Feature Request: a way to see if a route is not exported / imported due to policys

[imcom]

eg a R1 sends 10.0.0.0/24 and i have a policy that filteres bogons from that router.

like Quagga or FRR. This feature is quite useful in traffic engineering and troubleshooting , routers like Cisco or Juniper also support similar feature to show hidden routes (filtered) and locally accepted routes etc.

Perhaps a variable on each path that tells me the reason for it being filtered like a reference to what policy blocked it

Please refer to Juniper's Understanding hidden routes for the hidden routes and its purposes and reasons

Thanks in advance

[thoro]

Just for reference, should be possible to make with a few easy changes:

in Path: add a reason of policy rejection (completely internal) and pass that to api
in policy.ApplyPolicy: save the last run policy before a reject was given -> put it into the original path
cli: print the new policy reject field - and possibly add a filter

That should make it possible to see why a certain path was rejected (for the adj-in table)

For the adj-out table you can get the filtered paths from getBestFromLocal (server.go:getAdjRib) -> that's why adj-out takes a long time, each time it's called all paths are reevaluated

[thoro]

Implemented my proposal in the attached PR, except for the filtered paths, at least you see when a path was Accepted ;)

New field "Policy" in the cli output for RIB shows in the format:

A/import/match_incomplete

[A]ccepted|[R]ejected/Policy Name/Statement Name

[emil-palm]

I've been hacking a little on this also.

From what i've concluded until now is;

Either we implement a separat table for rejected incomming routes.

Or we store the rejected incoming routes in the general table that is already setup.
But if we do this we need to adapt all the APIs and usage where we apply a policy to the path. Since now if a path is rejected by a policy we return a "nil" instead of a path.

I dont know where we really should put this.
My initial simple implementation did a separate table for invalid routes but i think its very hacky.

And i think we should save the routes in the table even if they are invalid and do the filtering based information attached to the path by the policys.

1. Path is recieved
2. import policies are applied, if they should be rejected, they are marked with a referense to what policy rejected.
3. if the policy is not rejected update the tables on all neighbours.
4. export policys are applied, if they should be rejected they are marked with a reference to what policy rejected the path. GOTO END
5. if policy is not rejected continue with sending the BGP updates
6. END

[thoro]

Actually, the incoming routes are saved in the adj-rib, and are just passed to the global rib as a withdraw.

That's because you can change the Policy at runtime and reevaluate the adj-rib

[emil-palm]

Yeah i saw that the adj-in does have all the routes I’ve began writing a PR to get the information saved on the path if it’s rejected or not and which policy that if so rejected it.

[emil-palm]

I wrote this today;

Netnod@3eaf07c

Also added a "detail" flag to adj-in for example;

# ./gobgp nei 10.0.2.20 adj-in 77.80.128.0/17 detail
Target Prefix: 77.80.128.0/17, AS: 65002
  This route is Accepted
# ./gobgp nei 10.0.2.20 adj-in 77.80.0.0/12 detail
Target Prefix: 77.80.0.0/12, AS: 65002
  This route is Filtered

  Policy: as65002-ipv4-import
  Statement: Reject IPV4 PREFIXES not belonging to AS65002
`

[fujita]

@mrevilme thanks a lot
from the quick look, some comments from me

• needs to add option listpathrequest. This feature needs to be enable only when specified.
• prefers to avoid adding policy to path. policy is kinda large. fatten path hurts the performance of listpath api. If you have multiple full routes, then it matters.
• really want to avoid cloning path. that's another performance killer.

[fujita]

The size of api.Policy structure is 40 bytes at least. This hurts the performance of an often-use feature, getting the paths in the rib. I really want to avoid fattening api.Path.
How about simply returning filter paths by ListPath API()? if the details is necessary, a client can get the policies and evaluates the paths.

[fujita]

#2063

ListPath API will support the feature to show routes filtered by import/export policies.

Anyone is interested in making the CLI (gobgp) to support this feature?