Page MenuHomeVyOS Platform
Create Task
Maniphest T6151

BGP VRF route-leaking does not work when the next-hop is a recursive route
Closed, ResolvedPublic
Actions

Description

when we want to preform a route-leaking using bgp to import/export those routes , it doesn't work if we use as next-hop a recursive route to leak it with other table , however , it works if we use a peer directed connect ( FRR 9.1) , example :

vrf RED 

set interfaces dummy dum0 address '172.16.20.1/32'
set interfaces dummy dum0 vrf 'red' 
set interfaces ethernet eth3 address '172.16.30.10/24'
set interfaces ethernet eth3 description 'BGP-TEST'
set interfaces ethernet eth3 hw-id '50:00:00:01:00:03'
set interfaces ethernet eth3 mtu '8000'
set interfaces ethernet eth3 vrf 'red'
set vrf name red protocols bgp address-family ipv4-unicast export vpn
set vrf name red protocols bgp address-family ipv4-unicast import vpn
set vrf name red protocols bgp address-family ipv4-unicast rd vpn export '65000:2'
set vrf name red protocols bgp address-family ipv4-unicast redistribute connected
set vrf name red protocols bgp address-family ipv4-unicast redistribute static
set vrf name red protocols bgp address-family ipv4-unicast route-target vpn export '65000:2'
set vrf name red protocols bgp address-family ipv4-unicast route-target vpn import '65000:3'
set vrf name red protocols bgp neighbor 10.1.30.4 address-family ipv4-unicast nexthop-self force
set vrf name red protocols bgp neighbor 10.1.30.4 address-family ipv4-unicast soft-reconfiguration inbound
set vrf name red protocols bgp neighbor 10.1.30.4 disable-connected-check
set vrf name red protocols bgp neighbor 10.1.30.4 remote-as '65550'
set vrf name red protocols bgp neighbor 10.1.30.4 timers holdtime '30'
set vrf name red protocols bgp neighbor 10.1.30.4 timers keepalive '10'
set vrf name red protocols bgp neighbor 10.1.30.4 update-source 'dum0'
set vrf name red protocols bgp parameters log-neighbor-changes
set vrf name red protocols bgp parameters router-id '172.16.20.1'
set vrf name red protocols bgp system-as '65000'
set vrf name red protocols static route 10.1.30.4/32 next-hop 172.16.30.50
set vrf name red table '300'

vrf BLUE - leaking : 

set vrf name blue protocols bgp address-family ipv4-unicast export vpn
set vrf name blue protocols bgp address-family ipv4-unicast import vpn
set vrf name blue protocols bgp address-family ipv4-unicast rd vpn export '65000:3'
set vrf name blue protocols bgp address-family ipv4-unicast redistribute connected
set vrf name blue protocols bgp address-family ipv4-unicast route-target vpn export '65000:3'
set vrf name blue protocols bgp address-family ipv4-unicast route-target vpn import '65000:2'
set vrf name blue protocols bgp parameters router-id '172.16.20.1'
set vrf name blue protocols bgp system-as '65000'
set vrf name blue table '100'
set interfaces bridge br0 address '10.10.10.1/28'
set interfaces bridge br0 description 'test'
set interfaces bridge br0 member interface eth2
set interfaces bridge br0 vrf 'blue'

routing view :

vyos@vyos-hub-ipsec:~$ show ip route vrf red
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF red:

S>* 10.1.30.4/32 [1/0] via 172.16.30.50, eth3, weight 1, 02:37:26
B>* 10.10.10.0/28 [20/0] is directly connected, br0 (vrf blue), weight 1, 00:28:32
C>* 172.16.20.1/32 is directly connected, dum0, 03:28:33
C>* 172.16.30.0/24 is directly connected, eth3, 03:24:11
B>  192.168.100.0/24 [20/0] via 10.1.30.4 (recursive), weight 1, 00:26:41
  *                           via 172.16.30.50, eth3, weight 1, 00:26:41

vyos@vyos-hub-ipsec:~$ show ip route vrf blue
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF blue:

B>* 10.1.30.4/32 [20/0] via 172.16.30.50, eth3 (vrf red), weight 1, 00:29:31
C>* 10.10.10.0/28 is directly connected, br0, 02:19:02
B>* 172.16.20.1/32 [20/0] is directly connected, dum0 (vrf red), weight 1, 00:29:31
B>* 172.16.30.0/24 [20/0] is directly connected, eth3 (vrf red), weight 1, 00:29:31
B   192.168.100.0/24 [20/0] via 10.1.30.4 (vrf red) inactive, weight 1, 00:27:40

ping

# route-leaking direct connected : 
vyos@vyos-host:~$ ping 172.16.30.50  source-address 10.10.10.10
PING 172.16.30.50 (172.16.30.50) from 10.10.10.10 : 56(84) bytes of data.
64 bytes from 172.16.30.50: icmp_seq=1 ttl=63 time=1.49 ms
64 bytes from 172.16.30.50: icmp_seq=2 ttl=63 time=1.04 ms
^C
--- 172.16.30.50 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.044/1.266/1.488/0.222 ms


# route-leaking recursive route : 

vyos@vyos-host:~$ ping 192.168.100.10 source-address 10.10.10.10
PING 192.168.100.10 (192.168.100.10) from 10.10.10.10 : 56(84) bytes of data.
From 10.10.10.1 icmp_seq=1 Destination Net Unreachable
From 10.10.10.1 icmp_seq=2 Destination Net Unreachable
From 10.10.10.1 icmp_seq=3 Destination Net Unreachable
From 10.10.10.1 icmp_seq=4 Destination Net Unreachable
^C
--- 192.168.100.10 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3046m
`

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4.0-epa2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

fernando created this task.Mar 21 2024, 3:46 PM
fernando changed the task status from Open to Confirmed.
fernando created this object in space S1 VyOS Public.
pasik subscribed.Mar 21 2024, 3:56 PM
vnguyen2015 subscribed.Mar 22 2024, 2:08 AM
fernando claimed this task.Mar 29 2024, 12:57 PM
fernando added a comment.Mar 29 2024, 6:33 PM

PR:https://github.com/vyos/vyos-1x/pull/3212

fernando added a comment.Apr 2 2024, 12:36 PM

this new command was merge in order to solved this problem :

vyos@vrf-test:~$ show configuration commands | match disable
set protocols bgp parameters disable-ebgp-connected-route-check
fernando closed this task as Resolved.Apr 2 2024, 12:37 PM
dmbaturin renamed this task from BGP VRF - Route-leaking not work when the next-hop is a recursive route. to BGP VRF route-leaking does not work when the next-hop is a recursive route.May 11 2024, 5:31 PM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin changed Issue type from Unspecified (please specify) to Bug (incorrect behavior).
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.5 Circinus, VyOS 1.4 Sagitta.