Because in kernel protocol you shall write export filter. Also overlooked this at the first sight.

To accept routes from bgp to table, you write import filter, to send routes from table to kernel, you write export filter. The import/export semantics is table-centric.

Maria

On December 10, 2019 10:48:42 PM GMT+01:00, wax xitau <waxitau@gmail.com> wrote:
Thanks for the prompt response Maria. 

I actually had import all and that did not work either. I've added accept to the kernel protocol with the same results. 
I also don't have any log line about a filter rejecting or accepting.

// logs after restarting the bgp session 

2019-12-10 22:41:40.989 <INFO> Restarting protocol pe1
2019-12-10 22:41:40.989 <TRACE> pe1: Shutting down
2019-12-10 22:41:40.989 <TRACE> pe1: Shutdown requested
2019-12-10 22:41:40.989 <TRACE> pe1: State changed to stop
2019-12-10 22:41:40.989 <TRACE> pe1: BGP session closed
2019-12-10 22:41:40.990 <TRACE> pe1 > removed [sole] 10.2.34.0/24 unicast
2019-12-10 22:41:40.990 <TRACE> pe1 > removed [sole] 10.1.12.0/24 unicast
2019-12-10 22:41:40.990 <TRACE> pe1: Sending NOTIFICATION(code=6.4)
2019-12-10 22:41:40.990 <TRACE> pe1: Down
2019-12-10 22:41:40.990 <TRACE> pe1: State changed to flush
2019-12-10 22:41:40.990 <TRACE> pe1: State changed to down
2019-12-10 22:41:40.990 <TRACE> pe1: Starting
2019-12-10 22:41:40.990 <TRACE> pe1: State changed to start
2019-12-10 22:41:40.990 <TRACE> pe1: Started
2019-12-10 22:41:40.990 <TRACE> pe1: Connect delayed by 5 seconds
2019-12-10 22:41:44.994 <TRACE> pe1: Connecting to 192.168.254.1 from local address 192.168.254.0
2019-12-10 22:41:45.275 <TRACE> pe1: Connected
2019-12-10 22:41:45.275 <TRACE> pe1: Sending OPEN(ver=4,as=65099,hold=90,id=ac100165)
2019-12-10 22:41:45.363 <TRACE> pe1: Got OPEN(as=65001,hold=90,id=172.16.0.11)
2019-12-10 22:41:45.363 <TRACE> pe1: Sending KEEPALIVE
2019-12-10 22:41:45.576 <TRACE> pe1: Got KEEPALIVE
2019-12-10 22:41:45.576 <TRACE> pe1: BGP session established
2019-12-10 22:41:45.576 <TRACE> pe1: State changed to up
2019-12-10 22:41:45.576 <TRACE> pe1: Got UPDATE
2019-12-10 22:41:45.576 <TRACE> pe1 > added [best] 10.2.34.0/24 unicast
2019-12-10 22:41:45.576 <TRACE> pe1 < rejected by protocol 10.2.34.0/24 unicast
2019-12-10 22:41:45.576 <TRACE> pe1: Got UPDATE
2019-12-10 22:41:45.576 <TRACE> pe1 > added [best] 10.1.12.0/24 unicast
2019-12-10 22:41:45.576 <TRACE> pe1 < rejected by protocol 10.1.12.0/24 unicast
2019-12-10 22:41:45.576 <TRACE> pe1: Got UPDATE
2019-12-10 22:41:45.576 <TRACE> pe1: Got END-OF-RIB
2019-12-10 22:41:45.576 <TRACE> pe1 < rejected by protocol 10.2.34.0/24 unicast
2019-12-10 22:41:45.576 <TRACE> pe1 < rejected by protocol 10.1.12.0/24 unicast
2019-12-10 22:41:45.576 <TRACE> pe1: Sending END-OF-RIB

// kernel protocol

protocol kernel {
        scan time 10;
        learn;
        persist;
        ipv4 {
                #import filter {
                #       if net ~ [0.0.0.0/0, 192.168.255.0/24] then reject;
                #       accept;
                #};
                # export all;
                import all;       
        };
}

thx


On Tue, Dec 10, 2019 at 10:25 PM Maria Matějka <maria.matejka@nic.cz> wrote:
The kernel protocol import filter is missing the accept; statement after you selectively filter some prefices out. BIRD doesn't know whether you want to accept or reject these routes. It also shall warn you in log. Do you have any log line saying something about filter not rejecting nor accepting?
Maria

On December 10, 2019 10:09:06 PM GMT+01:00, wax xitau <waxitau@gmail.com> wrote:
Hi, 

Prefixes sent over a eBGP session are getting rejected "by protocol" as can be seen in the logs below.
The prefixes are "added" and then get "rejected" by protocol. This means that they are visible using the "show route protocol <protocol>"  but not "show route all" (and therefore impossible to push them to the kernel routing table). 


