non-transitive Bandwidth ext-community setting on outbound route-map to eBGP peers

[kalebris]

Description

I am running FRRouting 8.5.4 (but confirmed behaviour in 8.4.4 as well).

When setting the BGP Bandwdith extended community with non-transitive keyword at the end it does not append the community to the list. This should be allowed just like metric or any other non-transitive communities.

Version

FRRouting 8.5.4 (lab-rtor-a05-r98) on Linux(6.1.0-11-2-amd64).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--disable-rpki' '--disable-scripting' '--enable-pim6d' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' '--enable-grpc' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

How to reproduce

The topology is simple, router1 ens3 interface is connected to router2 ens3 interface.
router 1 ip addr output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether XY:ZA:BC:DE:FG brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 192.0.2.2/30 brd 192.0.2.3 scope global ens3
       valid_lft forever preferred_lft forever

router 2 ip addr show:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.0.2.255/32 brd 192.0.2.255 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether link/ether XY:ZA:BC:DE:GF brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 192.0.2.1/30 brd 192.0.2.3 scope global ens3
       valid_lft forever preferred_lft forever

Router1 configuration:

frr version 8.4.4
frr defaults traditional
hostname FRR-1
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 65534
 neighbor 192.0.2.1 remote-as 65533
 !
 address-family ipv4 unicast
  neighbor 192.0.2.1 route-map PERMIT in
  neighbor 192.0.2.1 route-map PERMIT out
 exit-address-family
exit
!
route-map PERMIT permit 10
exit
!
end

Router2:

frr version 8.4.4
frr defaults traditional
hostname FRR2
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 65533
 neighbor 192.0.2.2 remote-as 65534
 !
 address-family ipv4 unicast
  redistribute connected
  neighbor 192.0.2.2 route-map PERMIT in
  neighbor 192.0.2.2 route-map SET-BW out
 exit-address-family
exit
!
route-map SET-BW permit 10
 set extcommunity bandwidth 1 non-transitive
 set metric 100
exit
!
route-map PERMIT permit 10
exit

Expected behavior

I expect the bandwidth community as well as the MED community to be set in the update.

Actual behavior

The Bandwidth community is not set, however the MED is.

Additional context

In addition to this certain network device vendor (and wireshark) doesn't recognize the bandwidth community when the first 2 octets are 0x00.

Checklist

• I have searched the open issues for this bug.
• I have not included sensitive information in this report.

[ton31337]

If you set non-transitive, then it's not sent to eBGP neighbors. This is how it's now implemented.

[kalebris]

I understand that is the current implementation. I'm saying that IMHO it should not be the case. There are other non-transitive attributes that can be set (like MED, no-export etc.) on outbound route-maps.

There is a use case for non-transitive bandwidth community sent to eBGP peers, as limiting the spread of the given bandwidth community to a single ASN, which is useful when trying to communicate the bandwidth to only 1 upstream ASN and not broadcast the given community to the whole internet if a given route makes it out.

[ton31337]

Yes, this needs to be reworked a bit not only for link bandwidth extended community, will do.

[kalebris]

thank you, for taking this on.

[ton31337]

Fixed here #17151, but it won't be backported to 8.5 for sure (too much rework, which might break something). If you could compile it, please test it. Or just grab the images from here.