Page MenuHomeVyOS Platform

Migrate NHRP(DMVPN) to FRR
In progress, HighPublicFEATURE REQUEST


FRR support NHRP. We can use FRR nhrpd instead of openNHRP


Difficulty level
Hard (possibly days)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Internal change (not visible to end users)

Related Objects

Event Timeline

Unknown Object (User) created this task.Apr 18 2020, 2:14 PM
Unknown Object (User) triaged this task as High priority.Apr 21 2020, 8:53 PM

FRR nhrpd do not support multicasting over GRE tunnels so OSPF or EIGRP don't work since they use multicast addresses to discover neighbors

As i remember the lack of multicast replication was the reason this stopped up last time it was discussed... And as ospf and eigrp is the most used protocols run over dmvpn i think this is a showstopper for implementimg nhrpd

Perhaps I'm one of the minority. but BGP is our predominant DMVPN routing protocol.

@hammerstud that would work for you - but it will break everyone elses implementation ;)

This comment was removed by francis.

@c-po @Viacheslav
Further news on this topic - FRR 8.0 released yesterday (7/29) which includes the aforementioned nhrpd multicast improvements, among a lot of other nice things:

July 29, 2021
The FRR community is pleased to announce FRR 8.0.
In this release there are over 2200 commits from 91 different authors.
Please note that we expect to release a bugfix point release relatively soon after this release.

  -     Add nhrp multicast-nflog-group (1-65535) command
  -     Add configuration options for vici socket path
  -     Add support for forwarding multicast packets
  -     Fix handling of MTU
  -     Fix handling of NAT extension
  -     Retry IPsec under some conditions

I think NHRP Cisco Auth is still missing:

This was sited to me as a concern for migrating to FRR

I agree it would be nice to have the Cisco Auth functionality, however, the original author of opennhrp themselves recommend using FRR nhrpd instead where possible. It appears that most effort going forward will be put into FRR's nhrpd, and not the original opennhrp.

erkin set Issue type to Internal change (not visible to end users).Aug 30 2021, 6:47 AM
erkin removed a subscriber: Active contributors.
Unknown Object (User) added a subscriber: Unknown Object (User).Sep 9 2021, 8:57 AM

Cisco Auth is a necessity for those who want to migrate from this vendor's hardware to VyOS. You can easily add a VyOS node to an existing DMVPN.

v.huti changed Difficulty level from Unknown (require assessment) to Hard (possibly days).
syncer changed the task status from Open to In progress.Jul 11 2023, 11:56 PM

I have created a draft pull request for FRR, but I can still see a bunch of odd bugs.
I'm going to activate it after additional testing by the team.
Most issues involve Wireshark's inability to parse packets correctly and display an exception, although the demons seem to run fine.