Page MenuHomeVyOS Platform
Create Task
Maniphest T4846

L3VPN- network command doesn't install direct connected prefix
Closed, ResolvedPublicBUG
Actions

Description

hi team

bases on report from forum

https://forum.vyos.io/t/vyos-1-4-l3vpn-bgp-import-export-nexthop-incorrect/9876/4

it seems that FRR doesn't install direct connected prefixes ,using the command 'network x.x.x./x' over address-family ipv4 unicast:

example :

set vrf bind-to-all
set vrf name customer protocols bgp address-family ipv4-unicast export vpn
set vrf name customer protocols bgp address-family ipv4-unicast import vpn
set vrf name customer protocols bgp address-family ipv4-unicast label vpn export 'auto'
set vrf name customer protocols bgp address-family ipv4-unicast network 10.180.2.0/24
set vrf name customer protocols bgp address-family ipv4-unicast rd vpn export '1:2'
set vrf name customer protocols bgp address-family ipv4-unicast route-target vpn export '1:2'
set vrf name customer protocols bgp address-family ipv4-unicast route-target vpn import '1:2'
set vrf name customer protocols bgp neighbor 2.1.1.10 address-family ipv4-unicast nexthop-self
set vrf name customer protocols bgp neighbor 2.1.1.10 address-family ipv4-unicast soft-reconfiguration inbound
set vrf name customer protocols bgp neighbor 2.1.1.10 ebgp-multihop '3'
set vrf name customer protocols bgp neighbor 2.1.1.10 remote-as '64530'
set vrf name customer protocols bgp neighbor 2.1.1.10 update-source 'eth1'
set vrf name customer protocols bgp neighbor 2.1.1.11 address-family ipv4-unicast soft-reconfiguration inbound
set vrf name customer protocols bgp neighbor 2.1.1.11 ebgp-multihop '3'
set vrf name customer protocols bgp neighbor 2.1.1.11 remote-as '64530'
set vrf name customer protocols bgp neighbor 2.1.1.11 update-source 'eth1'
set vrf name customer protocols bgp parameters log-neighbor-changes
set vrf name customer protocols bgp parameters router-id '10.180.2.2'
set vrf name customer protocols bgp system-as '64531'
set vrf name customer table '120'

we see it as `**inaccessible**`


vyos@vyos-99:~$  **show bgp ipv4 vpn 10.180.2.0/24**
BGP routing table entry for 1:2:10.180.2.0/24, version 0
not allocated
Paths: (1 available, no best path)
  Not advertised to any peer
  Local
    0.0.0.0 (**inaccessible**) from 0.0.0.0 (10.255.254.2) **vrf customer**(6) announce-nh-self
      Origin IGP, metric 0, weight 32768, invalid, sourced, local
      Extended Community: RT:2:1
      Originator: 10.255.254.2
      Remote label: 80
      Last update: Thu Nov 24 17:10:15 2022

I found a workaround , redistributing connected route, it allows to install prefix:

vyos@cust-pe1:~$ show bgp ipv4 vpn 10.180.2.0/24
BGP routing table entry for 1:2:10.180.2.0/24, version 2
not allocated
Paths: (2 available, best #1)
  Advertised to non peer-group peers:
  1.1.1.1
  Local
    0.0.0.0 from 0.0.0.0 (10.255.254.2) vrf customer(7) announce-nh-self
      Origin incomplete, metric 0, weight 32768, valid, sourced, local, best (First path received)
      Extended Community: RT:1:2
      Originator: 10.255.254.2
      Remote label: 144
      Last update: Mon Nov 28 17:22:10 2022

Details

Difficulty level
Hard (possibly days)
Version
VyOS 1.4-rolling-202211120317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedBUGNoneT4846 L3VPN- network command doesn't install direct connected prefix
 ResolvedBUGNoneT4876 mpls - LSP broken on FRR 8.4.1

Event Timeline

fernando created this task.Nov 28 2022, 6:02 PM
pasik added a subscriber: pasik.Nov 28 2022, 8:50 PM
fernando mentioned this in T4876: mpls - LSP broken on FRR 8.4.1.Dec 12 2022, 9:06 PM
fernando added a subtask: T4876: mpls - LSP broken on FRR 8.4.1.
Cheeze_It added a subscriber: Cheeze_It.Dec 14 2022, 6:02 AM
fernando added a comment.Dec 14 2022, 9:28 PM

FRR issues regarding this incorrect behavior ,

https://github.com/FRRouting/frr/issues/12502

Viacheslav added a subscriber: Viacheslav.Dec 15 2022, 7:07 AM

Did you tried no bgp network import-check ?

fernando added a comment.Dec 15 2022, 8:41 PM

yes, it's already configured , share here my full configuration on FRR :

sudo vtysh -c "show run "
Building configuration...

