Description of problem: Creating a BGPPeer for a peer that is multi-hops away + in a different ASN than ours results in a connection that does not establish.
Bug fix validated QE-Validation Cluster version is 4.10.0-fc.2 1. Create FRR container on external multi-hop Server 2. Apply EBGP BGPpeer yaml 3. Create addresspool 4. Create service 5. Create backend service pod 6. Validate BGP adjacency cnf-executor-gkopels# sh ip bgp summary IPv4 Unicast Summary (VRF default): BGP router identifier 192.168.254.164, local AS number 64501 vrf-id 0 BGP table version 2 RIB entries 1, using 184 bytes of memory Peers 2, using 1433 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc 10.46.56.13 4 64500 23 22 0 0 0 00:09:48 1 0 N/A 10.46.56.14 4 64500 16 15 0 0 0 00:06:27 1 0 N/A Total number of neighbors 2 B> 4.4.1.10/32 [20/0] via 10.46.56.13 (recursive), weight 1, 00:07:50 * via 10.0.139.254, eth0, weight 1, 00:07:50 via 10.46.56.14 (recursive), weight 1, 00:07:50 via 10.0.139.254, eth0, weight 1, 00:07:50 ### External FRR Config ### Current configuration: ! frr version 8.3-dev_git frr defaults traditional hostname cnf-executor-gkopels log file /etc/frr/frr.log no ipv6 forwarding ! debug bgp neighbor-events debug bgp updates in debug bgp updates out ! ip route 10.46.56.0/24 192.168.254.1 ! router bgp 64501 bgp router-id 192.168.254.164 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check neighbor 10.46.56.13 remote-as 64500 neighbor 10.46.56.13 ebgp-multihop 255 neighbor 10.46.56.13 update-source eth0 neighbor 10.46.56.14 remote-as 64500 neighbor 10.46.56.14 ebgp-multihop 255 neighbor 10.46.56.14 update-source eth0 ! address-family ipv4 unicast neighbor 10.46.56.13 activate neighbor 10.46.56.14 activate exit-address-family ! address-family ipv6 unicast neighbor 10.46.56.13 activate neighbor 10.46.56.14 activate exit-address-family exit ! ip nht resolve-via-default ! ipv6 nht resolve-via-default ! end ### Speaker FRR Config ### Current configuration: ! frr version 7.5 frr defaults traditional hostname helix14.lab.eng.tlv2.redhat.com log file /etc/frr/frr.log informational log timestamp precision 3 service integrated-vtysh-config ! router bgp 64500 bgp router-id 10.46.56.13 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check neighbor 10.0.137.253 remote-as 64501 neighbor 10.0.137.253 ebgp-multihop 255 neighbor 10.0.137.253 timers 30 90 ! address-family ipv4 unicast network 4.4.1.10/32 neighbor 10.0.137.253 activate neighbor 10.0.137.253 route-map 10.0.137.253-in in neighbor 10.0.137.253 route-map 10.0.137.253-out out exit-address-family ! ip prefix-list 65535:65282-v4prefixes seq 5 permit 4.4.1.10/32 ip prefix-list 65535:65282-v4prefixes seq 10 permit 4.4.1.10/32 ip prefix-list 65535:65282-v4prefixes seq 15 permit 4.4.1.10/32 ip prefix-list 7003:7-v4prefixes seq 5 permit 4.4.1.10/32 ip prefix-list 7003:7-v4prefixes seq 10 permit 4.4.1.10/32 ip prefix-list 7003:7-v4prefixes seq 15 permit 4.4.1.10/32 ip prefix-list 200-v4localpref-prefixes seq 5 permit 4.4.1.10/32 ip prefix-list 200-v4localpref-prefixes seq 10 permit 4.4.1.10/32 ip prefix-list 200-v4localpref-prefixes seq 15 permit 4.4.1.10/32 ! route-map 10.0.137.253-in deny 20 ! route-map 10.0.137.253-out permit 1 match ip address prefix-list 200-v4localpref-prefixes on-match next set local-preference 200 ! route-map 10.0.137.253-out permit 2 match ip address prefix-list 65535:65282-v4prefixes on-match next set community no-advertise additive ! route-map 10.0.137.253-out permit 3 match ip address prefix-list 7003:7-v4prefixes on-match next set community 7003:7 additive ! route-map 10.0.137.253-out permit 4 ! ip nht resolve-via-default ! ipv6 nht resolve-via-default ! line vty ! end ###
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056