os-frr + bgp + route map

Started by MaDe, October 19, 2023, 11:44:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 19, 2023, 11:44:12 AM
Good day,
I have an issue with the BGP routing. I use prefix-lists and add them to a route map.
I get this error msg:
Code Select
[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='rt_bgp_map']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]
So the error msg points me to the prefix lists but I can't determine what is wrong with the prefix lists.
Code Select

vtysh -c "show running-config"
Current configuration:
!
frr version 8.5.3
frr defaults traditional
hostname hostname
log syslog informational
!
router bgp 64720
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
neighbor 10.113.255.0 remote-as 64512
neighbor 10.113.255.0 update-source ipsec10
neighbor 10.113.255.0 timers 1 5
neighbor 10.113.255.0 timers connect 2
neighbor 10.113.255.8 remote-as 64841
neighbor 10.113.255.8 update-source ipsec30
neighbor 10.113.255.8 timers 1 5
neighbor 10.113.255.8 timers connect 2
neighbor 10.113.255.17 remote-as 64729
neighbor 10.113.255.17 update-source ipsec50
neighbor 10.113.255.17 timers 1 5
neighbor 10.113.255.17 timers connect 2
!
address-family ipv4 unicast
  redistribute connected
  neighbor 10.113.255.0 activate
  neighbor 10.113.255.0 weight 200
  neighbor 10.113.255.0 route-map rt_bgp_map out
  neighbor 10.113.255.8 activate
  neighbor 10.113.255.8 weight 99
  neighbor 10.113.255.8 route-map rt_bgp_map out
  neighbor 10.113.255.17 activate
  neighbor 10.113.255.17 weight 98
  neighbor 10.113.255.17 route-map rt_bgp_map out
exit-address-family
!
address-family ipv6 unicast
  redistribute connected
exit-address-family
exit
!
ip prefix-list acl_bgp_filter_out seq 10 deny x.x.x.x/29
ip prefix-list acl_bgp_filter_out seq 11 deny x.x.x.x/30
ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32
!
route-map rt_bgp_map permit 10
exit
!
end


Code Select

# nano /usr/local/etc/frr/bgpd.conf
  GNU nano 7.2                                                                                /usr/local/etc/frr/bgpd.conf                                                                                Modified
neighbor 10.113.255.17 remote-as 64729
neighbor 10.113.255.17 weight 98
neighbor 10.113.255.17 update-source ipsec50
neighbor 10.113.255.17 timers 5 5
neighbor 10.113.255.17 timers connect 2

address-family ipv4 unicast
  redistribute connected
neighbor 10.113.255.0 activate
  neighbor 10.113.255.0 route-map rt_bgp_map out
neighbor 10.113.255.17 activate
  neighbor 10.113.255.17 route-map rt_bgp_map out
exit-address-family
!
address-family ipv6 unicast
  redistribute connected
exit-address-family
!

ip prefix-list acl_bgp_filter_out seq 10 deny x.x.x.x/29
!
ip prefix-list acl_bgp_filter_out seq 11 deny x.x.x.x/30
!
ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32
!
!
!
!
route-map rt_bgp_map permit 10
match ip address prefix-list acl_bgp_filter_out
!
!
!
line vty
!


When I compare the two outputs I see only the difference
Code Select

vtysh
route-map rt_bgp_map permit 10

Code Select

/usr/local/etc/frr/bgpd.conf
route-map rt_bgp_map permit 10
match ip address prefix-list acl_bgp_filter_out


OPNsense 23.7.6-amd64 is running on both systems.
Now I wonder if I have overlooked anything in the configuration. Maybe someone has an idea what I can still check. Thanks a lot,
MaDe
October 19, 2023, 12:23:13 PM #1
If you remove the prefix-list object from the route-map seq 10, and let the route-map applied on the neighbor, do you get the same error?

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 19, 2023, 12:53:40 PM #2
No errors when I remove the prefix-list from the route map
Code Select

address-family ipv4 unicast
  redistribute connected
neighbor 10.113.255.0 activate
  neighbor 10.113.255.0 route-map rt_bgp_map out
neighbor 10.113.255.17 activate
  neighbor 10.113.255.17 route-map rt_bgp_map out
exit-address-family
!
address-family ipv6 unicast
  redistribute connected
exit-address-family
!

ip prefix-list acl_bgp_filter_out seq 10 deny x.x.x.x/29
!
ip prefix-list acl_bgp_filter_out seq 11 deny x.x.x.x/30
!
ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32
!
!
!
!
route-map rt_bgp_map permit 10
!
!
!
line vty
!
October 19, 2023, 06:46:03 PM #3 Last Edit: October 19, 2023, 06:48:03 PM by iislas18
I am running into a similar problem but with OSPF:

[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='Redistribution']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]

I am wondering if it has to do with "le" in the route-map:

ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32

this only started happening after upgrading to version 23.7.6
October 19, 2023, 08:48:48 PM #4
We're having the same issue after upgrading.  Must be a bug?

[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='Redistribution']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]
October 19, 2023, 09:34:30 PM #5
October 19, 2023, 09:38:56 PM #6
I am having the same issue as well since last update
October 20, 2023, 06:41:34 PM #7
same issue here after last update
Print
Go Up Pages1
User actions