We had an issue where a user configured a larger index base than the label base of segment routing was configured to accept. This caused FRR to fail. Therefore I am putting in a new handler to the protocols_isis.py and protocols_ospf.py to make sure that one cannot configure an index base larger than the segment routing global base.
Description
Description
Details
Details
- Version
- 1.5
- Is it a breaking change?
- Perfectly compatible
Related Objects
Related Objects
- Mentioned In
- rVYOSONEX9bfc538e7af5: Merge pull request #2782 from vyos/mergify/bp/sagitta/pr-2780
rVYOSONEX4c35c1a4c818: T5916: Added segment routing check for index base size and SRGB base size
rVYOSONEX65ad6728da9c: T5916: Added segment routing check for index base size and SRGB base size
rVYOSONEXcfb5b052c84f: T5916: Added segment routing check for index base size and SRGB base size
rVYOSONEX8523cfbc1e9f: Merge pull request #2780 from Cheeze-It/current
Event Timeline
Comment Actions
Good news for the backport into Sagitta, it works :)
The config:
vyos@vyos:~$ show configuration commands set interfaces ethernet eth0 address '10.0.0.80/27' set interfaces ethernet eth1 set interfaces loopback lo set policy prefix-list testing rule 1 action 'permit' set policy prefix-list testing rule 1 prefix '192.168.255.255/32' set protocols isis interface lo set protocols isis net '49.0001.1921.6825.5000.00' set protocols isis segment-routing global-block high-label-value '600' set protocols isis segment-routing global-block low-label-value '500' set protocols isis segment-routing prefix 192.168.255.0/32 index value '50' set protocols ospf interface lo area '0' set protocols ospf segment-routing global-block high-label-value '600' set protocols ospf segment-routing global-block low-label-value '500' set protocols ospf segment-routing prefix 192.168.255.0/32 index value '50' set protocols static route 0.0.0.0/0 next-hop 10.0.0.65 set service ntp allow-client address '0.0.0.0/0' set service ntp allow-client address '::/0' set service ntp server time1.vyos.net set service ntp server time2.vyos.net set service ntp server time3.vyos.net set service ssh set system config-management commit-revisions '100' set system conntrack modules ftp set system conntrack modules h323 set system conntrack modules nfs set system conntrack modules pptp set system conntrack modules sip set system conntrack modules sqlnet set system conntrack modules tftp set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$kzAQycZDwPiiACZ/$ludE278vMKxNZfDHhsoBDMTICEx10SfAvdH4bJWeuXoZlPhVJ50QsnoZ83gGDv9hoLz.ARGvW5wNLx1moWy100' set system login user vyos authentication plaintext-password '' set system syslog global facility all level 'info' set system syslog global facility local7 level 'debug' set vrf
The changes to make the label base smaller:
vyos@vyos:~$ configure [edit] vyos@vyos# set protocols isis segment-routing global-block high-label-value '525' [edit] vyos@vyos# set protocols ospf segment-routing global-block high-label-value '525' [edit] vyos@vyos# commit Segment routing prefix 192.168.255.0/32 cannot have an index base size larger than the SRGB label base. [[protocols isis]] failed Segment routing prefix 192.168.255.0/32 cannot have an index base size larger than the SRGB label base. [[protocols ospf]] failed Commit failed [edit] vyos@vyos# exit Cannot exit: configuration modified. Use 'exit discard' to discard the changes and exit. [edit] vyos@vyos# exit Cannot exit: configuration modified. Use 'exit discard' to discard the changes and exit. [edit] vyos@vyos# exit discard exit
The version:
vyos@vyos:~$ show version Version: VyOS 999.202401110119 Release train: sagitta Built by: root@ Built on: Thu 11 Jan 2024 01:19 UTC Build UUID: b0363344-015a-4e4a-a847-12f2acb76be5 Build commit ID: Architecture: x86_64 Boot via: installed image System type: KVM guest Hardware vendor: QEMU Hardware model: Standard PC (i440FX + PIIX, 1996) Hardware S/N: Hardware UUID: a0292f9d-4658-4630-ae50-409cdec4eb8c Copyright: VyOS maintainers and contributors
Great to see :)