Page MenuHomeVyOS Platform
Create Task
Maniphest T4939

VRRP command no-preempt not work as expected
Closed, ResolvedPublicBUG
Actions

Description

this command should prevent a router from being able to change its state if it is configured, however, when we reboot/poweroff the router with low priority(150) node entering MASTER state, when the router with high priority started. the backup node receives this message:

6 20:06:28 vyos Keepalived_vrrp[1897]: (VLAN2) Master received advert from 172.20.2.2 with higher priority 200, ours 150
Jan 16 20:06:28 vyos Keepalived_vrrp[1897]: (VLAN2) Entering BACKUP STATE
Jan 16 20:06:28 vyos Keepalived_vrrp[1897]: VRRP_Group(ALPHA) Syncing instances to BACKUP state
Jan 16 20:06:28 vyos Keepalived_vrrp[1897]: (VLAN3) Entering BACKUP STATE
Jan 16 20:06:28 vyos Keepalived_vrrp[1897]: (VLAN4) Entering BACKUP STATE
Jan 16 20:06:28 vyos Keepalived_vrrp[1897]: (VLAN5) Entering BACKUP STATE
Jan 16 20:06:28 vyos Keepalived_vrrp[1897]: (VLAN7) Entering BACKUP STATE
Jan 16 20:06:28 vyos Keepalived_vrrp[1897]: (VLAN9) Entering BACKUP STATE

it doesn't respect the mode no-preempt , so the master router transitions to the backup state .

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3.2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.3

Event Timeline

fernando changed the task status from Open to Confirmed.Jan 16 2023, 8:38 PM
fernando triaged this task as Normal priority.
fernando created this task.
fernando created this object in space S1 VyOS Public.
fernando added a comment.Jan 16 2023, 8:41 PM
This comment was removed by fernando.
pasik added a subscriber: pasik.Jan 16 2023, 9:07 PM
Viacheslav edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).Jan 17 2023, 7:36 AM
Viacheslav changed the subtype of this task from "Task" to "Bug".
n.fort assigned this task to fernando.Jan 17 2023, 12:11 PM
n.fort added a subscriber: n.fort.Jan 17 2023, 3:52 PM

Error seems to be present only when bonding interface is configured.

When using Ethernet interfaces, without bonding, no-preemt works as expected

fernando added a comment.Jan 17 2023, 4:18 PM

it seems the issue is related no-preemt and interfaces bond , based on keepalived documentation :

https://github.com/acassen/keepalived/blob/master/doc/man/man5/keepalived.conf.5.in#L817

# On some systems when bond interfaces are created, they can start passing traffic
# and then have a several second gap when they stop passing traffic inbound. This
# can mean that if keepalived is started at boot time, i.e. at the same time as
# bond interfaces are being created, keepalived doesn't receive adverts and hence
# can become master despite an instance with higher priority sending adverts.
# This option specifies a delay in seconds before vrrp instances start up after
# keepalived starts,

this command vrrp_startup_delay avoids when rebooting the VyOS instance sending the advert's message to the backup router, waiting/validating no-present command :

global_defs {
    dynamic_interfaces
    script_user root
    vrrp_startup_delay 60
    notify_fifo /run/keepalived/keepalived_notify_fifo
    notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
}

it's supported in our current version :

vyos@vyos:~$ sudo /usr/sbin/keepalived -v
Keepalived v2.2.4 (12/22,2021), git commit v2.2.4-227-g8af889bc

Copyright(C) 2001-2021 Alexandre Cassen, <[email protected]>

Built with kernel headers for Linux 4.19.208
Running on Linux 5.4.210-amd64-vyos #1 SMP Fri Aug 26 10:15:50 UTC 2022
Distro: VyOS 1.3.2 (equuleus)

configure options: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-s2

Config options:  LIBIPSET_DYNAMIC NFTABLES LVS REGEX VRRP VRRP_AUTH VRRP_VMAC JSON BFD OLD_CHKSUM_COMPAT SNMP_V3_FOR_V2 SNMP_VRRP SNMP_CHECKER SNMP_RFCV2 SNMP_RFCV3 DBUS INIT=SYSV

System options:  VSYSLOG MEMFD_CREATE IPV4_DEVCONF LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIPK
fernando added a project: VyOS 1.4 Sagitta.Jan 17 2023, 9:48 PM
fernando added a comment.Jan 17 2023, 10:06 PM

I've testing this command , it works as we expected . At this point I think we should add PR in 1.4 with new section :

set high-availability vrrp global-parameter , it would allow us to add more commands if it's needed :

vyos-cli:

set high-availability vrrp global-parameter startup-delay 'sec'
fernando added a comment.Jan 18 2023, 3:41 PM

VyOS config 1.3.2 :

