Project

General

Profile

Actions

Bug #12815

closed

invalid IPv6 ACCEPTFILTER prefix-list

Added by Viktor Gurov about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
FRR
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

frr code does not create correct IPv6 prefix-list for IPv6 ACCEPTFILTER entries and does not have explicit 'permit any' at the end
/var/etc/frr/frr.conf fragment:

ip prefix-list ACCEPTFILTER seq 10 deny 192.168.88.0/24
ip prefix-list ACCEPTFILTER seq 20 deny 192.168.88.100/32
ip prefix-list ACCEPTFILTER seq 30 deny 192.168.45.0/24
ip prefix-list ACCEPTFILTER seq 40 deny 192.168.45.100/32
ip prefix-list ACCEPTFILTER seq 50 deny fc00:1234::/64
ip prefix-list ACCEPTFILTER seq 60 deny 3.3.3.0/24
ip prefix-list ACCEPTFILTER seq 70 permit any
!
route-map ACCEPTFILTER permit 10
 match ip address prefix-list ACCEPTFILTER
!
ip protocol bgp route-map ACCEPTFILTER
!
ip protocol ospf route-map ACCEPTFILTER
!
ipv6 protocol bgp route-map ACCEPTFILTER
!
ipv6 protocol ospf6 route-map ACCEPTFILTER

must be:

ipv6 prefix-list ACCEPTFILTER seq 10 deny fc00:1234::/64
ipv6 prefix-list ACCEPTFILTER seq 20 permit any

see https://forum.netgate.com/topic/169507/frr-bgp-not-distributing-ipv6

Actions #1

Updated by Viktor Gurov about 2 years ago

  • Assignee set to Viktor Gurov
Actions #2

Updated by Viktor Gurov about 2 years ago

  • Subject changed from invalid ACCEPTFILTER rule for IPv6 to invalid IPv6 ACCEPTFILTER prefix-list
Actions #3

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Pull Request Review
Actions #4

Updated by Viktor Gurov about 2 years ago

  • Status changed from Pull Request Review to Feedback
Actions #5

Updated by beermount beermount about 2 years ago

Viktor Gurov wrote in #note-4:

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2

Updated the package, unfortunately the fix does not work for me. Only by creating a seperate route-map and ACCEPTFILTER all routes are installed into fib.


ipv6 prefix-list ACCEPTFILTER6 seq 10 permit any
!
route-map ACCEPTFILTER6 permit 10
 match ipv6 address prefix-list ACCEPTFILTER6
!
ipv6 protocol bgp route-map ACCEPTFILTER6
!
ipv6 protocol ospf6 route-map ACCEPTFILTER6
Actions #6

Updated by Viktor Gurov about 2 years ago

beermount beermount wrote in #note-5:

Viktor Gurov wrote in #note-4:

Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2

Updated the package, unfortunately the fix does not work for me. Only by creating a seperate route-map and ACCEPTFILTER all routes are installed into fib.

[...]

extra fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/184

Actions #7

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Pull Request Review
Actions #8

Updated by Viktor Gurov about 2 years ago

  • Status changed from Pull Request Review to Feedback
Actions #9

Updated by beermount beermount about 2 years ago

This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept Filter is enabled on an ospf6 interface. But currently there is no such option as far as I can see.

Actions #10

Updated by Viktor Gurov about 2 years ago

beermount beermount wrote in #note-9:

This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept Filter is enabled on an ospf6 interface. But currently there is no such option as far as I can see.

Please create a new feature request for such option.

Actions #11

Updated by beermount beermount about 2 years ago

Will do when/if i need it, for now I consider the issue resolved =)

Actions #12

Updated by Viktor Gurov about 2 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF