Unable to override the default OSPFv3 link cost for wireguard interface
Resolved (N/A)PublicBUG
Actions

Assigned To

Authored By

	dtoux
	May 11 2021, 9:05 PM

Description

I have a setup with multiple wireguard interfaces. Interfaces have both IPv4 and IPv6 addresses and participate in OSPF and OSPFv3 routing.

It appears if no link cost is specified for the interface it receives a value of 100. When I try to override OSPFv3 link cost I'm able to do so with some trickery (delete ospfv3 configuration from the interface -> commit -> re-add ospfv3 configuration -> commit) but then it gets reset to default after ospf6d restarts.

Here is the configuration (wg34 interface is the main focus here):

r3# show interfaces wireguard | strip-private 
 wireguard wg32 {
     address xxxx:xxxx:6000:fff9::b/64
     address xxx.xxx.128.33/32
     description tun-r2-r3
     ip {
         ospf {
             bandwidth 1000
             network point-to-point
         }
     }
     ipv6 {
         ospfv3 {
             cost 10
         }
     }
     mtu 1412
     peer to-R2 {
         allowed-ips ::/0
         allowed-ips xxx.xxx.0.0/0
         pubkey K9vFSAFVXJRxXq3Kgzr133K/10ita/G/LHB4BeYKgzI=
     }
     port 49424
     private-key default
 }
 wireguard wg34 {
     address xxx.xxx.128.33/32
     address xxxx:xxxx:6000:fffb::a/127
     description "[r3-r4-tun0] to mtl296"
     ip {
         ospf {
             authentication {
                 md5 {
                     key-id 1 {
                         md5-key xxxxxx
                     }
                 }
             }
             bandwidth 1000
             network point-to-point
         }
     }
     ipv6 {
         ospfv3 {
             cost 10
             network point-to-point
         }
     }
     peer to-R4 {
         address xxxx:xxxx:1:c000::2510
         /* allow all adresses to also include multicast */
         allowed-ips ::/0
         allowed-ips xxx.xxx.0.0/0
         port 51820
         pubkey YQhOgwVvywUkHPhff2S1fH8DZNMczaY2Z4GNIWgznTw=
     }
     port 51820
     private-key default
 }
 wireguard wg36 {
     address xxx.xxx.128.33/32
     address xxxx:xxxx:6000:bb00::1/128
     description "[r3-r6-tun0] to chi1"
     ip {
         ospf {
             authentication {
                 md5 {
                     key-id 1 {
                         md5-key xxxxxx
                     }
                 }
             }
             bandwidth 1000
             network point-to-point
         }
     }
     ipv6 {
         ospfv3 {
             cost 10
         }
     }
     mtu 1420
     peer to-R6 {
         address xxxx:xxxx:2700:7::2
         /* allow all addresses to also include multicast */
         allowed-ips ::/0
         allowed-ips xxx.xxx.0.0/0
         port 53704
         pubkey Hf/epxHXqEySB62XMyWqVqAhMyaqhYioXtIKKuKCs3Q=
     }
     port 54643
     private-key default
 }

...

r3# show protocols ospfv3 | strip-private 
 area 0 {
     interface dum0
     interface tun31
     interface wg34
     interface eth1
     interface wg32
     interface wg36
 }
 parameters {
     router-id xxx.xxx.128.33
 }
 redistribute {
     static {
         route-map ALLOW-DEFAULT-ROUTE-IPV6
     }
 }

And this is what interface cost actually is

r3# run show ipv6 ospfv3 interface wg34 
wg34 is up, type POINTOPOINT
  Interface ID: 10
  Internet Address:
    inet : 23.153.128.33/32
    inet6: 2620:18:6000:fffb::a/127
    inet6: fe80::f42f:9eff:fee4:56be/64
  Instance ID 0, Interface MTU 1420 (autodetect: 1420)
  MTU mismatch detection: enabled
  Area ID 0.0.0.0, Cost 100
  State PointToPoint, Transmit Delay 1 sec, Priority 1
  Timer intervals configured:
   Hello 10, Dead 40, Retransmit 5
  DR: 0.0.0.0 BDR: 0.0.0.0
  Number of I/F scoped LSAs is 2
    0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off]
    0 Pending LSAs for LSAck in Time 00:00:00 [thread off]

r3# run show ipv6 ospfv3 interface wg32
wg32 is up, type POINTOPOINT
  Interface ID: 11
  Internet Address:
    inet6: 2620:18:6000:fff9::b/64
    inet : 23.153.128.33/32
    inet6: fe80::f171:d2ff:fe97:5f53/64
  Instance ID 0, Interface MTU 1412 (autodetect: 1412)
  MTU mismatch detection: enabled
  Area ID 0.0.0.0, Cost 100
  State PointToPoint, Transmit Delay 1 sec, Priority 1
  Timer intervals configured:
   Hello 10, Dead 40, Retransmit 5
  DR: 0.0.0.0 BDR: 0.0.0.0
  Number of I/F scoped LSAs is 2
    0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off]
    0 Pending LSAs for LSAck in Time 00:00:00 [thread off]

