DMVPN Network. IPv6 over IPv4.
Records that NHRP added to Neighbor binding in Linux after 30 seconds change their status from REACHABLE to STALE then DELAY, PROBE, and finally FAILED.
It drops traffic through the tunnel.
Version
OS version:
root@debianFRR:/home/netadmin# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm
root@debianFRR:/home/netadmin# uname -a
Linux debianFRR 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux
FRR version:
debianFRR# show ver
FRRouting 10.1-dev (debianFRR) on Linux(6.1.0-18-amd64).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
'--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--sbindir=/usr/lib/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--enable-scripting' '--enable-pim6d' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'
How to reproduce
Network:
Cisco HUB - FRR Spoke in one network.
Cisco HUB Configuration:
interface Tunnel100
no ip redirects
ipv6 mtu 1400
ipv6 address 2001:DB8::1/64
ipv6 nhrp map multicast dynamic
ipv6 nhrp network-id 1
ipv6 nhrp holdtime 60
ipv6 nhrp redirect
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 42
!
interface GigabitEthernet0/0
ip address 192.168.100.100 255.255.255.0
duplex auto
speed auto
media-type rj45
FRR Spoke Configuration
Adding tunnel interface
ip tunnel add gre1 mode gre key 42 ttl 64 dev ens36
sysctl -w net.ipv6.conf.gre1.addr_gen_mode=1
ip link set mtu 1400 dev gre1
ip addr add 2001:db8::27/128 dev gre1
ip link set gre1 up
debianFRR# show ipv6 nhrp
Iface Type Protocol NBMA Claimed NBMA Flags Identity
gre1 local 2001:db8::27 192.168.100.127 192.168.100.127 -
gre1 nhs 2001:db8::1 192.168.100.100 192.168.100.100 T
debianFRR# show ipv6 route
Codes: K - kernel route, C - connected, L - local, S - static,
R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric, t - Table-Direct,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
S>* 2001:db8::/64 [200/0] via 2001:db8::1, gre1 onlink, weight 1, 00:28:14
N>* 2001:db8::1/128 [10/0] is directly connected, gre1, weight 1, 00:28:14
L * 2001:db8::27/128 is directly connected, gre1, 00:28:15
C>* 2001:db8::27/128 is directly connected, gre1, 00:28:15
C * fe80::/64 is directly connected, ens36, 00:28:15
C>* fe80::/64 is directly connected, ens33, 00:28:15
But after some time - up to 30 sec IPv6 neighbor status goes from REACHABLE to STALE.
root@debianFRR:/home/netadmin# ip -6 neigh
2001:db8::1 dev gre1 lladdr 192.168.100.100 STALE proto nhrp
And then if you ping from HUB to SPOKE
Router#ping 2001:DB8::27
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Router#
Neighbor status goes to DELAY then to PROBE and finally to FAILED
root@debianFRR:/home/netadmin# ip -6 neigh
2001:db8::1 dev gre1 FAILED proto nhrp
Now HUB can not ping SPOKE
Router#ping 2001:DB8::27
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::27, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Description
DMVPN Network. IPv6 over IPv4. Records that NHRP added to Neighbor binding in Linux after 30 seconds change their status from REACHABLE to STALE then DELAY, PROBE, and finally FAILED. It drops traffic through the tunnel.
Version
How to reproduce
Network: Cisco HUB - FRR Spoke in one network. Cisco HUB Configuration:
FRR Spoke Configuration Adding tunnel interface
FRR config
NHRP works.
But after some time - up to 30 sec IPv6 neighbor status goes from REACHABLE to STALE.
And then if you ping from HUB to SPOKE
Neighbor status goes to DELAY then to PROBE and finally to FAILED
Now HUB can not ping SPOKE
Debuggin debug nhrp all
Expected behavior
As I saw in IPv4 over IPv4 DMVPN in FRR, ip neigh command shows STALE status after REACHABLE then DELAY but then it shows REACHABLE again.
Actual behavior
Actual behavior was described with debug logs in the "How to reproduce" section.
Additional context
No response
Checklist