FRR with confederation fails to export unless no bgp ebgp-requires-policy

[baldurn]

Description

FRR refuses to export to BGP peers in same confederation unless no bgp ebgp-requires-policy is set.

Show bgp neighbors will include the following (which is wrong because a policy is set):

Inbound path policy configured
Outbound path policy configured
Incoming update prefix filter list is *xxx
Outgoing update prefix filter list is *hostroutes
Inbound updates discarded due to missing policy
Outbound updates discarded due to missing policy

The exact same configuration without confederation is fine.

The configuration:

frr version 8.1
frr defaults traditional
hostname bng2
log syslog informational
service integrated-vtysh-config
!
ip router-id 91.x.x.7
!
router bgp 65004
no bgp ebgp-requires-policy
bgp confederation identifier 2xxxxx
bgp confederation peers 65001 65002 65003
neighbor edge peer-group
neighbor 91.x.x.6 remote-as 65001
neighbor 91.x.x.6 peer-group edge
neighbor 91.x.x.10 remote-as 65001
neighbor 91.x.x.10 peer-group edge
!
address-family ipv4 unicast
redistribute kernel
redistribute connected
neighbor edge soft-reconfiguration inbound
neighbor edge prefix-list nnn in
neighbor edge prefix-list hostroutes out
exit-address-family
exit
!
ip prefix-list hostroutes seq 1 deny 91.x.x.1/32
ip prefix-list hostroutes seq 2 deny 91.x.x.1/32
ip prefix-list hostroutes seq 5 permit 91.x.x.0/23 ge 32
ip prefix-list hostroutes seq 10 deny 0.0.0.0/0
ip prefix-list nnn seq 5 permit 91.x.x.0/23 ge 23
ip prefix-list nnn seq 10 deny 0.0.0.0/0
!
end

Version

bng2# show version
FRRouting 8.1 (bng2).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

How to reproduce

Export some routes to a iBGP peer without using confederation. Use show ip bgp 91.x.x.x to verify that it is advertised. Switch to a confederation setup with the peer in same confederation but a different member AS. Verify that the route is no longer advertised. Make sure there is a policy configured. Verify that the route is still not advertised. Use the "no bgp ebgp-requires-policy" command and verify that the path is advertised again.

Expected behavior

Routes are advertised to peers with a policy configured. I am not sure if it should behave identically to iBGP or not (ie. not require a policy at all).

Actual behavior

Routes are not advertised to peers even with a policy configured.

Additional context

No response

Checklist

• I have searched the open issues for this bug.
• I have not included sensitive information in this report.