Current configuration:
!
frr version 8.4.1
frr defaults traditional
hostname cust-pe2
log syslog
log facility local7
service integrated-vtysh-config
!
interface dum20
 mpls enable
exit
!
interface eth0
 mpls enable
exit
!
router bgp 64532
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 10.255.254.2 remote-as 64532
 neighbor 10.255.254.2 description MPLS
 neighbor 10.255.254.2 disable-connected-check
 neighbor 10.255.254.2 update-source dum20
 !
 address-family ipv4 unicast
  neighbor 10.255.254.2 activate
 exit-address-family
 !
 address-family ipv4 vpn
  neighbor 10.255.254.2 activate
  neighbor 10.255.254.2 soft-reconfiguration inbound
 exit-address-family
exit
!
router bgp 64531 vrf customer
 bgp router-id 10.180.50.50
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 !
 address-family ipv4 unicast
  network 5.5.5.5/32
  network 10.180.50.0/24
  label vpn export auto
  rd vpn export 1:2
  rt vpn both 1:2
  export vpn
  import vpn
 exit-address-family
exit
!

vyos@cust-pe1:~$  show ip route vrf customer
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF customer:
C>* 10.180.0.0/25 is directly connected, eth2, 00:44:18
C>* 10.180.2.0/24 is directly connected, eth1, 00:44:17
fernando added a comment.Dec 16 2022, 1:41 PM

FRR fixed it , it seems the issues were associate with next-hop tracking protocol when a prefix is imported using network command (if we used redistributed connected next-hop tracking will not be done):

https://github.com/FRRouting/frr/pull/12438

we need to check , using the master branch on FRR.

fernando changed the task status from Open to Needs testing.Dec 16 2022, 1:41 PM
fernando added a comment.Dec 19 2022, 6:20 PM

using 8.5-dev ....it doesn't work ...even is worgs than the initial case, it's not able to show any local prefix on l3vpn bgp :

show running-config
Building configuration...

Current configuration:
!
frr version 8.5-dev
frr defaults traditional
hostname cust-pe1
log syslog
log facility local7
service integrated-vtysh-config
ity local7
service integrated-vtysh-config
!
ip route 0.0.0.0/0 172.16.50.1 eth3 tag 210 210
!
vrf customer
 ip route 100.100.100.100/32 10.180.2.254
exit-vrf
!
interface dum100
 mpls enable
exit
!
interface eth0
 mpls enable
exit
!
router bgp 64532
 bgp router-id 10.255.254.2
 bgp log-neighbor-changes
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 1.1.1.1 remote-as 64532
 neighbor 1.1.1.1 description MPLS
 neighbor 1.1.1.1 disable-connected-check
 neighbor 1.1.1.1 update-source dum100
 !
 address-family ipv4 unicast
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family ipv4 vpn
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 soft-reconfiguration inbound
 exit-address-family
exit
!
router bgp 64531 vrf customer
 bgp router-id 10.180.2.2
 bgp log-neighbor-changes
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 2.1.1.10 remote-as 64530
 neighbor 2.1.1.10 ebgp-multihop 3
 neighbor 2.1.1.10 update-source eth1
 neighbor 2.1.1.11 remote-as 64530
 neighbor 2.1.1.11 ebgp-multihop 3
 neighbor 2.1.1.11 update-source eth1
 !
 address-family ipv4 unicast
  network 10.180.2.0/24
  redistribute connected
  redistribute static
  neighbor 2.1.1.10 activate
  neighbor 2.1.1.10 next-hop-self
  neighbor 2.1.1.10 soft-reconfiguration inbound
  neighbor 2.1.1.11 activate
  neighbor 2.1.1.11 soft-reconfiguration inbound
  label vpn export auto
  rd vpn export 1:2
  rt vpn import 1:2
  export vpn
  import vpn
 exit-address-!
ip route 0.0.0.0/0 172.16.50.1 eth3 tag 210 210
!
vrf customer
 ip route 100.100.100.100/32 10.180.2.254
exit-vrf
!
interface dum100
 mpls enable
exit
!
interface eth0
 mpls enable
exit
!
family
exit
!
router ospf
 ospf router-id 10.255.254.2
 auto-cost reference-bandwidth 100
 timers throttle spf 200 1000 10000
 network 0.0.0.0/0 area 0
exit
!
mpls ldp
 router-id 10.255.254.2
 !
 address-family ipv4router bgp 64532
 bgp router-id 10.255.254.2
 bgp log-neighbor-changes
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 1.1.1.1 remote-as 64532
 neighbor 1.1.1.1 description MPLS
 neighbor 1.1.1.1 disable-connected-check
 neighbor 1.1.1.1 update-source dum100
 !
 address-family ipv4 unicast
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family ipv4 vpn
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 soft-reconfiguration inbound
 exit-address-family
exit
!
router bgp 64531 vrf customer
 bgp router-id 10.180.2.2
 bgp log-neighbor-changes
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 2.1.1.10 remote-as 64530
 neighbor 2.1.1.10 ebgp-multihop 3
 neighbor 2.1.1.10 update-source eth1
 neighbor 2.1.1.11 remote-as 64530
 neighbor 2.1.1.11 ebgp-multihop 3
 neighbor 2.1.1.11 update-source eth1
 !
 address-family ipv4 unicast
  network 10.180.2.0/24
  redistribute connected
  redistribute static
  neighbor 2.1.1.10 activate
  neighbor 2.1.1.10 next-hop-self
  neighbor 2.1.1.10 soft-reconfiguration inbound
  neighbor 2.1.1.11 activate
  neighbor 2.1.1.11 soft-reconfiguration inbound
  label vpn export auto
  rd vpn export 1:2
  rt vpn import 1:2
  export vpn
  import vpn
 exit-address-family
exit
!
router ospf
 ospf router-id 10.255.254.2
 auto-cost reference-bandwidth 100
 timers throttle spf 200 1000 10000
 network 0.0.0.0/0 area 0
exit
!
mpls ldp
 router-id 10.255.254.2
 !
 address-family ipv4
  discovery transport-address 10.255.254.2
  label local allocate host-routes
  !
  interface eth0
  exit
  !
 exit-address-family
 !
exit
!
rpki
exit
!


