My environment is nhrp and bgp. FRONTING cannot update the Linux kernel route()

gh0813 commented 1 year ago

My environment is nhrp and bgp. FRONTING cannot update the Linux kernel route. System: ubuntu22.04

frrouting：8.3

System kernel: Linux test 5.4.0-125 generic

Specific configuration of frr: R1:

root@test:~# cat /etc/frr/frr.conf
frr version 8.3.1
frr defaults traditional
hostname test
log syslog informational
nhrp nflog-group 1
service integrated-vtysh-config
!
ip route 0.0.0.0/0 10.3.3.1
!
interface dm_gre
 ip address 10.0.0.254/32
 ip nhrp network-id 1
 ip nhrp redirect
 ip nhrp registration no-unique
 ip nhrp shortcut
 tunnel source enp0s8
exit
!
interface enp0s8
 ip address 10.3.3.2/24
exit
!
router bgp 65000
 bgp router-id 10.0.0.254
 no bgp ebgp-requires-policy
 neighbor 10.0.0.1 remote-as 65001
 !
 address-family ipv4 unicast
  redistribute nhrp
 exit-address-family
exit
!

R2:

frr version 8.3.1
frr defaults traditional
hostname test
log syslog informational
service integrated-vtysh-config
!
ip route 0.0.0.0/0 10.1.1.1
!
interface dm_gre
 ip address 10.0.0.1/32
 ip nhrp network-id 1
 ip nhrp nhs dynamic nbma 10.3.3.2
 ip nhrp redirect
 ip nhrp registration no-unique
 no link-detect
 tunnel source enp0s8
exit
!
interface enp0s8
 ip address 10.1.1.2/24
exit
!
interface enp0s9
 ip address 10.4.4.1/24
exit
!
router bgp 65001
 bgp router-id 10.0.0.1
 no bgp ebgp-requires-policy
 neighbor 10.0.0.254 remote-as 65000
 !
 address-family ipv4 unicast
  redistribute connected
  redistribute nhrp
 exit-address-family
exit
!

R1 Linux kernel routing

root@test:~# ip route
default nhid 12 via 10.3.3.1 dev enp0s8 proto static metric 20
10.0.0.1 nhid 14 dev dm_gre proto nhrp metric 20
10.3.3.0/24 dev enp0s8 proto kernel scope link src 10.3.3.2
192.168.56.0/24 dev enp0s3 proto kernel scope link src 192.168.56.103
root@test:~#

R1 frr route

test# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [1/0] via 10.3.3.1, enp0s8, weight 1, 00:28:57
N>* 10.0.0.1/32 [10/0] is directly connected, dm_gre, weight 1, 00:28:44
B   10.0.0.254/32 [20/0] via 10.0.0.1 inactive, weight 1, 00:25:04
C>* 10.0.0.254/32 is directly connected, dm_gre, 00:28:57
B   10.1.1.0/24 [20/0] via 10.0.0.1 inactive, weight 1, 00:25:04
C>* 10.3.3.0/24 is directly connected, enp0s8, 00:28:57
B   10.4.4.0/24 [20/0] via 10.0.0.1 inactive, weight 1, 00:25:04
C>* 192.168.56.0/24 is directly connected, enp0s3, 00:28:57

Problem results This problem causes R1 to fail to ping 10.4.4.1 (one of R2 physical ports)

test# ping 10.4.4.1
PING 10.4.4.1 (10.4.4.1) 56(84) bytes of data.
From 10.3.3.1 icmp_seq=1 Destination Net Unreachable
From 10.3.3.1 icmp_seq=2 Destination Net Unreachable
From 10.3.3.1 icmp_seq=3 Destination Net Unreachable
From 10.3.3.1 icmp_seq=4 Destination Net Unreachable

There is no problem with nhrp tunnel addresses pinging each other

test# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=3.62 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=1.78 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=2.14 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=1.73 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=1.85 ms
64 bytes from 10.0.0.1: icmp_seq=6 ttl=64 time=1.37 ms
64 bytes from 10.0.0.1: icmp_seq=7 ttl=64 time=1.74 ms

Cause of the problem Because the Linux kernel has checked the validity of the next route, the next address must be written to an address of the same network segment that can be reached directly. As a result, the bgp address learned through frr cannot be correctly configured into the Linux kernel。 For example:

root@test:~# ip route add 10.4.4.0/24 via 10.0.0.1
Error: Nexthop has invalid gateway.
root@test:~#
To solve this problem, you need to add **onlink** at the end of the Linux command
root@test:~#
root@test:~# ip route add 10.4.4.0/24 via 10.0.0.1 dev dm_gre onlink
root@test:~#

Therefore, to solve this problem, we need to modify the command parameters when the bgp learning route is written to the Linux kernel in the frr code, but I will not develop the code. Whether the frr maintenance personnel can modify the code to solve this problem? This problem is very serious, which will lead to the failure of similar tunnels to update the linux kernel route

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 180 days with no activity. Comment or remove the autoclose label in order to avoid having this issue closed.

frrbot[bot] commented 1 year ago

This issue will be automatically closed in the specified period unless there is further activity.

nandini660 commented 1 week ago

is this issue still open ?

ton31337 commented 1 week ago

Someone needs to verify it. Could you?

nandini660 commented 1 week ago

Someone needs to verify it. Could you?

yes, @ton31337 i will try

FRRouting / frr

My environment is nhrp and bgp. FRONTING cannot update the Linux kernel route() #11975