Page MenuHomeVyOS Platform
Create Task
Maniphest T4360

Issues on MPLS L3VPN Service Label
Confirmed, LowPublicBUG
Actions

Description

It seems there is a problem with FRR and the MPLS L3VPN Label insertion.

Tested with a simple topology, 2x PE routers w/ MPLS, LDP and BGP, and 2x CE routers with BGP.

With this order of operations:

  1. add protocols bgp / bgp with vrf stuff
  2. commit
  3. add protocols mpls/ldp
  4. commit

The configuration IS NOT WORKING (MPLS label for L3VPN/VRF not present in ip -f mpls r s)

However, with this config steps:

  1. add protocols mpls/ldp
  2. commit
  3. add protocols bgp / bgp with vrf stuff
  4. commit

it works fine.

It works fine with the initial steps IF I manually kill the bgpd process.
It also works fine with the initial steps if I do a node reboot.

See: https://forum.vyos.io/t/mpls-l3vpn-transport-issue/8769
for the configuration, topology and the different troubleshooting steps.

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202204130521
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

ssasso created this task.Apr 14 2022, 3:09 PM

Relevant configuration on one PE router:

interfaces {
    dummy dum0 {
        address 10.0.0.12/32
    }
    ethernet eth0 {
        address dhcp
        description Out-Of-Band
        hw-id 08:4f:a9:00:00:0c
        vrf management
    }
    ethernet eth1 {
        address 10.1.0.2/30
        description "pe2 -> pe1"
        hw-id 52:54:00:bf:4c:db
    }
    ethernet eth2 {
        address 10.1.0.10/30
        description "pe2 -> edge2 [external]"
        hw-id 52:54:00:a1:b7:c3
        vrf blue
    }
    loopback lo {
    }
}
protocols {
    bgp {
        address-family {
            ipv4-unicast {
                network 10.0.0.12/32 {
                }
            }
        }
        local-as 65000
        neighbor 10.0.0.11 {
            address-family {
                ipv4-unicast {
                    nexthop-self {
                    }
                }
                ipv4-vpn {
                    nexthop-self {
                    }
                }
            }
            description pe1
            remote-as 65000
            update-source dum0
        }
        parameters {
            router-id 10.0.0.12
        }
    }
    mpls {
        interface dum0
        interface eth1
        ldp {
            discovery {
                transport-ipv4-address 10.0.0.12
            }
            interface dum0
            interface eth1
            router-id 10.0.0.12
        }
    }
    ospf {
        interface dum0 {
            area 0.0.0.0
            passive {
            }
        }
        interface eth1 {
            area 0.0.0.0
            network point-to-point
        }
        parameters {
            router-id 10.0.0.12
        }
    }
}

vrf {
    name blue {
        protocols {
            bgp {
                address-family {
                    ipv4-unicast {
                        export {
                            vpn
                        }
                        import {
                            vpn
                        }
                        label {
                            vpn {
                                export auto
                            }
                        }
                        rd {
                            vpn {
                                export 65000:1
                            }
                        }
                        redistribute {
                            connected {
                            }
                        }
                        route-target {
                            vpn {
                                export 65000:1
                                import 65000:1
                            }
                        }
                    }
                }
                local-as 65000
                neighbor 10.1.0.9 {
                    address-family {
                        ipv4-unicast {
                            nexthop-self {
                            }
                        }
                    }
                    description edge2
                    remote-as 65102
                }
            }
        }
        table 100
    }
    name management {
        table 65530
    }
}
pasik added a subscriber: pasik.Apr 14 2022, 3:18 PM
syncer assigned this task to fernando.Apr 14 2022, 6:30 PM
syncer added a subscriber: syncer.

@fernando can you take a look at this one.
maybe we will need report it to FRR team

fernando added a comment.Apr 21 2022, 11:56 PM

Hi

sorry for my late reply , I've been testing this case and I could replicate the same behavior

