny x.x.x.x/30
!
ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32
!
!
!
!
route-map rt_bgp_map permit 10
!
!
!
line vty
!

Title: Re: os-frr + bgp + route map
Post by: iislas18 on October 19, 2023, 06:46:03 PM

I am running into a similar problem but with OSPF:

[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='Redistribution']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]

I am wondering if it has to do with "le" in the route-map:

ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32

this only started happening after upgrading to version 23.7.6

Title: Re: os-frr + bgp + route map
Post by: slair on October 19, 2023, 08:48:48 PM

We're having the same issue after upgrading. Must be a bug?

[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='Redistribution']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]

Title: Re: os-frr + bgp + route map
Post by: slair on October 19, 2023, 09:34:30 PM

Opened issues:
https://github.com/FRRouting/frr/issues/14626
https://github.com/opnsense/plugins/issues/3630

Title: Re: os-frr + bgp + route map
Post by: Rukus on October 19, 2023, 09:38:56 PM

I am having the same issue as well since last update

Title: Re: os-frr + bgp + route map
Post by: bazbaz on October 20, 2023, 06:41:34 PM

same issue here after last update

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: MaDe on October 19, 2023, 11:44:12 AM