Page MenuHomeVyOS Platform
Create Task
Maniphest T7955

Routing problem with vrf
Open, NormalPublicBUG
Actions

Description

Hi,

I have configured a vrf for management:

show configuration commands  |grep -i vrf
set interfaces ethernet eth0 vrf 'OOBM'
set service ntp vrf 'OOBM'
set service snmp vrf 'OOBM'
set service ssh vrf 'OOBM'
set vrf name OOBM protocols static route6 ::/0 next-hop 2a01:9820:5::10 interface 'eth0'
set vrf name OOBM table '100'

But it looks like that the vrf is not using the right routes:

vyos@dus1-vyos-r02:/opt$ force vrf OOBM 
vyos@dus1-vyos-r02:OOBM:~$ ip ro get  2a01:9820:2::10
2a01:9820:2::10 from :: via fe80::ae16:2dff:fe8d:ed23 dev bond0.3999 proto bgp src 2a01:9820:0:7::2 metric 20 pref medium
vyos@dus1-vyos-r02:OOBM:~$

Same for example the ssh service If I try to connect the incomming paket comes in via eth0 but the answers goes out via bond0.3999
The configured table 100 looks good:

vyos@dus1-vyos-r02:/opt$ ip -6 ro list table 100
local ::1 dev OOBM proto kernel metric 0 pref medium
::1 dev OOBM proto kernel metric 256 pref medium
anycast 2a01:9820:5:: dev eth0 proto kernel metric 0 pref medium
local 2a01:9820:5::2:13 dev eth0 proto kernel metric 0 pref medium
2a01:9820:5::/64 dev eth0 proto kernel metric 256 pref medium
anycast fe80:: dev eth0 proto kernel metric 0 pref medium
local fe80::1602:ecff:fe04:cf80 dev eth0 proto kernel metric 0 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
multicast ff00::/8 dev eth0 proto kernel metric 256 pref medium
default nhid 54 via 2a01:9820:5::10 dev eth0 proto static metric 20 pref medium
vyos@dus1-vyos-r02:/opt$

Details

Version
1.4.3
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

rherold created this task.Oct 24 2025, 9:51 PM
rherold added a comment.Oct 24 2025, 10:27 PM

I did some deeper debuging:

vyos@dus1-vyos-r02:/opt$ ip vrf pids OOBM
 9422  sshd
 9361  snmpd
 9300  chronyd
 9301  chronyd
vyos@dus1-vyos-r02:/opt$
vyos@dus1-vyos-r02:/opt$  ip -6 route get 2a01:9820:2::1 dev OOBM
2a01:9820:2::1 from :: via 2a01:9820:5::10 dev eth0 table OOBM proto static src 2a01:9820:5::2:13 metric 20 pref medium
vyos@dus1-vyos-r02:/opt$

But I f I try to connect to ssh the connection comes in via eth0 and the sshd answer the tcp session via bond0.3999

pasik subscribed.Oct 25 2025, 12:13 PM
c-po claimed this task.Oct 29 2025, 12:06 PM
c-po triaged this task as Normal priority.
c-po added a comment.EditedNov 1 2025, 8:40 AM

Please share the full configuration. bond0 is not listed in the example above.

When and how tit you run force vrf OOBM?

  • Was it called directly after applying the VRF configuration?
  • Did you open a new SSH session after eth0 and sshd got moved into the VRF?
  • Did you use the existing SSH session to force vrf OOBM after assigning sshd to the VRF?

Depending on the answer I can dig deeper - if it's the last option - the current SSH session keeps on running in the VRF it was started in until you log out - this is how the SSH systemd sessions are currently spawn.

Right now I am unable to reproduce the issue with the given config snippet.