Page MenuHomeVyOS Platform
Create Task
Maniphest T5967

Multi-hop BFD connections can't be established; please add minimum-ttl option.
Closed, ResolvedPublicBUG
Actions

Description

Executive summary: VyOS drops multi-hop connections with a TTL <254. As such, hardly any connections can be made:

  1. The recommended TTL by IETF is 64 and is followed by most systems (incl Linux)
  2. A multi-hop connection will almost always have more than just one hop. So even if TTL is set to 255 on the target system (e.g., via sysctl -w net.ipv4.ip_default_ttl="255"), it will often be less than 254.

This seems to be a bug of the FRR version included in VyOS: According to the manual, any connection configured as "multihop" should have no restrictions on TTL, but such a restriction is clearly enforced, even for multihop systems.

Please expose minimum-ttl option from FRR.

I recommend giving it a low default value (ideally minimum-ttl=0) or at least documenting it very well. In the latter case, minimum-ttl could be a mandatory option so a user is forced to set the value correctly.

This bug report is based on the forum thread here:
https://forum.vyos.io/t/vyos-wont-establish-bfd-connection-to-bird/13375/10

Details

Difficulty level
Normal (likely a few hours)
Version
1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.6

Event Timeline

exp created this task.Jan 22 2024, 6:05 AM
pasik added a subscriber: pasik.Jan 22 2024, 8:22 AM
Viacheslav added a subscriber: Viacheslav.Jan 22 2024, 11:01 AM

@exp Add "set" of the commands to reproduce.

Viacheslav triaged this task as Normal priority.Jan 22 2024, 12:00 PM
exp added a comment.Jan 23 2024, 7:06 AM

Reproduce:

1.)

set dummy dum0 address '172.20.215.131/32'
comment dummy dum0 'Dummy interface for BFD traffic'
set peer 172.20.215.130 multihop
set peer 172.20.215.130 profile 'bgp'
set peer 172.20.215.130 source address '172.20.215.131'
set profile bgp interval echo-interval '500'
set profile bgp interval multiplier '10'
set profile bgp interval receive '100'
set profile bgp interval transmit '100'

2.) Set up another machine having 172.20.215.130 as source address as peer. Make sure there are a few hops in between (but actually, can simulate by setting system TTL to, say 60).

3.) 172.20.215.130 will stay in INIT state, 172.20.215.131 (VyOS) will stay in DOWN state

c-po claimed this task.Jan 23 2024, 10:40 AM
c-po added a comment.Jan 23 2024, 11:55 AM

https://github.com/vyos/vyos-1x/pull/2884

c-po changed the task status from Open to In progress.Jan 23 2024, 11:55 AM
c-po added a project: VyOS 1.5 Circinus.
c-po closed this task as Resolved.Jan 23 2024, 11:58 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
rherold added a subscriber: rherold.Jan 30 2024, 4:24 PM

Can this be backported to 1.3 cause I run into the problem today on 1.3.5

c-po reopened this task as Backport pending.Jan 30 2024, 8:09 PM
c-po added a project: VyOS 1.3 Equuleus (1.3.6).
c-po added a comment.Feb 1 2024, 4:12 PM

PR for 1.3 https://github.com/vyos/vyos-1x/pull/2920

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.6) board.Feb 1 2024, 4:12 PM
c-po closed this task as Resolved.Feb 1 2024, 9:08 PM
dmbaturin mentioned this in 1.3.6.Feb 3 2024, 1:59 AM
rherold added a comment.Feb 6 2024, 9:50 PM

thx for the backport @c-po runs fine on 1.3 rolling.