Page MenuHomeVyOS Platform

Renaming BGP Peer Groups Leaves Router Broken
Closed, ResolvedPublicBUG

Description

It appears there is an issue renaming and modifying peer groups which leaves the peer-groups and associated neighbors broken, even after a restart of FRR.
Original BGP configuration:

set protocols bgp 4242420670 neighbor 192.168.253.6 peer-group 'DAL13'
set protocols bgp 4242420670 neighbor 192.168.253.7 peer-group 'DAL13'
set protocols bgp 4242420670 neighbor 192.168.253.15 peer-group 'WDC07'
set protocols bgp 4242420670 neighbor fd52:d62e:8011:fffe:192:168:253:6 peer-group 'DAL13v6'
set protocols bgp 4242420670 neighbor fd52:d62e:8011:fffe:192:168:253:7 peer-group 'DAL13v6'
set protocols bgp 4242420670 neighbor fd52:d62e:8011:fffe:192:168:253:15 peer-group 'WDC07v6'
set protocols bgp 4242420670 parameters confederation identifier '4242420696'
set protocols bgp 4242420670 parameters confederation peers '4242420668'
set protocols bgp 4242420670 parameters default no-ipv4-unicast
set protocols bgp 4242420670 parameters graceful-restart
set protocols bgp 4242420670 peer-group DAL13 address-family ipv4-unicast nexthop-self
set protocols bgp 4242420670 peer-group DAL13 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group DAL13 bfd
set protocols bgp 4242420670 peer-group DAL13 ebgp-multihop '2'
set protocols bgp 4242420670 peer-group DAL13 remote-as '4242420668'
set protocols bgp 4242420670 peer-group DAL13 update-source 'dum0'
set protocols bgp 4242420670 peer-group DAL13v6 address-family ipv6-unicast nexthop-self
set protocols bgp 4242420670 peer-group DAL13v6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group DAL13v6 bfd
set protocols bgp 4242420670 peer-group DAL13v6 ebgp-multihop '2'
set protocols bgp 4242420670 peer-group DAL13v6 remote-as '4242420668'
set protocols bgp 4242420670 peer-group DAL13v6 update-source 'dum0'
set protocols bgp 4242420670 peer-group WDC07 address-family ipv4-unicast nexthop-self
set protocols bgp 4242420670 peer-group WDC07 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group WDC07 bfd
set protocols bgp 4242420670 peer-group WDC07 ebgp-multihop '2'
set protocols bgp 4242420670 peer-group WDC07 remote-as '4242420670'
set protocols bgp 4242420670 peer-group WDC07 update-source 'dum0'
set protocols bgp 4242420670 peer-group WDC07v6 address-family ipv6-unicast nexthop-self
set protocols bgp 4242420670 peer-group WDC07v6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group WDC07v6 bfd
set protocols bgp 4242420670 peer-group WDC07v6 ebgp-multihop '2'
set protocols bgp 4242420670 peer-group WDC07v6 remote-as '4242420670'
set protocols bgp 4242420670 peer-group WDC07v6 update-source 'dum0'

Changes:

edit protocols bgp 4242420670
  rename peer-group DAL13 to peer-group BACKBONE
  rename peer-group DAL13v6 to peer-group BACKBONEv6
  set peer-group BACKBONE remote-as external
  set peer-group BACKBONEv6 remote-as external
  set neighbor 192.168.253.6 peer-group BACKBONE
  set neighbor 192.168.253.7 peer-group BACKBONE
  set neighbor fd52:d62e:8011:fffe:192:168:253:6 peer-group BACKBONEv6
  set neighbor fd52:d62e:8011:fffe:192:168:253:7 peer-group BACKBONEv6

Here's the commit error:

vyos@cr01a-vyos# commit
[ protocols bgp 4242420670 ]
% Ambiguous command: no neighbor DAL13v6 peer-group
Error configuring routing subsystem.  See log for more detailed information

[edit protocols bgp 4242420670]

