FRR BGP Prefix-List RouteMap Bug

Question

FRR BGP Prefix-List RouteMap Bug

touqeeranjum opened this issue 4 months ago · comments

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

[x ] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
[ x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
[ x] The title contains the plugin to which this issue belongs

Describe the bug
There is an issue in FRR BGP Prefix-List and RouteMap where when a prefix-List with multiple networks (whether permitted or Denied)are added to RouteMap, only 1 network is advertised to the other peer. I have tested this over and over again between a Fortigate and an OPNSense v24.1.5.

https://forum.opnsense.org/index.php?topic=40066.0

To Reproduce
Steps to reproduce the behavior:

Create a new Prefix-List
Add any 2 or more different networks
Add the newly created prefix-List to a RouteMap
Add the RouteMap to the neighbour
Save the BGP settings

Screenshots

Expected behavior
The Fortigate will only receive 1 network from the Prefix-List

No Prefix-List added to neighbours

Routing table for VRF=0
B       10.10.11.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:00:00, [1/0]
B       10.10.12.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:00:00, [1/0]
B       10.10.13.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:00:00, [1/0]
C       192.168.3.0/24 is directly connected, port1
B       192.168.30.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:00:00, [1/0]
B       192.168.35.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:00:00, [1/0]
C       192.168.40.0/24 is directly connected, port2
C       192.168.50.0/24 is directly connected, port3

1 Prefix-List which has only 1 network (10.10.11.0/24) in it, advertises fine.

Routing table for VRF=0
B       10.10.11.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:00:15, [1/0]
C       192.168.3.0/24 is directly connected, port1
C       192.168.40.0/24 is directly connected, port2
C       192.168.50.0/24 is directly connected, port3

With 1 Prefix-List with 2 networks in it (10.10.11.0/24, 192.168.35.0/24), only 1 network is advertised.

Routing table for VRF=0
C       192.168.3.0/24 is directly connected, port1
B       192.168.35.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:00:20, [1/0]
C       192.168.40.0/24 is directly connected, port2
C       192.168.50.0/24 is directly connected, port3

Relevant log files
If applicable, information from log files supporting your claim.

Additional context
If a multiple Prefix-Lists are created with same name and different networks are created and then added to either RouteMap, or added as a prefix-List Outbound to the neighbours, it works as expected.

Routing table for VRF=0
B       10.10.11.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:01:52, [1/0]
C       192.168.3.0/24 is directly connected, port1
B       192.168.30.0/24 [20/1] via 192.168.3.151 (recursive is directly connected, port1), 00:01:52, [1/0]
C       192.168.40.0/24 is directly connected, port2
C       192.168.50.0/24 is directly connected, port3

Environment
Tested in ESXi, and VMware Workstation
Tested in OPNsense 24.1.5, and OPNSense v 23.1.11