What should happen if there is no routing-policy configured?
dplore opened this issue · 6 comments
Routing-policy describes what should happen when a policy is defined and applied.
public/release/models/policy/openconfig-routing-policy.yang
Lines 45 to 49 in 0bd6815
But there is not an explicit definition of what should happen if no policy is applied. For example, if a BGP session is configured, but no policy is configured for that session, I interpret that there is no policy and therefore all routes are accepted. If a policy is applied to a session, then the rules for that policy are enforced. (including for example, the default-import-policy which is REJECT
)
Do we need a clarification to the description of the routing-policy module?
I think, no-policy (including no default policy defined) for import and export == allow-all should only be applicable to IBGP.
For EBGP, no-policy (including no default policy defined) == deny-all for both import and export policies. This will keep EBGP behavior compliant with RFC8212
default-(import|export)-policy
is bad name it should by rathter default-(import|export)-action
. IMO it applys as follow:
- if no policy is configuterd, then
default-(import|export)-policy
is applied to all recived/advertised routes. - if policy/policiey-chain is configuterd,, but recived/advertised route do not match any statement, then
default-(import|export)-policy
is applied - if policy/policiey-chain is configuterd, recived/advertised route do match some statement, bu non of matched statement has route disposal (accept reject) action configured, then
default-(import|export)-policy
is applied. - if default-(import|export)-policy is NOT configured, and on of above conditions is met, then iBGP accept all revived/advertised routes, and eBGP reject all revived/advertised routes (RFC8212)
default-(import|export)-policy
is bad name it should by rathterdefault-(import|export)-action
. IMO it applys as follow:
- if no policy is configuterd, then
default-(import|export)-policy
is applied to all recived/advertised routes.- if policy/policiey-chain is configuterd,, but recived/advertised route do not match any statement, then
default-(import|export)-policy
is applied- if policy/policiey-chain is configuterd, recived/advertised route do match some statement, bu non of matched statement has route disposal (accept reject) action configured, then
default-(import|export)-policy
is applied.- if default-(import|export)-policy is NOT configured, and on of above conditions is met, then iBGP accept all revived/advertised routes, and eBGP reject all revived/advertised routes (RFC8212)
Probably openconfig/featureprofiles#2272 should help?
In YANG, if a container is a non-presence container then it is assumed to exist -- thus, if we have .../afi-safis/afi-safi[afi-safi-name=IPV4_UNICAST]
created (which we must to enabled the AFI-SAFI) then by default the apply-policy/default-(import|export)-policy
leaves are populated with the default value -- and hence an unspecified policy and unspecified default action means REJECT_ROUTE
.
Of course, relying on the YANG semantics here is complicated, so I suggest a clarification in the description would be useful.
Based on the current yang, an an unspecified policy and unspecified default action means eBGP AND iBGP both have REJECT_ROUTE applied. TO accept routes, one must explicitly add a policy OR explicitly change the default action to ACCEPT_ROUTE.
I will submit a PR to clarify the policy description. A subsequent PR could further change the model if the community wants to change this behavior.