Page MenuHomeVyOS Platform
Create Task
Maniphest T244

Issue with recursive static routing
Closed, WontfixPublic
Actions

Description

On VyOS 1.1.6, I am doing this:

set protocols static route X.X.X.X/32 next-hop '192.0.2.1'
set protocols static route 192.0.2.1/32 'blackhole'

$ sh ip route X.X.X.X
Routing entry for X.X.X.X/32
Known via "static", distance 1, metric 0, best
192.0.2.1 (recursive directly connected, Null0)

So a traceroute to X.X.X.X should go to Null0.
But the traceroute does not go to Null0, it is routed normally, as if there was no static route to blackhole.

Am I missing something ?

This is causing me nightmares to make uRPF to work, as I need to install in the RIB routes coming from a BGP peer with a next-hop going to Null0, as it is a condition for ip source-validation to work.
Dummy interfaces are useless in this situation.

Thank

David

Details

Difficulty level
Easy (less than an hour)
Version
-

Event Timeline

dponzone created this task.Jan 5 2017, 8:58 AM
syncer closed this task as Invalid.Aug 1 2017, 4:29 AM
syncer triaged this task as Normal priority.
syncer changed the edit policy from "Task Author" to "Custom Policy".
syncer set Version to -.

This looks like support question and not bug report
please create question instead

dponzone added a comment.Oct 4 2017, 5:52 AM

I am sorry, this is bug, I hardly see why it should be a support question.

dponzone reopened this task as Open.Oct 4 2017, 5:52 AM
syncer added a comment.Oct 4 2017, 9:29 AM

No version
No config
You have some task to accomplish and it not works as you need.

So it's really like support request rather than bug.
Will advise to test on 1.2 and report back

dponzone added a comment.Oct 4 2017, 9:33 AM

The version and the relevant lines of configuration are at the beginning.
Am I missing something ?

Unknown Object (User) added a subscriber: Unknown Object (User).Oct 4 2017, 10:56 AM

@dponzone check this thread, https://superuser.com/questions/1229275/linux-static-recursive-routes-not-supported
it will not work in a way you willing to have

dponzone added a comment.Oct 4 2017, 1:13 PM

Does that mean uRPF is useless in VyOS, or is there a workaround I failed to find ?

Unknown Object (User) added a comment.Oct 4 2017, 1:52 PM

As most of network internals inferred from Linux kernel, there is no direct way to achieve what you want.
You messing two different things as uRPF and recursive lookup. First works fine, second impossible.

dponzone added a comment.Oct 4 2017, 2:13 PM

I see your point, but generally, you want to use uRPF by receiving a BGP feed with prefixes to block, with a specific next hop, so you need to statically route this nexthop to blackhole, so all the prefixes are blackholed and uRPF can kick in.

syncer closed this task as Wontfix.Oct 11 2017, 9:38 PM
syncer edited projects, added Rejected; removed VyOS 1.1.x.Oct 15 2018, 6:30 AM