Page MenuHomeVyOS Platform

Latest releases don't work with RPKI (crash)
Closed, ResolvedPublicBUG

Description

 interfaces {
     ethernet eth0 {
         address 192.168.100.2/24
     }
     loopback lo {
     }
 }
 policy {
     route-map ebgp-transit-rpki {
         rule 10 {
             action deny
             match {
                 rpki invalid
             }
         }
         rule 20 {
             action permit
             match {
                 rpki notfound
             }
             set {
                 local-preference 20
             }
         }
         rule 30 {
             action permit
             match {
                 rpki valid
             }
             set {
                 local-preference 100
             }
         }
     }
 }
 protocols {
+    bgp 198524 {
+        neighbor 1.2.3.4 {
+            address-family {
+                ipv4-unicast {
+                    nexthop-self {
+                    }
+                    route-map {
+                        import ebgp-transit-rpki
+                    }
+                }
+            }
+            remote-as 10
+        }
+    }
     rpki {
         cache routinator {
             address 192.168.100.90
             port 3323
         }
     }
     static {
         route 0.0.0.0/0 {
             next-hop 192.168.100.1 {
             }
         }
     }
 }
 service {
     ssh {
         listen-address 0.0.0.0
     }
 }
 system {
     config-management {
         commit-revisions 100
     }
     console {
         device ttyS0 {
             speed 115200
         }
     }
     host-name vyos
     login {
         user vyos {
             authentication {
                 encrypted-password ""
                 plaintext-password ""
             }
         }
     }
     ntp {
         server 0.pool.ntp.org {
         }
         server 1.pool.ntp.org {
         }
         server 2.pool.ntp.org {
         }
     }
     syslog {
         global {
             facility all {
                 level info
             }
             facility protocols {
                 level debug
             }
         }
     }
 }

Results in:

VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
  https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
  https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report Time:      2021-01-17 14:30:02
Image Version:    VyOS 1.4-rolling-202101160747
Release Train:    sagitta

Built by:         [email protected]
Built on:         Sat 16 Jan 2021 07:47 UTC
Build UUID:       a8191a11-6942-4b57-b37d-9a355c4201fa
Build Commit ID:  76f293633fb5fe

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    08fa42f5-2f1b-4f93-9251-53c5490ac3fe

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/protocols_bgp.py", line 165, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/protocols_bgp.py", line 141, in apply
    frr_cfg.commit_configuration(daemon='bgpd')
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 411, in commit_configuration
    reload_configuration('\n'.join(self.config), daemon=daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 186, in reload_configuration
    raise CommitError(f'Configuration FRR failed while commiting code: {repr(output)}')
vyos.frr.CommitError: Configuration FRR failed while commiting code: ''

Details

Difficulty level
Hard (possibly days)
Version
VyOS 1.4-rolling-202101160747
Why the issue appeared?
Issues in third-party code
Is it a breaking change?
Perfectly compatible

Event Timeline

In addition

neighbor remote-as internal/external seems also not be supported.

The rendered configuration is:

[email protected]# cat /tmp/bgp.frr
!
router bgp 198524
 !
 !
 !
 neighbor 1.2.3.4 remote-as 10
 !
 address-family ipv4 unicast
  neighbor 1.2.3.4 next-hop-self
  neighbor 1.2.3.4 route-map ebgp-transit-rpki in
  neighbor 1.2.3.4 activate
 exit-address-family
 !

 !
 !
 !
c-po changed the task status from Open to In progress.Jan 17 2021, 4:11 PM
c-po claimed this task.
c-po changed the task status from In progress to Confirmed.Jan 17 2021, 4:18 PM
c-po reassigned this task from c-po to runar.
c-po triaged this task as Unbreak Now! priority.

Possible reason in "reload section" frr.py + rpki

rpki
  rpki polling_period 3600
  rpki cache 192.0.2.2 3333 preference 1

"Cache with preference 1 is already configured"

r5-roll# conf t
r5-roll(config)# rpki
r5-roll(config-rpki)#   rpki polling_period 3600
r5-roll(config-rpki)#   rpki cache 192.0.2.2 3333 preference 1
Cache with preference 1 is already configured
r5-roll(config-rpki)#

Because rpki in section bgp
vtysh -c "show run bgpd"

After configuring rpki, we can't set/change/delete even description for the neighbor
Without RPKI, all works fine.
Separately template for bgp generate the correct configuration.

c-po changed the task status from Confirmed to Needs testing.Jan 23 2021, 9:55 AM
c-po changed Difficulty level from Unknown (require assessment) to Hard (possibly days).
c-po changed Why the issue appeared? from Will be filled on close to Issues in third-party code.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

This works for me now (in 1.4-rolling-202101240218)