Page MenuHomeVyOS Platform

Migrate NHRP(DMVPN) to FRR
Open, HighPublicFEATURE REQUEST

Description

FRR support NHRP. We can use FRR nhrpd instead of openNHRP

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Internal change (not visible to end users)

Event Timeline

Dmitry triaged this task as High priority.Apr 21 2020, 8:53 PM

FRR nhrpd do not support multicasting over GRE tunnels so OSPF or EIGRP don't work since they use multicast addresses to discover neighbors

As i remember the lack of multicast replication was the reason this stopped up last time it was discussed... And as ospf and eigrp is the most used protocols run over dmvpn i think this is a showstopper for implementimg nhrpd

Perhaps I'm one of the minority. but BGP is our predominant DMVPN routing protocol.

@hammerstud that would work for you - but it will break everyone elses implementation ;)

This comment was removed by francis.

@c-po @Viacheslav
Further news on this topic - FRR 8.0 released yesterday (7/29) which includes the aforementioned nhrpd multicast improvements, among a lot of other nice things:

July 29, 2021
The FRR community is pleased to announce FRR 8.0.
In this release there are over 2200 commits from 91 different authors.
Please note that we expect to release a bugfix point release relatively soon after this release.

nhrpd
  -     Add nhrp multicast-nflog-group (1-65535) command
  -     Add configuration options for vici socket path
  -     Add support for forwarding multicast packets
  -     Fix handling of MTU
  -     Fix handling of NAT extension
  -     Retry IPsec under some conditions

I think NHRP Cisco Auth is still missing: https://github.com/FRRouting/frr/blob/master/nhrpd/nhrp_peer.c#L1212

This was sited to me as a concern for migrating to FRR

I agree it would be nice to have the Cisco Auth functionality, however, the original author of opennhrp themselves recommend using FRR nhrpd instead where possible. It appears that most effort going forward will be put into FRR's nhrpd, and not the original opennhrp.

erkin set Issue type to Internal change (not visible to end users).Aug 30 2021, 6:47 AM
erkin removed a subscriber: Active contributors.

Cisco Auth is a necessity for those who want to migrate from this vendor's hardware to VyOS. You can easily add a VyOS node to an existing DMVPN.