% Command incomplete: show bgp vpn
cust-pe1# show bgp ipv4 vpn
BGP table version is 2, local router ID is 10.255.254.2, vrf id 0
Default local pref 100, local AS 64532
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

    Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:2
 *>i10.180.50.50/32  1.1.1.1                  0    100      0 ?
    UN=1.1.1.1 EC{1:2} label=80 type=bgp, subtype=0
 *>i172.16.80.0/24   1.1.1.1                  0    100      0 ?
    UN=1.1.1.1 EC{1:2} label=80 type=bgp, subtype=0

Displayed  2 routes and 2 total paths
cust-pe1#
cust-pe1#
cust-pe1# show ip route vrf customer
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF customer:
C>* 10.180.2.0/24 is directly connected, eth1, 00:03:41
S>* 100.100.100.100/32 [1/0] via 10.180.2.254, eth1, weight 1, 00:03:39
cust-pe1# shCodes: K - kernel route, C - connected, S - static, R - RIP,

this fix not solved the current issues .

fernando added a comment.Dec 20 2022, 12:51 PM

I did some extra test , I've missed a command , this solution works as expected . FRR backport 8.4.1

https://github.com/FRRouting/frr/pull/12545

fernando added a comment.Mar 29 2023, 1:24 PM

this fix was added 8.5 :

vyos@cust-pe2:~$ show bgp ipv4 vpn 172.16.80.0/24
BGP routing table entry for 1:2:172.16.80.0/24, version 0
not allocated
Paths: (1 available, no best path)
  Not advertised to any peer
  Local
    0.0.0.0 from 0.0.0.0 (1.1.1.1) vrf customer(6) announce-nh-self
      Origin IGP, metric 0, weight 32768, invalid, sourced, local
      Extended Community: RT:1:2
      Originator: 1.1.1.1
      Remote label: 80
      Last update: Wed Mar 29 13:17:24 202

vyos@cust-pe2:~$ sudo vtysh -c "show version"
FRRouting 8.5 (cust-pe2) on Linux(6.1.21-amd64-vyos).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
fernando closed this task as Resolved.Mar 29 2023, 1:25 PM
fernando triaged this task as Normal priority.
fernando closed subtask T4876: mpls - LSP broken on FRR 8.4.1 as Resolved.Mar 29 2023, 2:47 PM