Page MenuHomeVyOS Platform

BGP: system wide known interface can not be used as neighbor
Closed, ResolvedPublicBUG

Description

When trying to use system known interfaces found here:

wfalc@hel1me1fi:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 fe80::200:ff:fe00:0/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 96:00:00:a1:e9:a0 brd ff:ff:ff:ff:ff:ff
    inet 135.XXX.XXX.XXX/32 brd 135.181.194.0 scope global dynamic eth0
       valid_lft 83325sec preferred_lft 83325sec
    inet6 fe80::9400:ff:fea1:e9a0/64 scope link 
       valid_lft forever preferred_lft forever
3: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 100.XXX.XXX.XXX/32 scope global tailscale0
       valid_lft forever preferred_lft forever
    inet6 XXXX:XXX:XXX:XXXX:XXXX:XXXX:XXXX:XXXX/128 scope global 
       valid_lft forever preferred_lft forever

for BGP config like:

set protocols bgp 64718 peer-group fabric capability extended-nexthop
set protocols bgp 64718 peer-group fabric remote-as 'external'
set protocols bgp 64718 neighbor tailscale0 peer-group 'fabric'
set protocols bgp 64718 neighbor tailscale0 remote-as 'external'

it will fail as such:

wfalc@hel1me1fi# set protocols bgp 64718 neighbor tailscale0 peer-group 'fabric'
  Invalid value
  Value validation failed
  Set failed
[edit]

To change it we could either add a function to detect all interfaces in "ip addr"

or add following change to this file:

https://github.com/vyos/vyos-1x/blob/current/src/validators/https://phabricator.vyos.net/T3418interface-name#L20

pattern = '^(bond|br|dum|en|ersp|eth|gnv|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|tailscale|vti|vtun|vxlan|wg|wlan|wlm)[0-9]+(.\d+)?|lo$'

Details

Difficulty level
Easy (less than an hour)
Version
1.4-rolling-202103210217
Why the issue appeared?
Design mistake
Is it a breaking change?
Stricter validation

Event Timeline

c-po renamed this task from Using system known interfaces dont work to BGP: system wide known interface can not be used as neighbor.Sun, Mar 21, 12:19 PM
c-po claimed this task.
c-po triaged this task as High priority.
c-po changed Is it a breaking change? from Config syntax change (migratable) to Stricter validation.
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.

This is still a issue i build a new image with https://github.com/vyos/vyos-1x/commit/911fe645928750f3ce38061a94c9b6db50db0749 and it was spitting out errors :/

Tested with both 2 and 4 byte AS Numbers just to see if it was related to the ASN but same result.

wfalc@hel1me1fi:~$ conf
[edit]
wfalc@hel1me1fi# set protocols bgp 420001 neighbor tailscale0 peer-group 'fabric'
[edit]
wfalc@hel1me1fi# set protocols bgp 420001 peer-group fabric capability extended-nexthop

  Configuration path: [protocols bgp 420001 peer-group fabric capability extended-nexthop] already exists

[edit]
wfalc@hel1me1fi# set protocols bgp 420001 peer-group fabric remote-as 'internal'

  'internal' is not a valid integer number
  
  Configuration path: [protocols bgp 420001 peer-group fabric remote-as internal] already exists

[edit]
wfalc@hel1me1fi# comp
[edit protocols bgp 420001]
+neighbor tailscale0 {
+    peer-group fabric
+}
[edit]
wfalc@hel1me1fi# commit
[ protocols bgp 420001 ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
  https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
  https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your 
  business policy requires it)
- and include all the information presented below

Report Time:      2021-03-21 14:12:06
Image Version:    VyOS 1.4-rolling-202103211342
Release Train:    sagitta

Built by:         wfalcon@gmail.com
Built on:         Sun 21 Mar 2021 13:42 UTC
Build UUID:       234c279f-dd8c-4fce-a50f-ec9ca42e712b
Build Commit ID:  30180961225ce0

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  Hetzner
Hardware model:   vServer
Hardware S/N:     10739356
Hardware UUID:    746ebc23-cfae-4a9e-b01d-737a6d45ba6d

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/protocols_bgp.py", line 244, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/protocols_bgp.py", line 229, in apply
    frr_cfg.commit_configuration(frr_daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 442, in commit_configuration
    reload_configuration('\n'.join(self.config), daemon=daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 203, in reload_configuration
    raise CommitError(f'Configuration FRR failed while commiting code, please enabling debugging to examine logs')
vyos.frr.CommitError: Configuration FRR failed while commiting code, please enabling debugging to examine logs



[[protocols bgp 420001]] failed
Commit failed

The first error is related to T2759 and can be ignored.

