Skip to content

Commit

Permalink
bgp: Don't apply ImportExportPolicy to withdrawn nlri
Browse files Browse the repository at this point in the history
Import/Export filters are meant to modify which advertised prefixes
are allowed. For Import, this is simply an allow-list that accepts a
subset of the advertised nlri in a received update. For Export, this
is an allow-list that accepts a subset of the locally originated nlri.
In neither case do you want to apply these filters to the list of
withdrawn nlri, as this can result in stale routes if a legitimate
withdrawal is not sent or received.

Fixes: #330

Signed-off-by: Trey Aspelund <[email protected]>
  • Loading branch information
taspelund committed Oct 18, 2024
1 parent a40b7b8 commit e71e1bc
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions bgp/src/session.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1896,7 +1896,6 @@ impl<Cnx: BgpConnection + 'static> SessionRunner<Cnx> {
.collect::<BTreeSet<crate::messages::Prefix>>();

update.nlri.retain(|x| message_policy.contains(x));
update.withdrawn.retain(|x| message_policy.contains(x));
};

let out = match self.shape_update(update, shaper_application)? {
Expand Down Expand Up @@ -1982,7 +1981,6 @@ impl<Cnx: BgpConnection + 'static> SessionRunner<Cnx> {
.collect::<BTreeSet<crate::messages::Prefix>>();

update.nlri.retain(|x| message_policy.contains(x));
update.withdrawn.retain(|x| message_policy.contains(x));
};

self.update_rib(&update, id, peer_as);
Expand Down

0 comments on commit e71e1bc

Please sign in to comment.