Page MenuHomeVyOS Platform
Create Task
Maniphest T2326

Migrate NHRP(DMVPN) to FRR
In progress, HighPublicFEATURE REQUEST
Actions

Description

FRR support NHRP. We can use FRR nhrpd instead of openNHRP

Details

Difficulty level
Hard (possibly days)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Internal change (not visible to end users)

Related Objects
Search...

StatusSubtypeAssignedTask
 In progressFEATURE REQUESTv.hutiT2326 Migrate NHRP(DMVPN) to FRR
 On holdFEATURE REQUESTv.hutiT3040 NHRP IPv6 Support

Event Timeline

Unknown Object (User) created this task.Apr 18 2020, 2:14 PM
Unknown Object (User) triaged this task as High priority.Apr 21 2020, 8:53 PM
Viacheslav added a subscriber: Viacheslav.Apr 22 2020, 9:07 AM
hammerstud added a subscriber: hammerstud.Apr 23 2020, 4:31 PM
pasik added a subscriber: pasik.Apr 26 2020, 1:04 PM
Viacheslav added a comment.Jul 21 2020, 5:33 PM

FRR nhrpd do not support multicasting over GRE tunnels so OSPF or EIGRP don't work since they use multicast addresses to discover neighbors

jack9603301 added a subscriber: jack9603301.Jul 21 2020, 5:50 PM
runar added a subscriber: runar.Jul 21 2020, 5:58 PM

As i remember the lack of multicast replication was the reason this stopped up last time it was discussed... And as ospf and eigrp is the most used protocols run over dmvpn i think this is a showstopper for implementimg nhrpd

hammerstud added a comment.Jul 21 2020, 7:34 PM

Perhaps I'm one of the minority. but BGP is our predominant DMVPN routing protocol.

c-po added a subscriber: c-po.Jul 21 2020, 7:44 PM

@hammerstud that would work for you - but it will break everyone elses implementation ;)

hammerstud added a comment.Jul 21 2020, 7:45 PM

Of course :)

c-po mentioned this in T3040: NHRP IPv6 Support.Nov 8 2020, 7:40 PM
klipz added a subscriber: klipz.Apr 15 2021, 1:53 AM

@c-po There is some recent news on FRR's NHRPD and multicast support it seems, please see here:

http://docs.frrouting.org/en/latest/nhrpd.html#multicast-functionality

and here:

https://github.com/FRRouting/frr/commit/d75213d26036a2880f23f5e67cb1c890f20299de

francis added a subscriber: francis.Jun 4 2021, 4:44 PM
This comment was removed by francis.
klipz added a comment.Jul 31 2021, 2:49 AM

@c-po @Viacheslav
Further news on this topic - FRR 8.0 released yesterday (7/29) which includes the aforementioned nhrpd multicast improvements, among a lot of other nice things:

July 29, 2021
The FRR community is pleased to announce FRR 8.0.
In this release there are over 2200 commits from 91 different authors.
Please note that we expect to release a bugfix point release relatively soon after this release.

nhrpd
  -     Add nhrp multicast-nflog-group (1-65535) command
  -     Add configuration options for vici socket path
  -     Add support for forwarding multicast packets
  -     Fix handling of MTU
  -     Fix handling of NAT extension
  -     Retry IPsec under some conditions
francis added a comment.Jul 31 2021, 4:08 AM

I think NHRP Cisco Auth is still missing: https://github.com/FRRouting/frr/blob/master/nhrpd/nhrp_peer.c#L1212

This was sited to me as a concern for migrating to FRR

klipz added a comment.Aug 1 2021, 2:09 AM

I agree it would be nice to have the Cisco Auth functionality, however, the original author of opennhrp themselves recommend using FRR nhrpd instead where possible. It appears that most effort going forward will be put into FRR's nhrpd, and not the original opennhrp.

kevinrausch added a subscriber: kevinrausch.Aug 11 2021, 9:12 PM
erkin set Issue type to Internal change (not visible to end users).Aug 30 2021, 6:47 AM
erkin removed a subscriber: Active contributors.
Unknown Object (User) added a subscriber: Unknown Object (User).Sep 9 2021, 8:57 AM

Cisco Auth is a necessity for those who want to migrate from this vendor's hardware to VyOS. You can easily add a VyOS node to an existing DMVPN.

fernando added a subscriber: fernando.Oct 6 2021, 12:10 AM
sarthurdev added a subscriber: sarthurdev.Oct 13 2021, 4:08 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:25 AM
Viacheslav mentioned this in T4158: Add support for "ip nhrp registration no-unique" from FRR.Jan 10 2022, 6:17 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM
dogboy21 added a subscriber: dogboy21.Mar 21 2023, 8:17 AM
v.huti claimed this task.Apr 9 2023, 11:57 AM
v.huti changed Difficulty level from Unknown (require assessment) to Hard (possibly days).
syncer changed the task status from Open to In progress.Jul 11 2023, 11:56 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:42 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:30 PM
Viacheslav edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5).Aug 28 2023, 12:52 PM
v.huti added a comment.Nov 13 2023, 10:27 PM

I have created a draft pull request for FRR, but I can still see a bunch of odd bugs.
I'm going to activate it after additional testing by the team.
Most issues involve Wireshark's inability to parse packets correctly and display an exception, although the demons seem to run fine.
https://github.com/FRRouting/frr/pull/14788

dmbaturin edited projects, added VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.Feb 15 2024, 11:29 AM
a.apostoliuk added a subtask: T3040: NHRP IPv6 Support.Mar 13 2024, 1:53 PM