v3 API ignores Global ApplyPolicy configuration

Question

v3 API ignores Global ApplyPolicy configuration

dswaffordcw opened this issue 3 months ago · 3 comments

Hi,

I am working with an existing GoBGP integration that uses the "v3 API", via a direct Go import. I am attempting to configure a default import policy over the API similar to the example shown in https://github.com/osrg/gobgp/blob/master/docs/sources/policy.md#42-attach-policy-to-route-server-client.

I am not seeing the expected result. This configuration should reject all announced BGP paths toward the GoBGP instance, yet they continue to be accepted and imported.

In #1768 (comment), I see another person reported the same issue with the V3 API on an old, closed, issue.

My code is as follows:


	gobgp "github.com/osrg/gobgp/v3/api"
	"github.com/osrg/gobgp/v3/pkg/server"

	s := server.NewBgpServer(server.LoggerOption(logger))
	go s.Serve()

	startReq := &gobgp.StartBgpRequest{
		Global: &gobgp.Global{
			Asn:        params.Global.ASN,
			RouterId:   params.Global.RouterID,
			ListenPort: params.Global.ListenPort,
			ApplyPolicy: &gobgp.ApplyPolicy{
				ImportPolicy: &gobgp.PolicyAssignment{
					DefaultAction: gobgp.RouteAction_REJECT,
				},
			},
		},
	}

	if err := s.StartBgp(ctx, startReq); err != nil {
		return nil, fmt.Errorf("failed starting BGP server: %w", err)
	}

In the output below, I am observing the accepted/imported routes from the GoBGP instance using a custom CLI tool. This is a route that was announced to a remote FRR instance and then advertised into this GoBGP instance. It should have been rejected.

$  cilium bgp routes
(Defaulting to `available ipv4 unicast` routes, please see help for more options)

Node                              VRouter   Prefix           NextHop    Age      Attrs
bgp-cplane-dev-v4-control-plane   65001     100.64.12.1/32   10.0.1.1   30m51s   [{Origin: i} {AsPath: 65000 65002} {Nexthop: 10.0.1.1} {Communities: 65002:100} {LargeCommunity: [ 65002:100:1]}]

Answer 1 · 2024-06-14T12:26:48.000Z

Policy in gobgp.StartBgpRequest will be ignored if I remember correctly.

You could work around like the following:

s.SetPolicyAssignment(context.Background(), &api.SetPolicyAssignmentRequest{
	Assignment: &api.PolicyAssignment{
		Name:          "global",
		Direction:     api.PolicyDirection_IMPORT,
		DefaultAction: api.RouteAction_REJECT,
	},
})

Answer 2 · 2024-06-15T02:01:20.000Z

@fujita Thanks! SetPolicyAssignment() works well.

If configuring a policy is not supported during startup, would you be open to a pull request to delete ApplyPolicy from message Global on https://github.com/osrg/gobgp/blob/master/api/gobgp.proto#L1109C1-L1109C33?

Or adding an error on startup if it's populated?

Answer 3 · 2024-06-15T05:08:08.000Z

I prefer to add an error because I don't want to change the API without the major version updated.