Page MenuHomeVyOS Platform
Create Task
Maniphest T3522

policy based routing not working
Open, Requires assessmentPublicBUG
Actions

Description

set protocols static table 1 route 0.0.0.0/0 dhcp-interface 'eth1'

set policy route source-route rule 10 description 'bulk data via charter'
set policy route source-route rule 10 destination group port-group 'bulk-data' 
set policy route source-route rule 10 protocol 'tcp'
set policy route source-route rule 10 set table '1'
set policy route source-route rule 10 source address '0.0.0.0/0'

set interfaces ethernet eth0 policy route 'source-route'

That fails to route the bulk data transfers over eth1.

Details

Difficulty level
Unknown (require assessment)
Version
yOS 1.4-rolling-202104062128
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change

Related Objects
Search...

Event Timeline

carl.byington created this task.May 6 2021, 1:50 AM
pasik added a subscriber: pasik.May 6 2021, 3:14 PM
Viacheslav added a subscriber: Viacheslav.May 6 2021, 8:14 PM

@carl.byington is it working in 1.3?

carl.byington added a comment.May 6 2021, 11:52 PM

I have not built vyos since 2018, so my last production version was 201803051831.

I don't have a test environment for that feature, but I could build one sometime next week.

Viacheslav added a comment.May 7 2021, 10:46 AM

Maybe related task T3505 which deletes the default route for DHCP in the commit.

Viacheslav added a parent task: T3505: Commits do not respect changes in FRR that are not stored in a config.May 7 2021, 11:01 AM
carl.byington added a comment.May 7 2021, 3:08 PM

PBR works if we change the static route to:

set protocols static table 1 route 0.0.0.0/0 next-hop 35.129.96.1

Of course, that assumes that dhcp won't change our cable isp ip address. For now, I can work around that.

Viacheslav added a project: VyOS 1.3 Equuleus.May 10 2021, 11:05 AM
This comment was removed by Viacheslav.
Viacheslav removed a project: VyOS 1.3 Equuleus.May 10 2021, 11:07 AM
mTx87 added a subscriber: mTx87.May 17 2021, 2:47 PM

did you try
set protocols static table 1 route 0.0.0.0/0 interface 'eth1'

instead of "dhcp-interface"?

PBR is running fine for me like this with dynamic IP

carl.byington added a comment.May 17 2021, 3:54 PM

I just tried that and it fails. We get

show ip route table 1
VRF default table 1:
S>* 0.0.0.0/0 [1/0] is directly connected, eth1, weight 1, 00:00:40

but it tries to arp for addresses:

08:45:29.102045 ARP, Request who-has 38.64.93.21 tell 35.129.96.135, length 28
08:45:30.126084 ARP, Request who-has 38.64.93.21 tell 35.129.96.135, length 28
0

The cable modem here is in bridge mode, so it won't respond to those arps.

Viacheslav added a comment.May 17 2021, 5:02 PM

I don't fully understand your scheme
What interrelation between arp and tcp policy?

fernando mentioned this in T3600: DHCP Interface static route breaks PBR.Jun 6 2021, 9:53 PM
anthr76 added a subscriber: anthr76.Jun 7 2021, 11:49 AM
Dmitry added a subscriber: Dmitry.Jan 18 2022, 4:05 PM

Looks like I see the same issue for 1.3.0. Reproducing steps:

set interfaces ethernet eth1 address 'dhcp'
set protocols static table 1 route 0.0.0.0/0 dhcp-interface eth1

After commit it will return the following output:

vyos@vyos# commit
[ protocols static table 1 route 0.0.0.0/0 dhcp-interface eth1 ]
dc: can't open '0x7fffffff': No such file or directory
iptables v1.8.2 (nf_tables): option "--set-mark" requires an argument
Try `iptables -h' or 'iptables --help' for more information.

[[protocols static]] failed
Commit failed
Viacheslav closed this task as Resolved.May 20 2022, 3:56 PM
Viacheslav claimed this task.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
This comment was removed by Viacheslav.
Viacheslav reopened this task as Open.May 20 2022, 3:58 PM