FRR errors after ugrading from frr 9.1 to 10.0 on Centos 7
pedrompcaetano opened this issue · comments
Description
After updating packages on a centos 7 64 bit system, frr is unable to establish peering with upstream routers.
Version
# sh version
FRRouting 10.0 (vspasr1pxyq01) on Linux(3.10.0-1160.118.1.el7.x86_64).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-static' '--disable-werror' '--enable-multipath=256' '--enable-vtysh' '--enable-ospfclient' '--enable-ospfapi' '--enable-rtadv' '--enable-ldpd' '--enable-pimd' '--enable-pim6d' '--enable-pbrd' '--enable-nhrpd' '--enable-eigrpd' '--enable-babeld' '--enable-vrrpd' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-fpm' '--enable-watchfrr' '--disable-bgp-vnc' '--enable-isisd' '--enable-rpki' '--enable-bfdd' '--enable-pathd' '--enable-snmp' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
How to reproduce
After upgrading a centos7 system running frr from official repository, frr is unable to establish peering with upstream routers.
On a 'twin system' running frr 9.1, everything works as expected. (this system was not updated)
Expected behavior
# rpm -qa frr
frr-9.1-01.el8.x86_64
# sh interface brief
Interface Status VRF Addresses
--------- ------ --- ---------
ens161 up default 10.185.23.201/21
ens192 up default 10.150.0.11/24
10.150.0.5/32
10.150.0.6/32
ens224 up default 10.0.0.234/27
10.11.12.1/32
ens256 up default 192.168.170.11/24
lo up default
# sh ip bgp neighbors upstream bestpath-routes
BGP table version is 8, local router ID is 10.11.12.1, vrf id 0
Default local pref 100, local AS 4200000272
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0/0 10.0.0.243 100 0 15525 8657 ?
Total number of prefixes 1
vspasr1pxyp01# sh ip fib
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
B>* 0.0.0.0/0 [200/0] via 10.0.0.243, ens224, weight 1, 02w1d14h
* via 10.0.0.244, ens224, weight 1, 02w1d14h
K>* 10.0.0.0/8 [0/101] via 10.150.0.254, ens192, 09w0d11h
C>* 10.150.0.0/24 is directly connected, ens192, 09w0d11h
C>* 10.150.0.5/32 is directly connected, ens192, 05w0d03h
C>* 10.150.0.6/32 is directly connected, ens192, 05w0d12h
C>* 10.185.16.0/21 is directly connected, ens161, 09w0d11h
K>* 172.16.0.0/12 [0/101] via 10.150.0.254, ens192, 09w0d11h
K>* 192.168.0.0/16 [0/101] via 10.150.0.254, ens192, 09w0d11h
C>* 192.168.170.0/24 is directly connected, ens256, 09w0d11h
C>* 10.0.0.0.224/27 is directly connected, ens224, 09w0d11h
C>* 10.11.12.1/32 is directly connected, ens224, 09w0d11h
Actual behavior
# rpm -q frr
frr-10.0-01.el7.x86_64
# sh interface brief
Interface Status VRF Addresses
--------- ------ --- ---------
ens161 up default 10.185.23.203/21
ens192 up default 10.150.0.13/24
ens224 up default 10.0.0.250/27
10.11.12.3/32
ens256 up default 192.168.170.13/24
lo up default
# sh ip bgp neighbors upstream bestpath-routes
BGP table version is 1, local router ID is 10.0.0.3, vrf id 0
Default local pref 100, local AS 4200000272
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
# sh ip fib
Codes: K - kernel route, C - connected, L - local, S - static,
R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, F - PBR, f - OpenFabric,
t - Table-Direct,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
K>* 10.0.0.0/8 [0/101] via 10.150.0.254, ens192, 00:11:00
L>* 10.150.0.13/32 is directly connected, ens192, 00:11:00
L>* 10.185.23.203/32 is directly connected, ens161, 00:11:00
K>* 172.16.0.0/12 [0/101] via 10.150.0.254, ens192, 00:11:00
K>* 192.168.0.0/16 [0/101] via 10.150.0.254, ens192, 00:11:00
L>* 192.168.170.13/32 is directly connected, ens256, 00:11:00
L>* 10.0.0.250/32 is directly connected, ens224, 00:11:00
L>* 10.11.12.3/32 is directly connected, ens224, 00:11:00
There are no routes installed as Connected in fib.
The routes that should (?) be Connected are displayed as Local. (192.168.170.13/32 10.0.0.250/32 and 10.11.12.3/32, note the netmasks are not correct)
Additional context
The configuration is pretty straightforward:
frr version 10.0
frr defaults traditional
hostname myhostname
log daemon bgpd file /var/log/frr/bgpd.log informational
no ip forwarding
no ipv6 forwarding
!
router bgp 4200000272
bgp graceful-restart
neighbor upstream peer-group
neighbor upstream remote-as 4200000272
neighbor 10.0.0.243 peer-group upstream
neighbor 10.0.0.244 peer-group upstream
!
address-family ipv4 unicast
network 10.11.12.2/32
neighbor upstream prefix-list upstream in
neighbor upstream prefix-list squid_outbound out
maximum-paths 2
maximum-paths ibgp 2
exit-address-family
exit
!
ip prefix-list upstream seq 5 permit 0.0.0.0/0
ip prefix-list squid_outbound description squid_outbound
ip prefix-list squid_outbound seq 25 permit 10.11.12.2/32
!
route-map community permit 10
match extcommunity one
exit
!
route-map lpref permit 10
match community 50
set local-preference 50
exit
!
route-map lpref permit 20
match community 75
set local-preference 75
exit
!
route-map lpref permit 30
match community 125
set local-preference 125
exit
!
route-map lpref permit 40
match community 150
set local-preference 150
exit
!
route-map ASPATHPREPEND permit 10
match community prepend1
set as-path prepend last-as 1
exit
!
route-map ASPATHPREPEND permit 20
match community prepend2
set as-path prepend last-as 2
exit
!
route-map ASPATHPREPEND permit 30
match community prepend3
set as-path prepend last-as 3
exit
!
Attached to this issue is the output of journalctl -u frr
Checklist
- I have searched the open issues for this bug.
- I have not included sensitive information in this report.
frr-error.txt
NetworkManager has decided that it will install addresses on interfaces as noprefixroute. With this change FRR cannot use the corresponding prefix as a connected route anymore as that if you were to do a redistribute connected into a routing protocol and then tried to ping the other side of the interface it will no longer work. I would suggest that you no longer use NetworkManager.
Thank you for your help.
This has indeed solved the issue.
Best,
Pedro
FYI, this isn't just a NetworkManager thing. systemd-networkd also apparently installs addresses with noprefixroute when they are learned via DHCP or SLAAC.