For the second one, can you please provide your full BGP config by pasting the content of show configuration commands | match bgp\|policy

In T3418#90244, @c-po wrote:

The first error is related to T2759 and can be ignored.

For the second one, can you please provide your full BGP config by pasting the content of show configuration commands | match bgp\|policy

wfalc@hel1me1fi:~$ show configuration commands | match bgp\|policy
set protocols bgp 420001 peer-group fabric capability extended-nexthop
set protocols bgp 420001 peer-group fabric remote-as 'internal'
wfalc@hel1me1fi:~$

Full dump of config

wfalc@hel1me1fi:~$ show configuration commands
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 address 'dhcpv6'
set interfaces loopback lo
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '100.64.0.0/10'
set nat source rule 100 translation address 'masquerade'
set protocols bgp 420001 peer-group fabric capability extended-nexthop
set protocols bgp 420001 peer-group fabric remote-as 'internal'
set service ssh listen-address 'xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx'
set service ssh listen-address '100.xx.xx.xx'
set service ssh listen-address '0.0.0.0'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'hel1me1fi'
set system login user wfalc authentication encrypted-password
set system name-server '1.1.1.1'
set system name-server '8.8.8.8'
set system name-server '9.9.9.9'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
wfalc@hel1me1fi:~$

Please note that

set protocols bgp 420001 neighbor tailscale0 peer-group 'fabric'
set protocols bgp 420001 neighbor tailscale0 remote-as 'external'

Is not on due to previous stated error preventing me from commiting.

I wonder if this used to work in the past?

This triggers an FRR error:

frr-reload output: 141 2021-04-05 15:25:01,386  INFO: /var/run/frr/reload-B2V8ID.txt content
frr-reload output: 142 ['router bgp 100\n neighbor tailscale0 peer-group fabric\n',
frr-reload output: 143  'router bgp 100\n neighbor tailscale0 remote-as external\n',
frr-reload output: 144  'router bgp 100\n neighbor tailscale0 peer-group fabric\n',
frr-reload output: 145  'router bgp 100\n neighbor tailscale0 remote-as external\n']
frr-reload output: 146 % Malformed address or name: tailscale0
frr-reload output: 147 line 2: Failure to communicate[13] to bgpd, line:  neighbor tailscale0 peer-group fabric
frr-reload output: 148
frr-reload output: 149 % Create the peer-group or interface first
frr-reload output: 150 line 5: Failure to communicate[13] to bgpd, line:  neighbor tailscale0 remote-as external
frr-reload output: 151
frr-reload output: 152 % Malformed address or name: tailscale0
frr-reload output: 153 line 8: Failure to communicate[13] to bgpd, line:  neighbor tailscale0 peer-group fabric
frr-reload output: 154
frr-reload output: 155 % Create the peer-group or interface first
frr-reload output: 156 line 11: Failure to communicate[13] to bgpd, line:  neighbor tailscale0 remote-as external
frr-reload output: 157
frr-reload output: 158 2021-04-05 15:25:01,627 WARNING: frr-reload.py failed due to
frr-reload output: 159 vtysh (exec file) exited with status 13

The proper syntax should be:

set protocols bgp local-as '100'
set protocols bgp neighbor tailscale0 interface peer-group 'fabric'
set protocols bgp neighbor tailscale0 interface remote-as 'external'
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'

We should add a verify() function on the VyOS side to force a user to use the interface option when neighbor is an actual interface.

Can you verify if this is working for you?

c-po changed the task status from In progress to Needs testing.Mon, Apr 5, 1:29 PM