Bug #15857
open
FRR BGP generates an invalid config when peer group with a space in its name is used
0%
Description
When creating a peer group by going to Services > FRR BGP > Neighbors > Add and entering a name to create a peer group, then selecting that peer group when creating a neighbor, FRR as a whole no longer functions. I didn't see any information in system logs with FRR logging enabled but when going to the shell and attempting to start FRR manually, it indicates that there was an unknown command on the line of the config where the peer group is referenced. After changing the name to use an underscore rather than a space FRR starts working again. There's no indication in the web UI that names can't contain spaces, nor does it stop you from entering a name with a space like most of the rest of the pfSense UI does. It occurred to me after the fact that it was a bad idea to use a name with a space anyway, but it would be nice to remove the foot gun by adding a note under the text entry field and validating that the name doesn't contain a space. This is especially true since the minimal logging for FRR makes the issue non-obvious for users. The issue only occurs when the peer group is referenced by a neighbor - just creating a peer with a space in the name doesn't cause a problem. I've reproduced the behavior on both CE and Plus.
Updated by Azamat Khakimyanov 5 days ago
Tested on 2.7.2
I can reproduce this issue on 2.7.2: when I created Peer Group with the name Peer Group and restarted BGP, I got all FRR deamon going down and in /var/log/frr/frr-reload.log I saw
2025-10-18 10:45:42,758 ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 2: b'line 17: % Unknown command: neighbor 80.255.128.1 peer-group Peer Group\n\n'
When I used quotation marks in the peer group name: "Peer Group", FRR doesn't stop working and this peer group was just ignored.
On 2.8.1 and 25.07.1 I still got
2025-10-18 08:49:20,503 ERROR: vtysh failed to process new configuration: vtysh (mark file) exited with status 2: b'line 18: % Unknown command: neighbor 80.255.128.3 peer-group Peer Group\n\n'
but using Space in the peer group name didn't cause any harmful effect on FRR, this peer group was just ignored and the BGP Neighbor which was placed in this peer group was in the BGP config with Active status, but just not as a member of any peer group.
Neither Netgate Docs, nor FRR official docs have any limitations for Peer Group name. In FRR docs it said
neighbor WORD peer-group This command defines a new peer group.