New configuration:

vyos@cr01a-vyos# run show conf com | grep 'set protocols bgp'
set protocols bgp 4242420670 neighbor 192.168.253.6 peer-group 'BACKBONE'
set protocols bgp 4242420670 neighbor 192.168.253.7 peer-group 'BACKBONE'
set protocols bgp 4242420670 neighbor 192.168.253.15 peer-group 'WDC07'
set protocols bgp 4242420670 neighbor fd52:d62e:8011:fffe:192:168:253:6 peer-group 'BACKBONEv6'
set protocols bgp 4242420670 neighbor fd52:d62e:8011:fffe:192:168:253:7 peer-group 'BACKBONEv6'
set protocols bgp 4242420670 neighbor fd52:d62e:8011:fffe:192:168:253:15 peer-group 'WDC07v6'
set protocols bgp 4242420670 parameters confederation identifier '4242420696'
set protocols bgp 4242420670 parameters confederation peers '4242420668'
set protocols bgp 4242420670 parameters default no-ipv4-unicast
set protocols bgp 4242420670 parameters graceful-restart
set protocols bgp 4242420670 peer-group BACKBONE address-family ipv4-unicast nexthop-self
set protocols bgp 4242420670 peer-group BACKBONE address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group BACKBONE bfd
set protocols bgp 4242420670 peer-group BACKBONE ebgp-multihop '2'
set protocols bgp 4242420670 peer-group BACKBONE remote-as 'external'
set protocols bgp 4242420670 peer-group BACKBONE update-source 'dum0'
set protocols bgp 4242420670 peer-group BACKBONEv6 address-family ipv6-unicast nexthop-self
set protocols bgp 4242420670 peer-group BACKBONEv6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group BACKBONEv6 bfd
set protocols bgp 4242420670 peer-group BACKBONEv6 ebgp-multihop '2'
set protocols bgp 4242420670 peer-group BACKBONEv6 remote-as 'external'
set protocols bgp 4242420670 peer-group BACKBONEv6 update-source 'dum0'
set protocols bgp 4242420670 peer-group WDC07 address-family ipv4-unicast nexthop-self
set protocols bgp 4242420670 peer-group WDC07 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group WDC07 bfd
set protocols bgp 4242420670 peer-group WDC07 ebgp-multihop '2'
set protocols bgp 4242420670 peer-group WDC07 remote-as '4242420670'
set protocols bgp 4242420670 peer-group WDC07 update-source 'dum0'
set protocols bgp 4242420670 peer-group WDC07v6 address-family ipv6-unicast nexthop-self
set protocols bgp 4242420670 peer-group WDC07v6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 4242420670 peer-group WDC07v6 bfd
set protocols bgp 4242420670 peer-group WDC07v6 ebgp-multihop '2'
set protocols bgp 4242420670 peer-group WDC07v6 remote-as '4242420670'
set protocols bgp 4242420670 peer-group WDC07v6 update-source 'dum0'

What FRR looks like after:

vyos@cr01a-vyos# vtysh -c 'show run bgpd'
Building configuration...

Current configuration:
!
frr version 7.5.1-20210604-00-g8ee1377c3
frr defaults traditional
hostname cr01a-vyos
log syslog
log facility local7
service integrated-vtysh-config
!
router bgp 4242420670
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 bgp confederation identifier 4242420696
 bgp confederation peers 4242420668
 no bgp network import-check
 neighbor DAL13 peer-group
 neighbor DAL13 remote-as 4242420668
 neighbor DAL13 bfd
 neighbor DAL13 ebgp-multihop 2
 neighbor DAL13 update-source dum0
 neighbor DAL13v6 peer-group
 neighbor WDC07 peer-group
 neighbor WDC07 remote-as internal
 neighbor WDC07 bfd
 neighbor WDC07 update-source dum0
 neighbor WDC07v6 peer-group
 neighbor WDC07v6 remote-as internal
 neighbor WDC07v6 bfd
 neighbor WDC07v6 update-source dum0
 neighbor 192.168.253.6 peer-group DAL13
 neighbor 192.168.253.7 peer-group DAL13
 neighbor 192.168.253.15 peer-group WDC07
 neighbor 192.168.253.15 ebgp-multihop 2
 neighbor fd52:d62e:8011:fffe:192:168:253:15 peer-group WDC07v6
 neighbor fd52:d62e:8011:fffe:192:168:253:15 ebgp-multihop 2
 !
 address-family ipv4 unicast
  neighbor DAL13 activate
  neighbor DAL13 next-hop-self
  neighbor DAL13 soft-reconfiguration inbound
  neighbor WDC07 activate
  neighbor WDC07 next-hop-self
  neighbor WDC07 soft-reconfiguration inbound
 exit-address-family
 !
 address-family ipv6 unicast
  neighbor WDC07v6 activate
  neighbor WDC07v6 next-hop-self
  neighbor WDC07v6 soft-reconfiguration inbound
 exit-address-family
!
ip prefix-list OSPF-OUT seq 10 permit 192.168.253.14/32
!
ipv6 prefix-list OSPF-OUT-V6 seq 10 permit fd52:d62e:8011:fffe:192:168:253:14/128
!
route-map OSPF-OUT permit 10
 match ip address prefix-list OSPF-OUT
!
route-map OSPF-OUT-V6 permit 10
 match ipv6 address prefix-list OSPF-OUT-V6
!
line vty
!

