Hi,
We have the following setup (using GoBGP 3.36.0):
Node B and C are advertising default route toward Node A with MED 0 and 1 respectively.
Nodes B and C are gateways to the internet acting as High Availability, so in case of a failed Node the propogated default route toward Node A will select the valid route for redirecting traffic to the internet.
The configuration (see below) is also using VRFs on all Nodes (for supporting multi tenancy at Node B/C), and Route Reflection is defined on Node A for both peers. It means that Node B and C will have different VRF configuration for different set of nodes like A (but for simplicty a single tenant is used here).
The problem:
When simulating a failure (killing node B) and then starting it up again - during the recovery the peering between A and B is established but then an error message is seen.
It also happening when on node A, I disable/enable the peering to Node B.
{"Key":"172.20.0.10","State":"BGP_FSM_ESTABLISHED","Topic":"Peer","error":"Address-family rf 65664 not available for session","level":"warning","msg":"Session will be reset due to malformed BGP update message","time":"2025-11-20T13:48:38Z"}
This is causing the session to shutdown and re-establish with success, but takes twice the time to recover.
I've also captured the traffic that shows the update message which causing this error:
I've tried to block the advertisement of the default route from A to B by using policy (global) but it didn't helped either.
It seems that the VRFs solution internally is using MPLS VPN SAFI, but the routes that are added are SAFI unicast. So, it seems like some bug that routes advertised with SAFI VPN are blocked while VRF is configured.
I'm also not sure if the RR function here is working properly - I wouldn't expect Node A to send default route back to Node B.
Will appriciate if you can comment if something is not configured right by our side, or some missing data is needed.
PS: I've reproduced this issues locally using dockers, so if any debug info is needed please let me know.
Cheers
Eddie
Node A - Configuration
[global.config]
as = 65000
router-id = "172.20.0.10"
port = 179
local-address-list = ["172.20.0.10"]
[global.apply-policy.config]
default-export-policy = "accept-route"
default-import-policy = "accept-route"
[[vrfs]]
[vrfs.config]
name = "vrf1"
rd = "65000:100"
import-rt-list = ["65000:100"]
export-rt-list = ["65000:100"]
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.20"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
connect-retry = 10
keepalive-interval = 2
hold-time = 4
[neighbors.route-reflector.config]
route-reflector-client = true
route-reflector-cluster-id = "172.20.0.10"
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
local-address = "172.20.0.10"
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.30"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
connect-retry = 10
keepalive-interval = 2
hold-time = 4
[neighbors.route-reflector.config]
route-reflector-client = true
route-reflector-cluster-id = "172.20.0.10"
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
local-address = "172.20.0.10"
Node B Configuration
[global.config]
as = 65000
router-id = "172.20.0.20"
port = 179
local-address-list = ["172.20.0.20"]
[global.apply-policy.config]
default-export-policy = "accept-route"
default-import-policy = "accept-route"
[[vrfs]]
[vrfs.config]
name = "vrf1"
rd = "65000:100"
import-rt-list = ["65000:100"]
export-rt-list = ["65000:100"]
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.10"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
keepalive-interval = 2
hold-time = 4
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
passive-mode = true
local-address = "172.20.0.20"
Node C Configuration
[global.config]
as = 65000
router-id = "172.20.0.30"
port = 179
local-address-list = ["172.20.0.30"]
[global.apply-policy.config]
default-export-policy = "accept-route"
default-import-policy = "accept-route"
[[vrfs]]
[vrfs.config]
name = "vrf1"
rd = "65000:100"
import-rt-list = ["65000:100"]
export-rt-list = ["65000:100"]
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.10"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
keepalive-interval = 2
hold-time = 4
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
passive-mode = true
local-address = "172.20.0.30"
Hi,
We have the following setup (using GoBGP 3.36.0):
Node B and C are advertising default route toward Node A with MED 0 and 1 respectively.
Nodes B and C are gateways to the internet acting as High Availability, so in case of a failed Node the propogated default route toward Node A will select the valid route for redirecting traffic to the internet.
The configuration (see below) is also using VRFs on all Nodes (for supporting multi tenancy at Node B/C), and Route Reflection is defined on Node A for both peers. It means that Node B and C will have different VRF configuration for different set of nodes like A (but for simplicty a single tenant is used here).
The problem:
When simulating a failure (killing node B) and then starting it up again - during the recovery the peering between A and B is established but then an error message is seen.
It also happening when on node A, I disable/enable the peering to Node B.
This is causing the session to shutdown and re-establish with success, but takes twice the time to recover.
I've also captured the traffic that shows the update message which causing this error:
I've tried to block the advertisement of the default route from A to B by using policy (global) but it didn't helped either.
It seems that the VRFs solution internally is using MPLS VPN SAFI, but the routes that are added are SAFI unicast. So, it seems like some bug that routes advertised with SAFI VPN are blocked while VRF is configured.
I'm also not sure if the RR function here is working properly - I wouldn't expect Node A to send default route back to Node B.
Will appriciate if you can comment if something is not configured right by our side, or some missing data is needed.
PS: I've reproduced this issues locally using dockers, so if any debug info is needed please let me know.
Cheers
Eddie
Node A - Configuration
[global.config]
as = 65000
router-id = "172.20.0.10"
port = 179
local-address-list = ["172.20.0.10"]
[global.apply-policy.config]
default-export-policy = "accept-route"
default-import-policy = "accept-route"
[[vrfs]]
[vrfs.config]
name = "vrf1"
rd = "65000:100"
import-rt-list = ["65000:100"]
export-rt-list = ["65000:100"]
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.20"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
connect-retry = 10
keepalive-interval = 2
hold-time = 4
[neighbors.route-reflector.config]
route-reflector-client = true
route-reflector-cluster-id = "172.20.0.10"
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
local-address = "172.20.0.10"
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.30"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
connect-retry = 10
keepalive-interval = 2
hold-time = 4
[neighbors.route-reflector.config]
route-reflector-client = true
route-reflector-cluster-id = "172.20.0.10"
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
local-address = "172.20.0.10"
Node B Configuration
[global.config]
as = 65000
router-id = "172.20.0.20"
port = 179
local-address-list = ["172.20.0.20"]
[global.apply-policy.config]
default-export-policy = "accept-route"
default-import-policy = "accept-route"
[[vrfs]]
[vrfs.config]
name = "vrf1"
rd = "65000:100"
import-rt-list = ["65000:100"]
export-rt-list = ["65000:100"]
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.10"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
keepalive-interval = 2
hold-time = 4
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
passive-mode = true
local-address = "172.20.0.20"
Node C Configuration
[global.config]
as = 65000
router-id = "172.20.0.30"
port = 179
local-address-list = ["172.20.0.30"]
[global.apply-policy.config]
default-export-policy = "accept-route"
default-import-policy = "accept-route"
[[vrfs]]
[vrfs.config]
name = "vrf1"
rd = "65000:100"
import-rt-list = ["65000:100"]
export-rt-list = ["65000:100"]
[[neighbors]]
[neighbors.config]
neighbor-address = "172.20.0.10"
peer-as = 65000
vrf = "vrf1"
[neighbors.timers.config]
keepalive-interval = 2
hold-time = 4
[neighbors.graceful-restart.config]
enabled = true
restart-time = 4
[[neighbors.afi-safis]]
[neighbors.afi-safis.config]
afi-safi-name = "ipv4-unicast"
[neighbors.afi-safis.mp-graceful-restart.config]
enabled = true
[neighbors.transport.config]
passive-mode = true
local-address = "172.20.0.30"