######### Router 01: master #########

  set interfaces bonding bond0 address '10.1.1.1/24'
  set interfaces bonding bond0 hash-policy 'layer2'
  set interfaces bonding bond0 member interface 'eth1'
  set interfaces bonding bond0 mode '802.3ad'
  set interfaces bonding bond0 vif 2 address '10.2.2.1/24'
  set interfaces bonding bond0 vif 3 address '10.3.3.1/24'
  set interfaces bonding bond0 vif 4 address '10.4.4.1/24'


  set high-availability vrrp group VLAN0 hello-source-address '10.1.1.1'
  set high-availability vrrp group VLAN0 interface 'bond0'
  set high-availability vrrp group VLAN0 no-preempt
  set high-availability vrrp group VLAN0 priority '200'
  set high-availability vrrp group VLAN0 virtual-address 
  set high-availability vrrp group VLAN0 vrid '1'

  set high-availability vrrp group VLAN2 hello-source-address '10.2.2.1'
  set high-availability vrrp group VLAN2 interface 'bond0.2'
  set high-availability vrrp group VLAN2 no-preempt
  set high-availability vrrp group VLAN2 priority '200'
  set high-availability vrrp group VLAN2 address 10.2.2.254/24
  set high-availability vrrp group VLAN2 vrid '1'

  set high-availability vrrp group VLAN3 hello-source-address '10.3.3.1'
  set high-availability vrrp group VLAN3 interface 'bond0.3'
  set high-availability vrrp group VLAN3 no-preempt
  set high-availability vrrp group VLAN3 priority '200'
  set high-availability vrrp group VLAN3 address 10.3.3.254/24
  set high-availability vrrp group VLAN3 vrid '1'

  set high-availability vrrp group VLAN4 hello-source-address '10.4.4.1'
  set high-availability vrrp group VLAN4 interface 'bond0.4'
  set high-availability vrrp group VLAN4 no-preempt
  #set high-availability vrrp group VLAN4 peer-address '10.4.4.2'
  set high-availability vrrp group VLAN4 priority '200'
  set high-availability vrrp group VLAN4 address 10.4.4.254/24
  set high-availability vrrp group VLAN4 vrid '1'

  set high-availability vrrp sync-group ALPHA member 'VLAN0'
  set high-availability vrrp sync-group ALPHA member 'VLAN2'
  set high-availability vrrp sync-group ALPHA member 'VLAN3'
  set high-availability vrrp sync-group ALPHA member 'VLAN4'




  ######### Router 02: backup #########

  set interfaces bonding bond0 address '10.1.1.2/24'
  set interfaces bonding bond0 hash-policy 'layer2'
  set interfaces bonding bond0 member interface 'eth1'
  set interfaces bonding bond0 mode '802.3ad'
  set interfaces bonding bond0 vif 2 address '10.2.2.2/24'
  set interfaces bonding bond0 vif 3 address '10.3.3.2/24'
  set interfaces bonding bond0 vif 4 address '10.4.4.2/24'


  set high-availability vrrp group VLAN0 hello-source-address '10.1.1.2'
  set high-availability vrrp group VLAN0 interface 'bond0'
  set high-availability vrrp group VLAN0 no-preempt
  set high-availability vrrp group VLAN0 priority '150'
  set high-availability vrrp group VLAN0 address 10.1.1.254/24
  set high-availability vrrp group VLAN0 vrid '1'

  set high-availability vrrp group VLAN2 hello-source-address '10.2.2.2'
  set high-availability vrrp group VLAN2 interface 'bond0.2'
  set high-availability vrrp group VLAN2 no-preempt
  set high-availability vrrp group VLAN2 priority '150'
  set high-availability vrrp group VLAN2 address 10.2.2.254/24
  set high-availability vrrp group VLAN2 vrid '1'

  set high-availability vrrp group VLAN3 hello-source-address '10.3.3.2'
  set high-availability vrrp group VLAN3 interface 'bond0.3'
  set high-availability vrrp group VLAN3 no-preempt
  set high-availability vrrp group VLAN3 priority '150'
  set high-availability vrrp group VLAN3 address 10.3.3.254/24
  set high-availability vrrp group VLAN3 vrid '1'

  set high-availability vrrp group VLAN4 hello-source-address '10.4.4.2'
  set high-availability vrrp group VLAN4 interface 'bond0.4'
  set high-availability vrrp group VLAN4 no-preempt
  #set high-availability vrrp group VLAN4 peer-address '10.4.4.1'
  set high-availability vrrp group VLAN4 priority '150'
  set high-availability vrrp group VLAN4 address 10.4.4.254/24
  set high-availability vrrp group VLAN4 vrid '1'

  set high-availability vrrp sync-group ALPHA member 'VLAN0'
  set high-availability vrrp sync-group ALPHA member 'VLAN2'
  set high-availability vrrp sync-group ALPHA member 'VLAN3'
  set high-availability vrrp sync-group ALPHA member 'VLAN4'
fernando added a comment.Jan 18 2023, 3:45 PM

