https://vyos.dev/T5415 upgraded FRR to version 9.0 in VyOS 1.4-rolling.
This is causing a new daemon named mgmtd to be started who then listens at TCP2622 on ALL interfaces:
root@vyos:/home/vyos# netstat -atunp | grep -i mgmtd tcp 0 0 0.0.0.0:2622 0.0.0.0:* LISTEN 907/mgmtd tcp6 0 0 :::2622 :::* LISTEN 907/mgmtd
The above is caused by missing entries in daemons-file used by FRR:
vyos@vyos:~$ ps auxwww | grep -i mgmtd root 867 0.0 0.0 8556 3256 ? S<s 13:19 0:00 /usr/lib/frr/watchfrr -d -F traditional zebra mgmtd bgpd ripd ripngd ospfd ospf6d isisd babeld ldpd eigrpd staticd bfdd frr 907 0.0 0.0 10096 6380 ? S<s 13:19 0:00 /usr/lib/frr/mgmtd -d -F traditional
More information about mgmtd:
https://docs.frrouting.org/en/latest/mgmtd.html
Most likely following files needs to be updated (if not more):
- /usr/lib/python3/dist-packages/vyos/frr.py (example: variable _frr_daemons).
- /usr/share/vyos/templates/frr/daemons.frr.tmpl
Current master of deamons default at FRR repo:
https://github.com/FRRouting/frr/blob/master/tools/etc/frr/daemons
Suggestion for daemons.frr.tmpl (did not account for additional settings which might need to be put into this file according to the above default from FRR repo):
zebra=yes bgpd=yes ospfd=yes ospf6d=yes ripd=yes ripngd=yes isisd=yes pimd=no ldpd=yes nhrpd=no eigrpd=yes babeld=yes sharpd=no pbrd=no bfdd=yes staticd=yes mgmtd=yes vtysh_enable=yes zebra_options="-s 90000000 --daemon -A 127.0.0.1 {%- if irdp is defined %} -M irdp{% endif -%} {%- if snmp is defined and snmp.zebra is defined %} -M snmp{% endif -%} " bgpd_options="--daemon -A 127.0.0.1 {%- if bmp is defined %} -M bmp{% endif -%} {%- if snmp is defined and snmp.bgpd is defined %} -M snmp{% endif -%} " ospfd_options="--daemon -A 127.0.0.1 {%- if snmp is defined and snmp.ospfd is defined %} -M snmp{% endif -%} " ospf6d_options="--daemon -A ::1 {%- if snmp is defined and snmp.ospf6d is defined %} -M snmp{% endif -%} " ripd_options="--daemon -A 127.0.0.1 {%- if snmp is defined and snmp.ripd is defined %} -M snmp{% endif -%} " ripngd_options="--daemon -A ::1" isisd_options="--daemon -A 127.0.0.1 {%- if snmp is defined and snmp.isisd is defined %} -M snmp{% endif -%} " pimd_options="--daemon -A 127.0.0.1" ldpd_options="--daemon -A 127.0.0.1 {%- if snmp is defined and snmp.ldpd is defined %} -M snmp{% endif -%} " nhrpd_options="--daemon -A 127.0.0.1" eigrpd_options="--daemon -A 127.0.0.1" babeld_options="--daemon -A 127.0.0.1" sharpd_options="--daemon -A 127.0.0.1" pbrd_options="--daemon -A 127.0.0.1" bfdd_options="--daemon -A 127.0.0.1" staticd_options="--daemon -A 127.0.0.1" mgmtd_options="--daemon -A 127.0.0.1" watchfrr_enable=no valgrind_enable=no
Bonus: Isnt "watchfrr_enable=no" incorrect?