r3# run show ipv6 ospfv3 interface wg36
wg36 is up, type POINTOPOINT
  Interface ID: 9
  Internet Address:
    inet : 23.153.128.33/32
    inet6: 2620:18:6000:bb00::1/128
    inet6: fe80::f169:e3ff:fe2a:23c0/64
  Instance ID 0, Interface MTU 1420 (autodetect: 1420)
  MTU mismatch detection: enabled
  Area ID 0.0.0.0, Cost 100
  State PointToPoint, Transmit Delay 1 sec, Priority 1
  Timer intervals configured:
   Hello 10, Dead 40, Retransmit 5
  DR: 0.0.0.0 BDR: 0.0.0.0
  Number of I/F scoped LSAs is 2
    0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off]
    0 Pending LSAs for LSAck in Time 00:00:00 [thread off]

The expected result: Interface cost to be 10

The actual result: interface cost is 100

This severely messes up routing giving directly connected interfaces a lower priority than multihop ones

Details

Difficulty level: Unknown (require assessment)
Version: VyOS 1.3-rolling-202105011026, VyOS 1.3.0-rc5
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Unspecified (please specify)

Event Timeline

dtoux created this task.May 11 2021, 9:05 PM

the same is the case for GRE interfaces too (ip6gre in particular)

pasik added a subscriber: pasik.May 12 2021, 5:52 AM

The issue seems still present in Vyos 1.3.0-rc5

dtoux changed Version from VyOS 1.3-rolling-202105011026 to VyOS 1.3-rolling-202105011026, VyOS 1.3.0-rc5.Jul 9 2021, 4:47 AM

I can't reproduce it in 1.3-rc5

set interfaces wireguard wg0 address '10.1.0.3/24'
set interfaces wireguard wg0 address 'cafe:c01d:c01a::2/64'
set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-192.0.2.1'
set interfaces wireguard wg0 ipv6 ospfv3 cost '24'
set interfaces wireguard wg0 ipv6 ospfv3 dead-interval '40'
set interfaces wireguard wg0 ipv6 ospfv3 hello-interval '10'
set interfaces wireguard wg0 ipv6 ospfv3 instance-id '0'
set interfaces wireguard wg0 ipv6 ospfv3 priority '1'
set interfaces wireguard wg0 ipv6 ospfv3 retransmit-interval '5'
set interfaces wireguard wg0 ipv6 ospfv3 transmit-delay '1'
set interfaces wireguard wg0 peer PEER01 address '192.0.2.1'
set interfaces wireguard wg0 peer PEER01 allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer PEER01 allowed-ips '10.0.3.0/24'
set interfaces wireguard wg0 peer PEER01 allowed-ips '::/0'
set interfaces wireguard wg0 peer PEER01 port '12345'
set interfaces wireguard wg0 peer PEER01 pubkey 'Cpqy8='
set interfaces wireguard wg0 port '54321'
set protocols ospf area 0 network '10.1.0.0/24'
set protocols ospf passive-interface 'default'
set protocols ospf passive-interface-exclude 'wg0'
set protocols ospfv3 area 0 interface 'wg0'

All cost changes fine

[email protected]:~$ show ipv6 ospfv3 interface wg0 | match Cost
  Area ID 0.0.0.0, Cost 10
[email protected]:~$ 
[email protected]# set interfaces wireguard wg0 ipv6 ospfv3 cost 15
[edit]
[email protected]# commit
[edit]
[email protected]# run show ipv6 ospfv3 interface wg0 | match Cost
  Area ID 0.0.0.0, Cost 15
[edit]
[email protected]# 

[email protected]# set interfaces wireguard wg0 ipv6 ospfv3 cost 24
[edit]
[email protected]# commit
[edit]
[email protected]# 
[email protected]# run show ipv6 ospfv3 interface wg0 | match Cost
  Area ID 0.0.0.0, Cost 24
[edit]
[email protected]#

Version

[email protected]# run show version 

Version:          VyOS 1.3.0-rc5
Release Train:    equuleus

Built by:         Sentrium S.L.
Built on:         Tue 29 Jun 2021 08:26 UTC
Build UUID:       36f7c218-6ebb-497f-9ec5-676241e5c13a
Build Commit ID:  892e8689b3234e

dmbaturin added a project: test.Jul 29 2021, 9:03 AM

@dtoux Did you test it in 1.3.0-rc5?

I haven't tested it directly but I haven't experienced this problem while working on the configuration changes. I don't have much time right now, so I can't test the exact scenario.

I close the task, because it can't be reproducible in 1.3.0-rc5
Re-open it, if necessary with described step by step how to reproduce it.
Or open a new one.

Sounds good to me.

SrividyaA changed the task status from Resolved to Resolved N/A.Aug 31 2021, 3:05 PM

SrividyaA set Issue type to Unspecified (please specify).

syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.Sep 5 2021, 7:06 AM

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.Sep 5 2021, 4:08 PM

Unable to override the default OSPFv3 link cost for wireguard interfaceResolved (N/A)PublicBUGActions

Description

Details

Event Timeline

Unable to override the default OSPFv3 link cost for wireguard interface
Resolved (N/A)PublicBUG
Actions