remove-private-AS all replace-AS not removing sub AS from AS path

[RajdeepMondal]

Description

I have three routers R1, R2 and R3 connected in series. R1 is an ExaBGP router, while R2 and R3 both run FRR. R1 injects the route 100.10.0.0/24 next-hop self into R2. The topology is as follows:

R1(3.0.0.3)<---------------------------->(3.0.0.2)R2(4.0.0.2)<----------------------------------->(4.0.0.3)R3
[AS 65533]                             [confed AS 64512, sub AS 257]                       [confed AS 422, sub AS 256]

For all routes going from R2 to R3, we have "remove-private-AS all replace-AS" enabled.
R2 receives the prefix 100.10.0.0/24 from R1 with the AS path as [65533]
We observed that while advertising the prefix 100.10.0.0/24 to R3, R2 removes the AS number 65533 from the AS path and adds its own sub AS number 257 as well as its own confederation ID 64512. So the resulting AS path R3 receives is [64512 257].

Version

10.1

How to reproduce

Here are the configurations:
Exabgp:

process announce-routes {
    run python exabgp/example.py;
    encoder json;
}

neighbor 3.0.0.2 {                 # Remote neighbor to peer with
    router-id 3.0.0.3;              # Our local router-id
    local-address 3.0.0.3;          # Our local update-source
    local-as 65533;                    # Our local AS
    peer-as 64512;                     # Peer's AS

    api {
        processes [announce-routes];
    }
}

I am sending the following route using ExaBGP:

announce route 100.10.0.0/24 next-hop self

R2 configuration:

log file /var/log/frr/bgpd.log
debug bgp updates

router bgp 257
  bgp confederation identifier 64512  
  no bgp ebgp-requires-policy
  neighbor 3.0.0.3 remote-as 65533
  neighbor 4.0.0.3 remote-as 422
  neighbor 4.0.0.3 remove-private-AS all replace-AS 

R3 configuration:

log file /var/log/frr/bgpd.log
debug bgp updates

router bgp 256
  no bgp ebgp-requires-policy
  bgp confederation identifier 422
  neighbor 4.0.0.2 remote-as 64512

Expected behavior

According to RFC 5065,

... if any path segments of the AS_PATH are of the type AS_CONFED_SEQUENCE or AS_CONFED_SET, those segments MUST be removed from the AS_PATH attribute...

Accordingly, sub AS number 257 should not be visible to R3.

Actual behavior

The route received at R2 has the AS path [65533].
The route received at R3 has the AS path [64512 257].

Not only is 257 not within parantheses, it should also not be present in the AS path received by a router outside the confederation 64512.

Additional context

No response

Checklist

• I have searched the open issues for this bug.
• I have not included sensitive information in this report.

[ton31337]

I'm confused, what is the use case with your topology/configuration? What you do should be more like a "local-as" instead of a confederation. Your confederation does not contain any members, only identifier...