Reset Search
 

 

Article

BGP route policy performs improper community delete operation.

« Go Back

Information

 
TitleBGP route policy performs improper community delete operation.
Symptoms
BGP route policy performs improper community delete operation.
* rtr.oak.9 # sh ver
Switch      : 800554-00-04 1438N-42476 Rev 4.0 BootROM: 1.0.2.1    IMG: 16.1.3.6
X460-G2-VIM-2SS-B-1: 800558-00-03 1506N-41703 Rev 3.0
PSU-1       : Internal PSU-1 800515-00-03 1432E-40220
PSU-2       :

Image   : ExtremeXOS version 16.1.3.6 by release-manager
          on Thu Feb 4 13:10:10 EST 2016
BootROM : 1.0.2.1
Diagnostics : 3.1
* rtr.oak.10 # sh bgp neighbor

     Peer            AS         Weight State        InMsgs OutMsgs(InQ)  Up/Down
-----------------------------------------------------------------------------------
Ie-- 204.14.21.1     32808      1      ESTABLISHED  17738  17197 (0    ) 1:0:29:46
Ie-- 204.14.23.1     32808      1      CONNECT      0      0     (0    ) 1:1:17:50
Ie-- 2604:7b80:0:20::cbb1 32808      1      ESTABLISHED  15696  17196 (0    ) 1:0:29:33
Ie-- 2604:7b80:0:40::cbb1 32808      1      ACTIVE       0      0     (0    ) 1:1:17:50

Flags: (d) disabled, (e) enabled, (E) external peer, (I) internal peer
       (m) EBGP multihop, (r) route reflector client

BGP Peer Statistics
  Total Peers       : 4
  EBGP Peers        : 0                 IBGP Peers          : 4
  RR Client         : 0                 EBGP Multihop       : 0
  Enabled           : 4                 Disabled            : 0
* rtr.oak.11 # sh policy
  <cr>               Execute the command
  allowed-type       Show the list of currently supported and allowed traffic rules applied to the admin rules for each dot1D bridge port
  capability         Show policy capability
  detail             policy detail
  dynamic            Show status of dynamically assigned profiles
  invalid            Show the status of the action the device shall apply on an invalid/unknown policy
  maptable           Show VLAN ID - Policy Profile mappings table
  profile            Show current Policy Profile
  rule               Configure policy rule
  state              Show the current policy state
  vlanauthorization  Show VLAN Authorization information
  |                  Filter the output of the command
  <name>             policy name
    "hello"  "ibgp-cmty_ibgp-only-inout"
* rtr.oak.11 # sh policy "hello"
Policies at Policy Server:
Policy: hello
entry policy1 {
if match all {
    nlri 10.0.0.0/8 ;
    community "63000:200 63000:300" ;
}
then {
    community delete "64530:791" ;
    as-path "64533" ;
    permit  ;
    count hit ;
}
}
entry permitall {
if match any {
    nlri 0.0.0.0/0 ;
}
then {
    permit  ;
}
}
Number of clients bound to policy: 1
Client: bgp bound once

* rtr.oak.12 # sh bgp routes detail all

Routes:
Route: 10.0.0.0/8, Peer 204.14.21.1, BEST, Active
Origin IGP, Next-Hop 204.14.21.1, MED 0
Weight 1,
As-PATH: 64533
Community: 0:0 0:0



BGP Route Statistics
  Total Rxed Routes : 1
  Feasible Routes   : 1
  Active Routes     : 1
  Rejected Routes   : 0
  Unfeasible Routes : 0
Route Statistics on Session Type
  Routes from Int Peer: 1
  Routes from Ext Peer: 0

 
Environment
  • EXOS 16.1.3.6
  • BGP
Cause
When the "community delete <value>" or "extended-community delete <value>" operations are specified in a policy file the entire BGP community string for any matching route is zeroed out due to a memory overwrite of the byte array.  This operation is correctly programmed into the DC-BGP route-map using the AMB_BGP_REMOVE_SPECIFIC action, however because of an inconsistency between our custom code and the DC-BGP code the actual field containing the community (AMB_OID_BGP_MAP_SE_COMM or AMB_OID_BGP_MAP_SE_EXT_COMM) gets zeroed out.
The problem is that EXOS modified the separator value when you have a list of communities, DCL uses a comma ',' whereas EXOS uses a space ' '.  Simply modifying the separator to ',' could effect matching as well as require some changes to policy manager. Such behavior is caused by software defect xos0064496.
 
Resolution
 Upgrade to EXOS version where xos0064496  is fixed.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255