What FRR should look like after:

vyos@cr01a-vyos# vtysh -c 'show run bgpd'
Building configuration...

Current configuration:
!
frr version 7.5.1-20210604-00-g8ee1377c3
frr defaults traditional
hostname cr01a-vyos
log syslog
log facility local7
service integrated-vtysh-config
!
router bgp 4242420670
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 bgp confederation identifier 4242420696
 bgp confederation peers 4242420668
 no bgp network import-check
 neighbor BACKBONE peer-group
 neighbor BACKBONE remote-as external
 neighbor BACKBONE bfd
 neighbor BACKBONE ebgp-multihop 2
 neighbor BACKBONE update-source dum0
 neighbor BACKBONEv6 peer-group
 neighbor BACKBONEv6 remote-as external
 neighbor BACKBONEv6 bfd
 neighbor BACKBONEv6 ebgp-multihop 2
 neighbor BACKBONEv6 update-source dum0
 neighbor WDC07 peer-group
 neighbor WDC07 remote-as internal
 neighbor WDC07 bfd
 neighbor WDC07 update-source dum0
 neighbor WDC07v6 peer-group
 neighbor WDC07v6 remote-as internal
 neighbor WDC07v6 bfd
 neighbor WDC07v6 update-source dum0
 neighbor 192.168.253.6 peer-group BACKBONE
 neighbor 192.168.253.7 peer-group BACKBONE
 neighbor fd52:d62e:8011:fffe:192:168:253:6 peer-group BACKBONEv6
 neighbor fd52:d62e:8011:fffe:192:168:253:7 peer-group BACKBONEv6
 neighbor 192.168.253.15 peer-group WDC07
 neighbor 192.168.253.15 ebgp-multihop 2
 neighbor fd52:d62e:8011:fffe:192:168:253:15 peer-group WDC07v6
 neighbor fd52:d62e:8011:fffe:192:168:253:15 ebgp-multihop 2
 !
 address-family ipv4 unicast
  neighbor BACKBONE activate
  neighbor BACKBONE next-hop-self
  neighbor BACKBONE soft-reconfiguration inbound
  neighbor WDC07 activate
  neighbor WDC07 next-hop-self
  neighbor WDC07 soft-reconfiguration inbound
 exit-address-family
 !
 address-family ipv6 unicast
  neighbor BACKBONEv6 activate
  neighbor BACKBONEv6 next-hop-self
  neighbor BACKBONEv6 soft-reconfiguration inbound
  neighbor WDC07v6 activate
  neighbor WDC07v6 next-hop-self
  neighbor WDC07v6 soft-reconfiguration inbound
 exit-address-family
!
ip prefix-list OSPF-OUT seq 10 permit 192.168.253.14/32
!
ipv6 prefix-list OSPF-OUT-V6 seq 10 permit fd52:d62e:8011:fffe:192:168:253:14/128
!
route-map OSPF-OUT permit 10
 match ip address prefix-list OSPF-OUT
!
route-map OSPF-OUT-V6 permit 10
 match ipv6 address prefix-list OSPF-OUT-V6
!
line vty
!
end
[edit]