vyos@PE2# set interfaces ethernet eth0 address '10.1.0.2/30'
[edit]
vyos@PE2# set interfaces ethernet eth1 address '10.1.0.10/30'
[edit]
vyos@PE2# set interfaces ethernet eth1 vrf 'blue'
[edit]
vyos@PE2# set protocols bgp address-family ipv4-unicast network 10.0.0.12/32
[edit]
vyos@PE2# set protocols bgp local-as '65000'
[edit]
op-self2# set protocols bgp neighbor 10.0.0.11 address-family ipv4-unicast nexth
[edit]
elfs@PE2# set protocols bgp neighbor 10.0.0.11 address-family ipv4-vpn nexthop-s
[edit]
vyos@PE2# set protocols bgp neighbor 10.0.0.11 description 'pe1'
[edit]
vyos@PE2# set protocols bgp neighbor 10.0.0.11 remote-as '65000'
[edit]
vyos@PE2# set protocols bgp neighbor 10.0.0.11 update-source 'dum0'
[edit]
vyos@PE2# set protocols bgp parameters router-id '10.0.0.12'
[edit]                                                                         n
[edit]E2# set vrf name blue protocols bgp address-family ipv4-unicast export vpn
[edit]E2# set vrf name blue protocols bgp address-family ipv4-unicast import vpn
export 'auto' vrf name blue protocols bgp address-family ipv4-unicast label vpn
[edit]
ort '65000:1' vrf name blue protocols bgp address-family ipv4-unicast rd vpn exp
[edit]
te connectedt vrf name blue protocols bgp address-family ipv4-unicast redistribu
[edit]
et vpn export '65000:1'blue protocols bgp address-family ipv4-unicast route-targ
[edit]
et vpn import '65000:1'blue protocols bgp address-family ipv4-unicast route-targ
[edit]
vyos@PE2# set vrf name blue protocols bgp local-as '65000'
[edit]
unicast nexthop-selfme blue protocols bgp neighbor 10.1.0.9 address-family ipv4-
[edit]
vyos@PE2# set vrf name blue protocols bgp neighbor 10.1.0.9 description 'edge2'
[edit]
vyos@PE2# set vrf name blue protocols bgp neighbor 10.1.0.9 remote-as '65102'
[edit]
vyos@PE2# set vrf name blue table '100'
[edit]
vyos@PE2# commit
[edit]
vyos@PE2#
[edit]
vyos@PE2#
[edit]
vyos@PE2# set protocols mpls interface 'dum0'
[edit]
vyos@PE2# set protocols mpls interface 'eth0'
[edit]
vyos@PE2# set protocols mpls ldp discovery transport-ipv4-address '10.0.0.12'
[edit]
vyos@PE2# set protocols mpls ldp interface 'dum0'
[edit]
vyos@PE2# set protocols mpls ldp interface 'eth0'
[edit]
vyos@PE2# set protocols mpls ldp router-id '10.0.0.12'
[edit]
vyos@PE2# set protocols ospf interface dum0 area '0.0.0.0'
[edit]
vyos@PE2# set protocols ospf interface dum0 passive
[edit]
vyos@PE2# set protocols ospf interface eth0 area '0.0.0.0'
[edit]
vyos@PE2# set protocols ospf interface eth0 network 'point-to-point'
[edit]
vyos@PE2# set protocols ospf parameters router-id '10.0.0.12'
[edit]
vyos@PE2# commit

although , I saw that label allocation and bgp session were established :

vyos@PE2:~$ show bgp ipv4 vpn
BGP table version is 4, local router ID is 10.0.0.12, vrf id 0
Default local pref 100, local AS 65000
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65000:1
*> 10.1.0.8/30      0.0.0.0@7<               0         32768 ?
    UN=0.0.0.0 EC{65000:1} label=80 type=bgp, subtype=5
*>i10.1.0.12/30     10.0.0.11                0    100      0 ?
    UN=10.0.0.11 EC{65000:1} label=80 type=bgp, subtype=0
*>i100.64.1.0/24    10.0.0.11                0    100      0 65101 i
    UN=10.0.0.11 EC{65000:1} label=80 type=bgp, subtype=0
*> 100.64.2.0/24    10.1.0.9@7<              0             0 65102 i
    UN=10.1.0.9 EC{65000:1} label=80 type=bgp, subtype=5

Displayed  4 routes and 4 total paths
vyos@PE2:~$ show bgp ipv4 vpn 100.64.2.0/24
BGP routing table entry for 65000:1:100.64.2.0/24, version 2
not allocated
Paths: (1 available, best #1)
  Advertised to non peer-group peers:
  10.0.0.11
  65102
    10.1.0.9 from 0.0.0.0 (10.0.0.12) vrf blue(7) announce-nh-self
      Origin IGP, metric 0, valid, sourced, local, best (First path received)
      Extended Community: RT:65000:1
      Originator: 10.0.0.12
      Remote label: 80
      Last update: Thu Apr 21 23:28:21 2022

as you comment, restarting BGP process ...you can reach other devices :

`
vyos@vyos:~$ ping 100.64.2.10 interface 100.64.1.20
PING 100.64.2.10 (100.64.2.10) from 100.64.1.20 : 56(84) bytes of data.
^C
--- 100.64.2.10 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3088ms

vyos@vyos:~$ ping 100.64.2.10 interface 100.64.1.20
PING 100.64.2.10 (100.64.2.10) from 100.64.1.20 : 56(84) bytes of data.
64 bytes from 100.64.2.10: icmp_seq=1 ttl=62 time=0.895 ms
64 bytes from 100.64.2.10: icmp_seq=2 ttl=62 time=1.40 ms
^C

I'll check the bug some more and open a case with the FRR team.

fernando changed the task status from Open to Confirmed.Apr 21 2022, 11:57 PM
fernando triaged this task as Low priority.