When using a rule forcing the nexthop to a specific address bgpd
currently does not mark that nexthop as no-modify. In other words
the default rules for nexthop propagation applies. This means that
for ebgp it only sends out the set nexthop when this nexthop is connected
and on the same network as the peer. So while the Adj-RIB-Out shows the
right nexthop it is actually not on the wire.
This diff changes set nexthop 198.51.100.42 to also imply set nexthop
no-modify. This way the set nexthop is always on the wire.
The problem with that is that it will hand you a nice footgun ready to
blow of your big toe (but in the end the current behaviour is doing the
same just with a different angle of attack) .
The set nexthop section in bgpd.conf.5 needs to be adjusted once a
decision is made on how to handle this.
--
:wq Claudio
Index: rde_rib.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde_rib.c,v
retrieving revision 1.190
diff -u -p -r1.190 rde_rib.c
--- rde_rib.c 7 Mar 2019 07:42:36 -0000 1.190
+++ rde_rib.c 13 May 2019 17:32:14 -0000
@@ -1491,7 +1491,7 @@ nexthop_modify(struct nexthop *setnh, en
break;
nexthop_put(*nexthop);
*nexthop = nexthop_ref(setnh);
- *flags = 0;
+ *flags = NEXTHOP_NOMODIFY;
break;
default:
break;
