Almost a year later and the issue is still present. I'm not being able to find a workaround. all /32 that are announced from BGP peer are filtered by the rule
The following output is taken when the filter rule is active:And when the rule is disabled:My address-list contains only:I didn't had the chance to check the advertisements yet, but definitely the received routes are affected.
Any advice here?
Code:
chain=BGP_IN_VPN_VDF rule="if ( dst in BGP_NETWORKS_VPN_VDF ) { reject; }" The following output is taken when the filter rule is active:
Code:
[local@NSG_MB_Core] /routing/filter/rule> /routing/route/print detail where gateway=10.1.255.1 and 81.181.171.131 in dst-addressFlags: X - disabled, F - filtered, U - unreachable, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, i - isis, d - dhcp, v - vpn, m - modem, a - ldp-address, l - ldp-mapping, g - slaac, y - bgp-mpls-vpn; H - hw-offloaded; + - ecmp, B - blackhole b afi=ip4 contribution=best-candidate dst-address=0.0.0.0/0 routing-table=main gateway=10.1.255.1 immediate-gw=10.1.255.1%vlan4004 distance=150 scope=40 target-scope=10 belongs-to="bgp-IP-10.1.255.1" bgp.session=VDF_VPN-1 .as-path="64891,12302,12302,207737" .communities=64891:1,64891:100,64891:1006 .weight=90 .local-pref=90 .origin=igp debug.fwp-ptr=0x20342BA0 Fb afi=ip4 contribution=filtered dst-address=81.181.171.131/32 routing-table=main gateway=10.1.255.1 immediate-gw=10.1.255.1%vlan4004 distance=20 scope=40 target-scope=10 belongs-to="bgp-IP-10.1.255.1" bgp.session=VDF_VPN-1 .as-path="64891,12302,12302,207737" .communities=64891:1 .origin=igp debug.fwp-ptr=0x20342BA0 Code:
[local@NSG_MB_Core] /routing/filter/rule> /routing/route/print detail where gateway=10.1.255.1 and 81.181.171.131 in dst-addressFlags: X - disabled, F - filtered, U - unreachable, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, i - isis, d - dhcp, v - vpn, m - modem, a - ldp-address, l - ldp-mapping, g - slaac, y - bgp-mpls-vpn; H - hw-offloaded; + - ecmp, B - blackhole b afi=ip4 contribution=best-candidate dst-address=0.0.0.0/0 routing-table=main gateway=10.1.255.1 immediate-gw=10.1.255.1%vlan4004 distance=150 scope=40 target-scope=10 belongs-to="bgp-IP-10.1.255.1" bgp.session=VDF_VPN-1 .as-path="64891,12302,12302,207737" .communities=64891:1,64891:100,64891:1006 .weight=90 .local-pref=90 .origin=igp debug.fwp-ptr=0x20342BA0 Ab afi=ip4 contribution=active dst-address=81.181.171.131/32 routing-table=main gateway=10.1.255.1 immediate-gw=10.1.255.1%vlan4004 distance=20 scope=40 target-scope=10 belongs-to="bgp-IP-10.1.255.1" bgp.session=VDF_VPN-1 .as-path="64891,12302,12302,207737" .communities=64891:1 .origin=igp debug.fwp-ptr=0x20342BA0 Code:
[local@NSG_MB_Core] /routing/filter/rule> /ip fi address-list/print where 81.181.171.131 in address and list=BGP_NETWORKS_VPN_VDF Columns: LIST, ADDRESS, CREATION-TIME# LIST ADDRESS CREATION-TIME ;;; NSG #001 - ICI2 BGP_NETWORKS_VPN_VDF 81.181.171.0/24 2025-04-22 01:13:18;;; NSG #000 - ICI3 BGP_NETWORKS_VPN_VDF 81.181.170.0/23 2025-04-22 01:13:18Any advice here?
Statistics: Posted by novasys — Tue Apr 22, 2025 4:22 am