After upgrade from 1.2.4 to a new rolling release (1.3-rolling-202005260117) OSPFv3 seems to be broken. I have previously tested earlier rolling releases for 1.3 and they have had the same issue. Rolling back to 1.2.4 resolves the problem.
There seems to be two issues:
- When using a redistribute route-map it doesn't seem to get added:
May 27 17:48:40 border2 ospf6d[5531]: route-map "OSPF-Filter" not found, suppress redistributing May 27 17:48:40 border2 ospf6d[5531]: message repeated 4 times: [ route-map "OSPF-Filter" not found, suppress redistributing]
The relevant configuration:
set policy route-map OSPF-Filter description 'This route map will apply to outgoing routes sent via OSPF' set policy route-map OSPF-Filter rule 10 action 'permit' set policy route-map OSPF-Filter rule 10 description 'Only permit loopback interface' set policy route-map OSPF-Filter rule 10 match interface 'lo' set policy route-map OSPF-Filter rule 100 action 'deny' set policy route-map OSPF-Filter rule 100 description 'Default deny' set protocols ospfv3 redistribute connected route-map 'OSPF-Filter'
From vtysh, running show route-map gives this:
OSPF6:
OSPF6: 'route-map OSPF-Filter' not found
BGP:
route-map: OSPF-Filter Invoked: 0
permit, sequence 10 Invoked 0
Match clauses:
interface lo
Set clauses:
Call clause:
Action:
Exit routemap
deny, sequence 100 Invoked 0
Match clauses:
Set clauses:
Call clause:
Action:
Exit routemap- OSPFv3 neighbors don't seem to establish at all. The full OSPFv3 related configuration:
set interfaces bonding bond0 vif 29 address '192.168.159.167/31' set interfaces bonding bond0 vif 29 address 'fd12:45:fff:29::2/126' set interfaces bonding bond0 vif 29 description 'Point to Point - DMZ' set interfaces bonding bond0 vif 29 ip ospf dead-interval '20' set interfaces bonding bond0 vif 29 ip ospf hello-interval '10' set interfaces bonding bond0 vif 29 ip ospf priority '220' set interfaces bonding bond0 vif 29 ip ospf retransmit-interval '5' set interfaces bonding bond0 vif 29 ip ospf transmit-delay '1' set interfaces bonding bond0 vif 29 ipv6 dup-addr-detect-transmits '1' set interfaces bonding bond0 vif 29 ipv6 ospfv3 cost '1' set interfaces bonding bond0 vif 29 ipv6 ospfv3 dead-interval '20' set interfaces bonding bond0 vif 29 ipv6 ospfv3 hello-interval '10' set interfaces bonding bond0 vif 29 ipv6 ospfv3 instance-id '0' set interfaces bonding bond0 vif 29 ipv6 ospfv3 priority '220' set interfaces bonding bond0 vif 29 ipv6 ospfv3 retransmit-interval '5' set interfaces bonding bond0 vif 29 ipv6 ospfv3 transmit-delay '1' set interfaces bonding bond0 vif 29 mtu '1500' set interfaces loopback lo address 'fd12:45::14/128' set policy route-map OSPF-Filter description 'This route map will apply to outgoing routes sent via OSPF' set policy route-map OSPF-Filter rule 10 action 'permit' set policy route-map OSPF-Filter rule 10 description 'Only permit loopback interface' set policy route-map OSPF-Filter rule 10 match interface 'lo' set policy route-map OSPF-Filter rule 100 action 'deny' set policy route-map OSPF-Filter rule 100 description 'Default deny' set protocols ospfv3 area 0.0.0.0 interface 'lo' set protocols ospfv3 area 0.0.0.0 interface 'bond0.29' set protocols ospfv3 area 0.0.0.0 range fd12:45:fff:29::/126 set protocols ospfv3 parameters router-id '192.168.159.241' set protocols ospfv3 redistribute connected route-map 'OSPF-Filter'
When monitoring the traffic from the router with tcpdump, I can see the following:
root@border2:/home/vyos# tcpdump -ni bond0.29 ip6 proto 0x59 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bond0.29, link-type EN10MB (Ethernet), capture size 262144 bytes 17:58:19.389720 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:19.508086 IP6 fe80::3efd:feff:fe30:59e0 > ff02::5: OSPFv3, Hello, length 36 17:58:20.362721 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:27.645470 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:28.045594 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:29.509266 IP6 fe80::3efd:feff:fe30:59e0 > ff02::5: OSPFv3, Hello, length 36 17:58:36.171969 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:36.765041 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:39.511996 IP6 fe80::3efd:feff:fe30:59e0 > ff02::5: OSPFv3, Hello, length 36 17:58:45.126460 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:45.479343 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:49.514905 IP6 fe80::3efd:feff:fe30:59e0 > ff02::5: OSPFv3, Hello, length 36 17:58:54.045182 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:54.153816 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:58:59.517426 IP6 fe80::3efd:feff:fe30:59e0 > ff02::5: OSPFv3, Hello, length 36 17:59:02.962280 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36 17:59:03.219654 IP6 fe80::da18:d300:1d78:8a20 > ff02::5: OSPFv3, Hello, length 36
fe80::3efd:feff:fe30:59e0 is the link local address of the VyOS router, fe80::da18:d300:1d78:8a20 is the link local address of the remote peer (Juniper EX4600).
No firewall rules are applied to bond0.29.
Checking the content of /boot/rw/opt/vyatta/etc/quagga/ospf6d.conf indicates the configuration seems to be missing:
Building configuration... Current configuration: ! frr version 7.3.1 frr defaults traditional hostname border2 log syslog informational service integrated-vtysh-config ! router ospf6 ! line vty ! end
From 1.2.4, the content of that file includes the various route-maps as well as the interface configs (this is from a different router so the interface names are different):
Building configuration... Current configuration: ! frr version 7.2 frr defaults traditional hostname border1 log syslog informational service integrated-vtysh-config ! interface bond0.28 ipv6 ospf6 cost 1 ipv6 ospf6 dead-interval 20 ipv6 ospf6 priority 220 ! interface bond1.32 ipv6 ospf6 cost 1 ipv6 ospf6 dead-interval 20 ipv6 ospf6 priority 210 ! router ospf6 ....