Page MenuHomeVyOS Platform

Removal of IPv6 BGP-peer with peer-group may trigger problems
Closed, DuplicatePublicBUG

Description

If have tested this bug on several VyOS versions, including 1.2.3, 1.2.6, 1.2.8 and 1.3.0-epa1. With a simple BGP setup that uses an IPv6 peer-group, it is possible to trigger a few problems. When you delete an IPv6 peer with a peer-group configured, you get the following error message:

[ protocols bgp 65535 ]
% Specify remote-as or peer-group commands first
Error configuring routing subsystem.  See log for more detailed information

[edit]

If you didn't try to do any other changes while doing the commit, this isn't even a problem. Somehow the IPv6 peer is still being removed from FRR and the VyOS config.

If you did try to do other changes, e.g. deleting an IPv4 BGP peer or changing some prefix limit, then only the IPv6 BGP peer will be deleted from FRR. The other changes won't happen in FRR and at this point the FRR configuration is out of synch with the VyOS config, where those changes did "happen". The only viable solution if found after something like that happened is to either reboot the system or do the changes in FRR manually via vtysh.

This is an example configuration with which the problem can be replicated:

protocols {
    bgp 65535 {
        address-family {
            ipv4-unicast {
                network                 192.168.2.0/24 { }
            }
        }
        neighbor 192.168.0.11 {
            address-family {
                ipv4-unicast {
                    nexthop-self { }
                    soft-reconfiguration {
                        inbound { }
                    }
                }
            }
            description "test peer 1"
            remote-as "65535"
        }
        neighbor 192.168.0.10 {
            address-family {
                ipv4-unicast {
                    maximum-prefix "200"
                    nexthop-self { }
                    soft-reconfiguration {
                        inbound { }
                    }
                }
            }
            description "test peer 2"
            remote-as "65500"
        }
        neighbor fe80::1 {
            address-family {
                ipv6-unicast {
                    maximum-prefix "200"
                }
            }
            description "test peer 3"
            remote-as "65500"
        }
        neighbor fe80::2 {
            address-family {
                ipv6-unicast {
                    maximum-prefix "100"
                    peer-group "PEERSv6"
                }
            }
            description "test peer 4 - remove to trigger problems"
            remote-as "65501"
        }
        peer-group PEERSv6 {
            address-family {
                ipv6-unicast {
                    remove-private-as { }
                    soft-reconfiguration {
                        inbound { }
                    }
                }
            }
            description "IPv6 Peer-Group"
        }
    }
}

If you need any further information, please let me know.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.3, 1.2.6, 1.2.8, 1.3.0-epa1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Unknown Object (User) added a subscriber: Unknown Object (User).Oct 4 2021, 1:02 PM

Acknowledged. Tested on 1.3.0-epa1

Config to reproduce:

set interfaces ethernet eth0 address '1.1.1.1/24'
set interfaces ethernet eth0 address '2001:1::1/64'
set interfaces ethernet eth3 address '3.3.3.1/24'
set interfaces ethernet eth3 address '2001:3::1/64'

set protocols bgp 65535 address-family ipv4-unicast network 1.0.0.0/24
set protocols bgp 65535 neighbor 1.1.1.2 address-family ipv4-unicast nexthop-self
set protocols bgp 65535 neighbor 1.1.1.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 65535 neighbor 1.1.1.2 remote-as '65535'
set protocols bgp 65535 neighbor 2001:1::2 address-family ipv6-unicast maximum-prefix '200'
set protocols bgp 65535 neighbor 2001:1::2 remote-as '65535'
set protocols bgp 65535 neighbor 3.3.3.3 address-family ipv4-unicast nexthop-self
set protocols bgp 65535 neighbor 3.3.3.3 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 65535 neighbor 3.3.3.3 remote-as '65500'
set protocols bgp 65535 neighbor 3.3.3.3 address-family ipv4-unicast  maximum-prefix 200
set protocols bgp 65535 neighbor 2001:3::3 address-family ipv6-unicast maximum-prefix '100'
set protocols bgp 65535 neighbor 2001:3::3 address-family ipv6-unicast peer-group PEERSv6
set protocols bgp 65535 neighbor 2001:3::3 remote-as '65501'
set protocols bgp 65535 peer-group PEERSv6 address-family ipv6-unicast remove-private-as
set protocols bgp 65535 peer-group PEERSv6 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 65535 peer-group PEERSv6 description 'IPv6 Peer-Group'

commit

Some changes:

delete protocols bgp 65535 neighbor 2001:3::3
set protocols bgp 65535 neighbor 3.3.3.3 address-family ipv4-unicast  maximum-prefix 500

commit with warning:

vyos@vyos# commit
[ protocols bgp 65535 ]
% Specify remote-as or peer-group commands first
Error configuring routing subsystem.  See log for more detailed information

Inconsistency (Max-prefix 500 vs 200):

vyos@vyos:~$ sudo vtysh -c 'show runn' sec bgp | grep 3.3.3.3
 neighbor 3.3.3.3 remote-as 65500
  neighbor 3.3.3.3 next-hop-self
  neighbor 3.3.3.3 soft-reconfiguration inbound
  neighbor 3.3.3.3 maximum-prefix 200
vyos@vyos:~$ sh config comm | grep 3.3.3.3
set protocols bgp 65535 neighbor 3.3.3.3 address-family ipv4-unicast maximum-prefix '500'
set protocols bgp 65535 neighbor 3.3.3.3 address-family ipv4-unicast nexthop-self
set protocols bgp 65535 neighbor 3.3.3.3 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 65535 neighbor 3.3.3.3 remote-as '65500'