Page MenuHomeVyOS Platform

ipv6 policy routing not working anymore
Closed, ResolvedPublic

Description

Hello,

I have been using policy routing with ipv6 for a while, but I can no longer get it to work. There has been a lot of commits regarding policy routing lately. Might be due to that?
Unfortunately I don't know at which commit it stopped working. I tried it with todays daily iso.

My config is:

# show interfaces ethernet eth2
 address 172.21.50.111/23
 address 2c06:25:f1cd:11:1::1/80
 hw-id f6:29:d0:f0:2f:0c
 policy {
     route6 src-route
 }

# show policy
 route6 src-route {
     rule 1 {
         destination {
             address ::/0
         }
         set {
             table 1
         }
         source {
             address 2c06:25:f1cd:11:1::/80
         }
     }
 }


# show nat66
 source {
     rule 1 {
         outbound-interface wg01
         source {
             prefix 2c06:25:f1cd:11:1::/80
         }
         translation {
             address masquerade
         }
     }
 }

# show protocols static table 1
 route6 ::/0 {
     interface wg01 {
     }
 }

I cannot get it working on ipv6 despite the same config worked a while back. From a client, ping6 and traceroute6 just times out.
(ipv4 pbr works fine via the same tunnel and table)

It does also work locally on vyos with the wg01 tunnel via table 1 if I use local-route6.

Any ideas?

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

danielpo created this object in space S1 VyOS Public.
danielpo updated the task description. (Show Details)
sarthurdev changed the task status from Open to In progress.Jan 27 2022, 5:19 PM
sarthurdev claimed this task.
sarthurdev added a subscriber: sarthurdev.

Thanks for the report, I believe I know what's caused it to break. Hopefully will have a fix in for the build tomorrow.

Hi,
I applied your new policy-route.py manually, and now my ipv6 pbr works again!! Thanks a lot!

Good to hear, going to mark this as resolved.

Hi again, I found another bug, if I have two policy routes with the same table it tries to create the table twice, and it doesn't work because the table is already created:

[email protected]# commit
[ policy route src-route ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
  https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
  https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
  https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report time:      2022-01-28 06:56:04
Image version:    VyOS 1.4-rolling-202201270317
Release train:    sagitta

Built by:         [email protected]
Built on:         Thu 27 Jan 2022 03:17 UTC
Build UUID:       1e945115-0bc6-4cf7-a634-c6e75e9a1921
Build commit ID:  c535fc7a5622ef

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:
Hardware UUID:    88891583-d199-4250-8358-a403f928d037

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/policy-route.py", line 250, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/policy-route.py", line 241, in apply
    apply_table_marks(policy)
  File "/usr/libexec/vyos/conf_mode/policy-route.py", line 217, in apply_table_marks
    cmd(f'{cmd_str} rule add pref {set_table} fwmark {table_mark} table {set_table}')
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip rule add pref 1 fwmark 2147483646 table 1
returned:
exit code: 2

noteworthy:
cmd 'ip rule add pref 1 fwmark 2147483646 table 1'
returned (out):

returned (err):
RTNETLINK answers: File exists

[[policy route src-route]] failed
Commit failed

Happens with both route and route6.