Page MenuHomeVyOS Platform
Create Task
Maniphest T5933

Unable to commit BGP config with unnumbered neighbour
Open, HighPublicBUG
Actions

Description

It seems that when I try to set a peer with just IPv6 link-local, as suggested here: https://docs.vyos.io/en/sagitta/configexamples/bgp-ipv6-unnumbered.html. I get a commit error instead regarding bpd not able to apply it.

My config that I tried to commit:

 neighbor 10.0.105.10 {
     description w1
     peer-group kube-prod
 }
 neighbor 10.0.105.19 {
     peer-group kube-prod
 }
 neighbor 10.0.105.20 {
     peer-group kube-prod
 }
 neighbor 10.0.105.25 {
     peer-group kube-prod
 }
 neighbor 10.0.105.33 {
     description w-amd-2
     peer-group kube-prod
 }
 neighbor 10.0.105.34 {
     peer-group kube-prod
 }
 neighbor 10.0.105.43 {
     peer-group kube-prod
 }
 neighbor 10.0.110.18 {
     peer-group kube-dev
 }
 neighbor 10.0.110.19 {
     peer-group kube-dev
 }
 neighbor 192.168.2.129 {
     description dh
     peer-group kube-prod
 }
+neighbor eth7.105 {
+    interface {
+        v6only {
+        }
+    }
+    peer-group kube-prod
+}
 neighbor 2001:14ba:16eb:6f6e:dea6:32ff:fe3f:9301 {
     description dev-w1
     peer-group kube-dev-v6
 }
 neighbor 2001:14ba:16eb:6f6e:e65f:1ff:fe1b:3293 {
     description dev-m1
     peer-group kube-dev-v6
 }
 parameters {
     router-id 192.168.2.1
 }
 peer-group kube-dev {
     address-family {
         ipv4-unicast {
             soft-reconfiguration {
                 inbound
             }
         }
     }
     remote-as 213021
 }
 peer-group kube-prod {
     address-family {
         ipv4-unicast {
             soft-reconfiguration {
                 inbound
             }
         }
+        ipv6-unicast {
+            soft-reconfiguration {
+                inbound
+            }
+        }
     }
     remote-as 213021
 }
 peer-group kube-dev-v6 {
     address-family {
         ipv6-unicast {
             soft-reconfiguration {
                 inbound
             }
         }
     }
     remote-as 213021
 }
-peer-group kube-prod-v6 {
-    address-family {
-        ipv6-unicast {
-            soft-reconfiguration {
-                inbound
-            }
-        }
-    }
-    remote-as 213021
-}
 system-as 213021

Error that I got:

vyos@gateway# commit
[ protocols bgp ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
  https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
  https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
  https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report time:      2024-01-13 14:38:37
Image version:    VyOS 1.4-rolling-08112023T0309
Release train:    sagitta

Built by:         [email protected]
Built on:         Wed 08 Nov 2023 03:28 UTC
Build UUID:       f3148aba-1b00-4a87-8461-aa9bdfa7b61f
Build commit ID:  987bbc8be52abc

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Default string
Hardware model:   QDNV01
Hardware S/N:     Default string
Hardware UUID:    03000200-0400-0500-0006-000700080009

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/protocols_bgp.py", line 572, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/protocols_bgp.py", line 563, in apply
    frr_cfg.commit_configuration(bgp_daemon)
  File "/usr/lib/python3/dist-packages/vyos/frr.py", line 483, in commit_configuration
    raise ConfigurationNotValid(f'Config commit retry counter ({count_max}) exceeded for {daemon} dameon!')
vyos.frr.ConfigurationNotValid: Config commit retry counter (5) exceeded for bgpd dameon!

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-08112023T0309
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects

Event Timeline

samip537 created this task.Jan 13 2024, 12:42 PM
trae32566 added a subscriber: trae32566.EditedJan 14 2024, 9:53 AM

@samip537 You should use the peer group definition inside the v6-only stanza, like so:

neighbor wg1 {                                                                                           
    interface {                                                                                          
        v6only {                                                                                         
            peer-group BACKBONE                                                                          
            remote-as 4242420669                                                                         
        }                                                                                                
    }                                                                                                    
}

That being said, this should fail more gracefully and say something like "please configure the peer group name under the v6only stanza", or (more ideally, IMO), it should all be moved to using neighbor XXXX peer-group. This was done for IPv6 some time back (and ironically now is causing migration issues in T5937); for example it used to be:

trae@cr01a-vyos# show protocols bgp 4242420668 neighbor fd52:d62e:8011:fffe::7 
 address-family {
     ipv6-unicast {
         peer-group DAL10v6
     }
 }

In 1.4+ though, it has been moved to the standard neighbor XXXX peer-group.

Viacheslav triaged this task as High priority.Jan 14 2024, 10:07 AM