// logs

2019-12-10 21:15:00.774 <TRACE> pe1: BGP session established
2019-12-10 21:15:00.774 <TRACE> pe1: State changed to up
2019-12-10 21:15:00.774 <TRACE> pe1: Sending END-OF-RIB
2019-12-10 21:15:00.984 <TRACE> pe1: Got UPDATE
2019-12-10 21:15:00.984 <TRACE> pe1 > added [best] 10.2.34.0/24 unicast
2019-12-10 21:15:00.984 <TRACE> pe1 < rejected by protocol 10.2.34.0/24 unicast
2019-12-10 21:15:00.984 <TRACE> pe1: Got UPDATE
2019-12-10 21:15:00.984 <TRACE> pe1 > added [best] 10.1.12.0/24 unicast
2019-12-10 21:15:00.984 <TRACE> pe1 < rejected by protocol 10.1.12.0/24 unicast
2019-12-10 21:15:00.984 <TRACE> pe1: Got UPDATE
2019-12-10 21:15:00.984 <TRACE> pe1: Got END-OF-RIB 

Tcp dump of the corresponding update message(s): 

// tcpdump

21:18:59.652705 IP (tos 0xc0, ttl 1, id 7035, offset 0, flags [none], proto TCP (6), length 177)
    192.168.254.1.bgp > 192.168.254.0.41073: Flags [P.], cksum 0x4356 (correct), seq 83:208, ack 73, win 16384, options [nop,nop,TS val 2249949122 ecr 1355158152], length 125: BGP
Update Message (2), length: 51
 Origin (1), length: 1, Flags [T]: IGP
   0x0000:  00
 AS Path (2), length: 10, Flags [T]: 65001 65500
   0x0000:  0202 0000 fde9 0000 ffdc
 Next Hop (3), length: 4, Flags [T]: 192.168.254.1
   0x0000:  c0a8 fe01
 Updated routes:
   10.1.12.0/24
Update Message (2), length: 51
 Origin (1), length: 1, Flags [T]: Incomplete
   0x0000:  02
 AS Path (2), length: 10, Flags [T]: 65001 65500
   0x0000:  0202 0000 fde9 0000 ffdc
 Next Hop (3), length: 4, Flags [T]: 192.168.254.1
   0x0000:  c0a8 fe01
 Updated routes:
   10.2.34.0/24
Update Message (2), length: 23
 End-of-Rib Marker (empty NLRI)

The bgp session is over directly connected interfaces and the NLRI prefix next hops are therefore directly connected. 

// Configuration: 

protocol bgp pe1 {
        debug all;
        description "ebgp";
        hold time 90;
        local 192.168.254.0 as my_asn;
        neighbor 192.168.254.1 as peer_asn;
        direct;
        interpret communities off;
        ipv4 {
                table t_pe1;
                import all;
                export none;
                gateway direct;
        };
}

protocol device {
        scan time 10;
};

protocol direct {
        ipv4;
};

protocol kernel {
        scan time 10;
        learn;
        persist;
        ipv4 {
                import filter {
                        if net ~ [0.0.0.0/0, 192.168.255.0/24] then reject;
                };
        };
}

// relevant show results

bird> show route protocol pe1
Table t_pe1:
10.2.34.0/24         unicast [pe1 21:46:13.530] * (100) [AS65500?]
via 192.168.254.1 on ens5
10.1.12.0/24         unicast [pe1 21:46:13.530] * (100) [AS65500i]
via 192.168.254.1 on ens5
bird>

bird> show route all
Table master4:
172.16.0.11/32       unicast [rt_nh 20:25:25.379] * (200)
via 192.168.254.1 on ens5
Type: static univ
192.168.254.2/31     unicast [direct1 20:56:03.498] * (240)
dev ens6
Type: device univ
192.168.254.0/31     unicast [direct1 20:56:03.498] * (240)
dev ens5
Type: device univ
192.168.255.0/24     unicast [direct1 20:56:03.498] * (240)
dev ens4
Type: device univ
172.16.0.33/32       unicast [rt_nh 20:25:25.379] * (200)
via 192.168.254.3 on ens6
Type: static univ

Thanks,




--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.