VyOS 1.4.x

  ######### Router 01: master #########

set high-availability vrrp group VLAN0 address 10.1.1.254/24
set high-availability vrrp group VLAN0 hello-source-address '10.1.1.1'
set high-availability vrrp group VLAN0 interface 'bond0'
set high-availability vrrp group VLAN0 no-preempt
set high-availability vrrp group VLAN0 priority '200'
set high-availability vrrp group VLAN0 vrid '1'
set high-availability vrrp group VLAN2 address 10.2.2.254/24
set high-availability vrrp group VLAN2 hello-source-address '10.2.2.1'
set high-availability vrrp group VLAN2 interface 'bond0.2'
set high-availability vrrp group VLAN2 no-preempt
set high-availability vrrp group VLAN2 priority '200'
set high-availability vrrp group VLAN2 vrid '1'
set high-availability vrrp group VLAN3 address 10.3.3.254/24
set high-availability vrrp group VLAN3 hello-source-address '10.3.3.1'
set high-availability vrrp group VLAN3 interface 'bond0.3'
set high-availability vrrp group VLAN3 no-preempt
set high-availability vrrp group VLAN3 priority '200'
set high-availability vrrp group VLAN3 vrid '1'
set high-availability vrrp group VLAN4 address 10.4.4.254/24
set high-availability vrrp group VLAN4 hello-source-address '10.4.4.1'
set high-availability vrrp group VLAN4 interface 'bond0.4'
set high-availability vrrp group VLAN4 no-preempt
set high-availability vrrp group VLAN4 priority '200'
set high-availability vrrp group VLAN4 vrid '1'
set high-availability vrrp sync-group ALPHA member 'VLAN0'
set high-availability vrrp sync-group ALPHA member 'VLAN2'
set high-availability vrrp sync-group ALPHA member 'VLAN3'
set high-availability vrrp sync-group ALPHA member 'VLAN4'
set interfaces bonding bond0 address '10.1.1.1/24'
set interfaces bonding bond0 hash-policy 'layer2'
set interfaces bonding bond0 member interface 'eth1'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 vif 2 address '10.2.2.1/24'
set interfaces bonding bond0 vif 3 address '10.3.3.1/24'
set interfaces bonding bond0 vif 4 address '10.4.4.1/24'


######### Router 02: backup #########

set high-availability vrrp group VLAN0 address 10.1.1.254/24
set high-availability vrrp group VLAN0 hello-source-address '10.1.1.2'
set high-availability vrrp group VLAN0 interface 'bond0'
set high-availability vrrp group VLAN0 no-preempt
set high-availability vrrp group VLAN0 priority '150'
set high-availability vrrp group VLAN0 vrid '1'
set high-availability vrrp group VLAN2 address 10.2.2.254/24
set high-availability vrrp group VLAN2 hello-source-address '10.2.2.2'
set high-availability vrrp group VLAN2 interface 'bond0.2'
set high-availability vrrp group VLAN2 no-preempt
set high-availability vrrp group VLAN2 priority '150'
set high-availability vrrp group VLAN2 vrid '1'
set high-availability vrrp group VLAN3 address 10.3.3.254/24
set high-availability vrrp group VLAN3 hello-source-address '10.3.3.2'
set high-availability vrrp group VLAN3 interface 'bond0.3'
set high-availability vrrp group VLAN3 no-preempt
set high-availability vrrp group VLAN3 priority '150'
set high-availability vrrp group VLAN3 vrid '1'
set high-availability vrrp group VLAN4 address 10.4.4.254/24
set high-availability vrrp group VLAN4 hello-source-address '10.4.4.2'
set high-availability vrrp group VLAN4 interface 'bond0.4'
set high-availability vrrp group VLAN4 no-preempt
set high-availability vrrp group VLAN4 priority '150'
set high-availability vrrp group VLAN4 vrid '1'
set high-availability vrrp sync-group ALPHA member 'VLAN0'
set high-availability vrrp sync-group ALPHA member 'VLAN2'
set high-availability vrrp sync-group ALPHA member 'VLAN3'
set high-availability vrrp sync-group ALPHA member 'VLAN4'
set interfaces bonding bond0 address '10.1.1.2/24'
set interfaces bonding bond0 hash-policy 'layer2'
set interfaces bonding bond0 member interface 'eth1'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 vif 2 address '10.2.2.2/24'
set interfaces bonding bond0 vif 3 address '10.3.3.2/24'
set interfaces bonding bond0 vif 4 address '10.4.4.2/24'
vyos@vyos:~$
fernando added a comment.Jan 19 2023, 6:35 PM

1.4: https://github.com/vyos/vyos-1x/pull/1769

n.fort changed the task status from Confirmed to Needs testing.Jan 26 2023, 9:48 PM
Viacheslav added a subscriber: Viacheslav.Apr 11 2023, 11:24 AM

@fernando Could you add PR for 1.3?

fernando added a comment.Apr 11 2023, 12:05 PM

Yes, I forgot to add this task. I'll make the PR

fernando added a comment.Apr 12 2023, 12:45 PM

PR 1.3 https://github.com/vyos/vyos-1x/pull/1951

fernando closed this task as Resolved.Apr 13 2023, 12:04 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Apr 13 2023, 12:09 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
dmbaturin mentioned this in 1.3.3.May 19 2023, 1:04 PM