Page MenuHomeVyOS Platform
Create Task
Maniphest T3463

Prevent IPv4 Route exchange with IPv6 neighbors
Closed, ResolvedPublicBUG
Actions

Description

If we have a v6 neighbor that should only exchange v6 routes, it seems that

set protocols bgp parameters default no-ipv4-unicast

should do it. But,

vtysh
show ip bgp ipv4 sum
Neighbor            V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
205.147.6.21        4       7397    134808        26        0    0    0 00:22:07       856222        1
2001:470:1f00:1a::1 4       6939     35758        26        0    0    0 00:22:07 NoNeg
2604:0:b:4::1       4       7397     33958        26        0    0    0 00:22:07 NoNeg

show running-config

 address-family ipv4 unicast
  network 205.147.40.32/27
  neighbor 205.147.6.21 activate
  neighbor 205.147.6.21 soft-reconfiguration inbound
  neighbor 205.147.6.21 route-map local-nets-filter out
  neighbor 2001:470:1f00:1a::1 activate
  neighbor 2604:0:b:4::1 activate
 exit-address-family

We should have no neighbor ... activate for ipv6 neighbors in the address-family ipv4 unicast block. Unless I am misunterstanding the meaning of default no-ipv4-unicast.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202104062128
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change

Event Timeline

carl.byington created this task.Apr 7 2021, 10:04 PM
Viacheslav added a subscriber: Viacheslav.Apr 8 2021, 9:31 AM

If you add neighbor/commit and after that commit adding "set protocols bgp parameters default no-ipv4-unicast" it can not be accepted. Because neighbor was added before this command.
Re-create neighbor and commit. And check again.

c-po added a subscriber: c-po.EditedApr 8 2021, 12:41 PM

We probably should move the following statement https://github.com/vyos/vyos-1x/blob/current/data/templates/frr/bgp.frr.tmpl#L362-L364

up to the top https://github.com/vyos/vyos-1x/blob/current/data/templates/frr/bgp.frr.tmpl#L188-L195 when creating the BGP process

@carl.byington can you try to relocate the mentioned snipped to line 189 on your live system? You can find it here: /usr/share/vyos/templates/frr/bgp.frr.tmpl, after modifying the file please run: systemctl restart vyos-configd

pasik added a subscriber: pasik.Apr 8 2021, 1:22 PM
carl.byington added a comment.Apr 8 2021, 6:05 PM

I modified bgp.frr.tmpl, but systemctl restart vyos-configd did not seem to do anything. Rebooting the router produces the correct config:

vtysh
show running-config
router bgp 40484
 bgp router-id 205.147.40.33
 bgp log-neighbor-changes
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 205.147.6.21 remote-as 7397
 neighbor 205.147.6.21 update-source 205.147.6.22
 neighbor 2001:470:1f00:1a::1 remote-as 6939
 neighbor 2604:0:b:4::1 remote-as 7397
 neighbor 2604:0:b:4::1 update-source 2604:0:b:4::2
 !
 address-family ipv4 unicast
  network 205.147.40.32/27
  neighbor 205.147.6.21 activate
  neighbor 205.147.6.21 soft-reconfiguration inbound
  neighbor 205.147.6.21 route-map local-nets-filter out
 exit-address-family
 !

The v6 neighbors are no longer present in the ipv4 unicast block.
c-po added a comment.Apr 8 2021, 6:11 PM

Looks like that is actually working.

set protocols bgp local-as '1200'
set protocols bgp neighbor 1.1.1.1 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 1.1.1.1 remote-as '200'
set protocols bgp neighbor 2001:db8::1 remote-as '300'
set protocols bgp parameters default no-ipv4-unicast
[email protected]# run show ip bgp sum

IPv4 Unicast Summary:
BGP router identifier 172.18.254.201, local AS number 1200 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
1.1.1.1         4        200         0         0        0    0    0    never       Active        0

Total number of neighbors 1
c-po changed the task status from Open to In progress.Apr 8 2021, 6:11 PM
c-po claimed this task.
c-po closed this task as Resolved.Apr 8 2021, 6:24 PM
c-po triaged this task as Normal priority.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.May 24 2021, 7:38 PM