Page MenuHomeVyOS Platform

priority inversion on PBR "policy route" create, breaks default route from dhcp (live iso)
Closed, ResolvedPublicBUG


Seems like PBR is brittle or broken. Creating a simple source route wipes out the default route, and system is offline after that. I dont know if that is expected on this platform but it is unexpected to me.

set interfaces ethernet eth0 address dhcp
// commit was done here, system was online / could ping out

set interfaces dummy dum0 address
set protocol static table 200 route next-hop
set policy route foo rule 400 source address
set policy route foo rule 400 set table 200
// commit was done here, get warning, and unable to ping out anymore

console output
Warning: priority inversion [policy route foo](201) <= [policy](470)
changing [policy route foo] to (471)

other stuff
policy inversion appears to happen when using other selectors as well as source address.

vyos environment was live iso on a kvm instance

got the VERSION_ID from /etc/*release (1.4-rolling-202104202252)


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

gelstudios renamed this task from priority inversion on PBR create, breaks default route (live iso) to priority inversion on PBR "policy route" create, breaks default route from dhcp (live iso).Apr 22 2021, 4:27 PM
gelstudios updated the task description. (Show Details)

This is a bug which is introduced by the rewrite of policy from old node.def files to XML and Python.

Thanks for reporting.

c-po changed the task status from Open to Confirmed.Apr 22 2021, 8:03 PM
c-po claimed this task.