Page MenuHomeVyOS Platform

Failing to add route in failover
Open, Requires assessmentPublicBUG



I am trying to configure failover for my main and back-up connections. My main connecion (eth0) has a /32 IP address, while the back-up one (eth1.11) has a /24 IP.

Here my the configuration snippet:

failover {
    route {
        next-hop {
            check {
                timeout 5
                type icmp
            interface eth0
            metric 1
        next-hop {
            check {
                timeout 5
                type icmp
            interface eth1.11
            metric 254

The is the gateway of the main connection, while is the gateway of the back-up conection.
The IP address of the main connection is

The reported configuration does not work for eth0, failing to add the route complaining about invalid gateway.

I have also tried to add a static route for the eth0 gateway:

    static {
        route {
            interface eth0 {

but that does not fix the issue.

The only solution I have found, is to add the onlink option to the


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

@giuavo I didn't test "default route", only regular routes for some prefixes, and it worked.
Could you create a PR?

@Viacheslav My addition of the onlink option is really brute-force, applied blindly to everything just to see if that was a solution and give you more information. I do not think my "fix" is really ready for a PR.

I would like to contribute with a PR about this. At the same, time I would need some guidance on identifying the conditions requiring the onlink option to be added.

I was wondering whether the onlink option should just be added anytime the next_hop/gateway is not in the same sub-net as the IP of the defined interface. The corresponding code would look like:

#!/usr/bin/env python3

import json

from vyos.util import rc_cmd
from ipaddress import ip_network, ip_address

def is_in_subnet(gateway, interface):
    """Check if the gateway is in the same subnet of the interface IP"""
        rc, data = rc_cmd(f'ip -4 -detail --json address show dev {interface}')
        if rc == 0:
            d = json.loads(data)
            if len(d) > 0:
                for entry in d:
                    addrInfo = entry.get('addr_info')
                    for ip in addrInfo:
                        addr = ip.get('local')
                        prefix = ip.get('prefixlen')
                        net = ip_network(f'{addr}/{prefix}')
                        if ip_address(gateway) in net:
                            return True
    except Exception as ex:

    return False

If the sub-net matches, then there is no need of the onlink option. Would that condition be enough?