Page MenuHomeVyOS Platform
Create Task
Maniphest T5127

VPNv4/VPNv6 routes are not reinstalled following link flap
Closed, ResolvedPublicBUG
Actions

Assigned To
None
Authored By
devon
Mar 30 2023, 7:13 AM
Tags
Referenced Files
F3712204: pe02.txt
Mar 31 2023, 4:13 PM
F3712203: pe01.txt
Mar 31 2023, 4:13 PM
F3711835: pe02.txt
Mar 31 2023, 4:34 AM
F3711834: pe01.txt
Mar 31 2023, 4:34 AM
F3711394: diagram.png
Mar 30 2023, 7:13 AM
Subscribers
devon
fernando
pasik
SrividyaA
Maintainers

Description

Whenever an interface in a VRF goes down and up on one PE router, the route is not reinstalled on the other PE.

Topology:

The setup is very similar to L3VPN for Hub-and-Spoke connectivity with VyOS. See the diagram:

diagram.png (255×912 px, 13 KB)

pe01.txt5 KBDownload

pe02.txt0 BDownload

Steps to reproduce:

  1. Verify that 10.0.0.0/24 is installed in PE02's routing table. Note the RD.
vyos@PE01:~$ show bgp ipv4 vpn
BGP table version is 2, local router ID is 192.168.255.10, vrf id 0
Default local pref 100, local AS 65002
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

    Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 192.168.255.10:200
 *> 10.0.10.0/24     0.0.0.0@5<               0         32768 ?
    UN=0.0.0.0 EC{65002:200} label=80 type=bgp, subtype=5
Route Distinguisher: 192.168.255.11:200
 *>i10.0.0.0/24      192.168.255.11           0    100      0 ?
    UN=192.168.255.11 EC{65002:200} label=80 type=bgp, subtype=0

Displayed  2 routes and 2 total paths
vyos@PE01:~$ show ip route vrf BLUE
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF BLUE:
B>  10.0.0.0/24 [200/0] via 192.168.255.11 (vrf default) (recursive), label 80, weight 1, 00:01:07
  *                       via 192.168.10.0, eth0 (vrf default), label 19/80, weight 1, 00:01:07
C>* 10.0.10.0/24 is directly connected, eth1, 00:09:57
  1. Unplug the link between CLIENT02 and PE02
  2. The route is removed from PE01
vyos@PE01:~$ show bgp ipv4 vpn
BGP table version is 2, local router ID is 192.168.255.10, vrf id 0
Default local pref 100, local AS 65002
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

    Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 192.168.255.10:200
 *> 10.0.10.0/24     0.0.0.0@5<               0         32768 ?
    UN=0.0.0.0 EC{65002:200} label=80 type=bgp, subtype=5
vyos@PE01:~$ show ip route vrf BLUE
Displayed  1 routes and 1 total paths
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF BLUE:
C>* 10.0.10.0/24 is directly connected, eth1, 00:10:46
  1. Plug back in the link between CLIENT02 and PE02
  2. The route appears under show bgp ipv4 vpn (with the wrong RD! - it should be 192.168.255.11:200, not 10.0.01:2) but is not installed back in the routing table (show ip route vrf BLUE)
vyos@PE01:~$ show bgp ipv4 vpn
BGP table version is 1, local router ID is 192.168.255.10, vrf id 0
Default local pref 100, local AS 65002
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

    Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 10.0.0.1:2
 *>i10.0.0.0/24      192.168.255.11           0    100      0 ?
    UN=192.168.255.11 EC{10.0.0.1:2} label=80 type=bgp, subtype=0
Route Distinguisher: 192.168.255.10:200
 *> 10.0.10.0/24     0.0.0.0@5<               0         32768 ?
    UN=0.0.0.0 EC{65002:200} label=80 type=bgp, subtype=5

Displayed  2 routes and 2 total paths
vyos@PE01:~$ show ip route vrf BLUE
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF BLUE:
C>* 10.0.10.0/24 is directly connected, eth1, 00:11:23

The only way that I've been able to get the route to appear back in PE01's routing table is to reboot PE02. Restarting the routing daemons on either PE (restart all) doesn't seem to work either (the route isn't installed and the wrong RD is used).

I've also reproduced this behaviour switching the sides and with VPNv6.

Details

Difficulty level
Unknown (require assessment)
Version
vyos-1.4-rolling-202303291133-amd64.iso
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

devon renamed this task from VPNv4/VPNV6 routes are not reinstalled following link flap to VPNv4/VPNv6 routes are not reinstalled following link flap.Mar 30 2023, 7:13 AM
devon created this task.
pasik added a subscriber: pasik.Mar 30 2023, 8:27 AM
fernando added a subscriber: fernando.Mar 30 2023, 12:09 PM

hi ,

I would like to make some question. this prefix 10.0.0.0/24 on PE2 is a connected network or learned from another routing protocol (static or BGP)

Could you share configuration both PE1/2 ? so we can try to reproduce it.

devon added a comment.Mar 31 2023, 4:34 AM

10.0.0.0/24 is a connected network.

Here's the configs:

pe01.txt5 KBDownload

pe02.txt5 KBDownload

fernando added a comment.Mar 31 2023, 1:24 PM

sorry , but it seems files doesn't share .

devon updated the task description. (Show Details)Mar 31 2023, 4:13 PM

@fernando Can you see them now? I attached them to the main post.

SrividyaA changed the task status from Open to Confirmed.Apr 26 2023, 11:44 AM
SrividyaA added a subscriber: SrividyaA.EditedApr 28 2023, 7:03 PM

I was able to reproduce the issue in the lab. In order to avoid an automatic assignment of RD after the interface flap, you could add a dummy or loopback interface to the vrf and define it as router-id in your existing configuration, For example:

set interfaces dummy dum10 address '10.10.10.10/32'
set interfaces dummy dum10 vrf 'BLUE'
set vrf name BLUE protocols bgp parameters router-id '10.10.10.10'

This fixes the issue, please try at your end and let me know if it worked for you.

devon added a comment.May 5 2023, 9:42 PM

Thanks! Setting a router-id fixed it for VPNv4 and VPNv6. It also works without creating a dummy interface.

fernando closed this task as Resolved.Jun 1 2023, 7:07 PM
fernando mentioned this in T5252: Route distinguisher and route targets changing upon adding interface to new VRF.Jun 1 2023, 7:12 PM