Synopsis: <problem with network statements in bgpd.conf> Category: <user i386 system> Environment: System : OpenBSD 5.4 Details : OpenBSD 5.4 (XXX) #7: Thu Mar 13 10:08:46 MSK 2014 [email protected]:/usr/src/sys/arch/i386/compile/XXX
Architecture: OpenBSD.i386 Machine : i386 Description: Using BGPD with neighbor properties: announce self announce IPv4 vpn announce refresh yes announce capabilities yes announce as-4byte no and then rdomain sections with rd/import-export rt/depend on mpeX Wildcard mask to ext-community filters are not supported yet, sad but true, tons of exact community values and its looking good. But seems like ext-community filters work unpredictable. Havent experience with bgpd self originated prefixes, simple case with allow to any ext-community X set prepend works good for me. How-To-Repeat: Once bgpd will get second ebgp session you may wish to manipulate vpnv4 updates from one ebgp peer to second and now filters do something but not you could expect. example: i have two ebgp peers for vpnv4 and want prefixes from one peer with ext-community Y to send to second peer. The filter: "allow to second-peer ext-community Y" does transit 10 prefixes of 300 which have ext-community Y. Make restart bgpd, second-peer now receives 15 or 17 or even 8 prefixes (and most of them even were not received before restart). Then i tryed workaround to locally convert ext-community to standard community, with filter: "match from first-peer ext-community Y set community X" "allow to second community X" with option 'quick' and many many other combinations with no success, only peer2 received prefix count changes after each bgpd restart. Fix: There is no fix. --