How I fixed FRR:

cr01a-vyos(config)# router bgp 4242420670
cr01a-vyos(config-router)# no neighbor DAL13
cr01a-vyos(config-router)# no neighbor DAL13v6
cr01a-vyos(config-router)# neighbor BACKBONE peer-group 
cr01a-vyos(config-router)# neighbor BACKBONE remote-as external
cr01a-vyos(config-router)# neighbor BACKBONE bfd 
cr01a-vyos(config-router)# neighbor BACKBONE ebgp-multihop 2
cr01a-vyos(config-router)# neighbor BACKBONE update-source dum0
cr01a-vyos(config-router)# neighbor BACKBONEv6 peer-group 
cr01a-vyos(config-router)# neighbor BACKBONEv6 remote-as external 
cr01a-vyos(config-router)# neighbor BACKBONEv6 bfd
cr01a-vyos(config-router)# neighbor BACKBONEv6 ebgp-multihop 2
cr01a-vyos(config-router)# neighbor BACKBONEv6 update-source dum0
cr01a-vyos(config-router)# neighbor 192.168.253.6 peer-group BACKBONE
cr01a-vyos(config-router)# neighbor 192.168.253.7 peer-group BACKBONE
cr01a-vyos(config-router)# neighbor fd52:d62e:8011:fffe:192:168:253:6 peer-group BACKBONEv6
cr01a-vyos(config-router)# neighbor fd52:d62e:8011:fffe:192:168:253:7 peer-group BACKBONEv6
cr01a-vyos(config-router)# address-family ipv4 unicast 
cr01a-vyos(config-router-af)# neighbor BACKBONE activate 
cr01a-vyos(config-router-af)# neighbor BACKBONE next-hop-self 
cr01a-vyos(config-router-af)# neighbor BACKBONE soft-reconfiguration inbound 
cr01a-vyos(config-router-af)# exit-address-family 
cr01a-vyos(config-router)# address-family ipv6 unicast 
cr01a-vyos(config-router-af)# neighbor BACKBONEv6 activate 
cr01a-vyos(config-router-af)# neighbor BACKBONEv6 next-hop-self 
cr01a-vyos(config-router-af)# neighbor BACKBONEv6 soft-reconfiguration inbound 
cr01a-vyos(config-router-af)# exit

Details

Difficulty level
Normal (likely a few hours)
Version
1.3-beta-202106041554
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Related Objects

Event Timeline

https://github.com/vyos/vyatta-cfg-quagga/blob/fef5870b764e6166b639043fadb9317c8a49881d/scripts/bgp/vyatta-bgp.pl#L621-L625
https://github.com/vyos/vyatta-cfg-quagga/blob/fef5870b764e6166b639043fadb9317c8a49881d/scripts/bgp/vyatta-bgp.pl#L802-L806

Additional logs

Jun  7 17:28:53 r4-1 commit: Successful change to active configuration by user vyos on /dev/pts/1
Jun  7 17:29:15 r4-1 bgpd[841]: [EC 33554443] couldn't delete af structure for peer DAL13v6(IPv6, unicast)
Jun  7 17:29:15 r4-1  vyatta-cfg-quagga[3042]: /usr/bin/vtysh -c configure terminal -c router bgp 4242420670 -c no neighbor DAL13v6 peer-group failed: 256
Jun  7 17:29:15 r4-1 systemd[1784]: opt-vyatta-config-tmp-new_config_2175.mount: Succeeded.

Vtysh:

r4-1.3(config)# router bgp 
r4-1.3(config-router)# no neighbor DAL13v6 peer-group
% Ambiguous command: no neighbor DAL13v6 peer-group
r4-1.3(config-router)# no neighbor DAL13v6 peer-group 
  <cr>    
  PGNAME  Peer-group name
     DAL13 DAL13v6 WDC07 WDC07v6 
r4-1.3(config-router)#

It seems a new behavior for FRR 7.5.1
Compare with LTS
LTS:

r2-lts(config-router)# neighbor DAL13v6 peer-group
r2-lts(config-router)# 
r2-lts(config-router)#  no neighbor DAL13v6 peer-group
r2-lts(config-router)#

1.3:

r4-1.3(config-router)# neighbor DAL13v6 peer-group
r4-1.3(config-router)# 
r4-1.3(config-router)# no neighbor DAL13v6 peer-group
% Ambiguous command: no neighbor DAL13v6 peer-group
r4-1.3(config-router)#

The minimal config to reproduce:

set protocols bgp 65001 peer-group FOO
set protocols bgp 65001 peer-group BAR
commit
delete protocols bgp 65001 peer-group FOO
commit
Viacheslav changed the task status from Open to Needs testing.Mon, Jun 7, 4:40 PM