Bug #12815
closed
invalid IPv6 ACCEPTFILTER prefix-list
0%
Description
frr code does not create correct IPv6 prefix-list for IPv6 ACCEPTFILTER entries and does not have explicit 'permit any' at the end
/var/etc/frr/frr.conf fragment:
ip prefix-list ACCEPTFILTER seq 10 deny 192.168.88.0/24 ip prefix-list ACCEPTFILTER seq 20 deny 192.168.88.100/32 ip prefix-list ACCEPTFILTER seq 30 deny 192.168.45.0/24 ip prefix-list ACCEPTFILTER seq 40 deny 192.168.45.100/32 ip prefix-list ACCEPTFILTER seq 50 deny fc00:1234::/64 ip prefix-list ACCEPTFILTER seq 60 deny 3.3.3.0/24 ip prefix-list ACCEPTFILTER seq 70 permit any ! route-map ACCEPTFILTER permit 10 match ip address prefix-list ACCEPTFILTER ! ip protocol bgp route-map ACCEPTFILTER ! ip protocol ospf route-map ACCEPTFILTER ! ipv6 protocol bgp route-map ACCEPTFILTER ! ipv6 protocol ospf6 route-map ACCEPTFILTER
must be:
ipv6 prefix-list ACCEPTFILTER seq 10 deny fc00:1234::/64 ipv6 prefix-list ACCEPTFILTER seq 20 permit any
see https://forum.netgate.com/topic/169507/frr-bgp-not-distributing-ipv6
Updated by Viktor Gurov almost 3 years ago
- Assignee set to Viktor Gurov
Updated by Viktor Gurov almost 3 years ago
- Subject changed from invalid ACCEPTFILTER rule for IPv6 to invalid IPv6 ACCEPTFILTER prefix-list
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Pull Request Review
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
Updated by beermount beermount almost 3 years ago
Viktor Gurov wrote in #note-4:
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2
Updated the package, unfortunately the fix does not work for me. Only by creating a seperate route-map and ACCEPTFILTER all routes are installed into fib.
ipv6 prefix-list ACCEPTFILTER6 seq 10 permit any
!
route-map ACCEPTFILTER6 permit 10
match ipv6 address prefix-list ACCEPTFILTER6
!
ipv6 protocol bgp route-map ACCEPTFILTER6
!
ipv6 protocol ospf6 route-map ACCEPTFILTER6
Updated by Viktor Gurov almost 3 years ago
beermount beermount wrote in #note-5:
Viktor Gurov wrote in #note-4:
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2Updated the package, unfortunately the fix does not work for me. Only by creating a seperate route-map and ACCEPTFILTER all routes are installed into fib.
[...]
extra fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/184
Updated by Jim Pingle almost 3 years ago
- Status changed from Feedback to Pull Request Review
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
Updated by beermount beermount almost 3 years ago
This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept Filter is enabled on an ospf6 interface. But currently there is no such option as far as I can see.
Updated by Viktor Gurov almost 3 years ago
beermount beermount wrote in #note-9:
This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept Filter is enabled on an ospf6 interface. But currently there is no such option as far as I can see.
Please create a new feature request for such option.
Updated by beermount beermount almost 3 years ago
Will do when/if i need it, for now I consider the issue resolved =)
Updated by Viktor Gurov almost 3 years ago
- Status changed from Feedback to Resolved