advertise-passive-only ,when it's configured Advertise LSPs but not Installing Routes , so , it breaks the communication and route advertisement on ISIS .
Version
FRRouting 9.1
How to reproduce
vyos-isis-01
Current configuration:
!
frr version 9.1
frr defaults traditional
hostname isis-01
log file /etc/log/frr.log
log syslog
log facility local7
service integrated-vtysh-config
!
debug isis adj-packets
debug isis spf-events
debug isis update-packets
debug isis route-events
debug isis events
!
ip route 0.0.0.0/0 172.16.50.1 eth0 tag 210 210
!
interface eth2
ip router isis VyOS
ipv6 router isis VyOS
isis circuit-type level-2-only
isis metric 9001
isis network point-to-point
exit
!
interface eth1
ip router isis VyOS
ipv6 router isis VyOS
isis circuit-type level-2-only
isis metric 9001
isis network point-to-point
exit
!
interface dum0
ip router isis VyOS
ipv6 router isis VyOS
isis passive
exit
!
interface dum10
ip router isis VyOS
ipv6 router isis VyOS
isis passive
exit
!
router isis VyOS
is-type level-2-only
net 49.0001.0bad.cafe.0001.00
advertise-passive-only
log-adjacency-changes
exit
interfaces 👍
vyos@isis-01:~$ ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 fe80::200:ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 50:00:00:01:00:01 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
inet 172.16.120.1/24 brd 172.16.120.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 2001:db8:3::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5200:ff:fe01:1/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 50:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff
altname enp0s4
altname ens4
inet 192.0.2.5/30 brd 192.0.2.7 scope global eth2
valid_lft forever preferred_lft forever
inet6 2001:db8:4::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5200:ff:fe01:2/64 scope link
valid_lft forever preferred_lft forever
7: dum10: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 2e:17:2e:81:d7:de brd ff:ff:ff:ff:ff:ff
inet 10.0.1.11/24 brd 10.0.1.255 scope global dum10
valid_lft forever preferred_lft forever
inet6 fe80::2c17:2eff:fe81:d7de/64 scope link
valid_lft forever preferred_lft forever
8: dum0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether f2:8f:62:dc:ac:f6 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:1:1::1/64 scope global
vyos-r2:
Current configuration:
!
frr version 9.1
frr defaults traditional
hostname isis-02
log syslog
log facility local7
service integrated-vtysh-config
!
interface eth1
ip router isis VyOS
ipv6 router isis VyOS
isis circuit-type level-2-only
isis network point-to-point
exit
!
interface dum0
ip router isis VyOS
ipv6 router isis VyOS
isis passive
exit
!
interface dum10
ip router isis VyOS
ipv6 router isis VyOS
isis passive
exit
!
router isis VyOS
is-type level-2-only
net 49.0001.0bad.cafe.0002.00
exit
!
Expected behavior
when we don't configure isis passive-only , it works as expected :
isis-01# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
S>* 0.0.0.0/0 [210/0] via 172.16.50.1, eth0, weight 1, 01:01:26
C>* 10.0.1.0/24 is directly connected, dum10, 01:01:31
I>* 10.0.2.0/24 [115/9011] via 172.16.120.2, eth1, weight 1, 00:00:06
C>* 172.16.50.0/24 is directly connected, eth0, 01:01:26
C>* 172.16.100.0/24 is directly connected, eth3, 01:01:30
I 172.16.120.0/24 [115/9011] via 172.16.120.2, eth1 inactive, weight 1, 00:00:06
C>* 172.16.120.0/24 is directly connected, eth1, 01:01:29
C>* 192.0.2.4/30 is directly connected, eth2, 01:01:29
isis-01# show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 2001:db8:1:1::/64 is directly connected, dum0, 01:01:37
I>* 2001:db8:2:2::/64 [115/9011] via fe80::5200:ff:fe02:1, eth1, weight 1, 00:00:12
C>* 2001:db8:3::/64 is directly connected, eth1, 01:01:33
C>* 2001:db8:4::/64 is directly connected, eth2, 01:01:33
C * fe80::/64 is directly connected, eth0, 01:01:32
C * fe80::/64 is directly connected, eth2, 01:01:33
C * fe80::/64 is directly connected, eth1, 01:01:34
C * fe80::/64 is directly connected, eth3, 01:01:34
C>* fe80::/64 is directly connected, lo, 01:01:36
C * fe80::/64 is directly connected, dum0, 01:01:37
C * fe80::/64 is directly connected, dum10, 01:01:37
isis-01#
Actual behavior
when the isis passive-only is configured:
isis-01# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
S>* 0.0.0.0/0 [210/0] via 172.16.50.1, eth0, weight 1, 00:32:00
C>* 10.0.1.0/24 is directly connected, dum10, 00:32:05
C>* 172.16.50.0/24 is directly connected, eth0, 00:32:00
C>* 172.16.100.0/24 is directly connected, eth3, 00:32:04
C>* 172.16.120.0/24 is directly connected, eth1, 00:32:03
C>* 192.0.2.4/30 is directly connected, eth2, 00:32:03
isis-01# show ipv6
% Command incomplete: show ipv6
isis-01# show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
C>* 2001:db8:1:1::/64 is directly connected, dum0, 00:32:12
C>* 2001:db8:3::/64 is directly connected, eth1, 00:32:08
C>* 2001:db8:4::/64 is directly connected, eth2, 00:32:08
C * fe80::/64 is directly connected, eth0, 00:32:07
C * fe80::/64 is directly connected, eth2, 00:32:08
C * fe80::/64 is directly connected, eth1, 00:32:09
C * fe80::/64 is directly connected, eth3, 00:32:09
C>* fe80::/64 is directly connected, lo, 00:32:11
C * fe80::/64 is directly connected, dum0, 00:32:12
C * fe80::/64 is directly connected, dum10, 00:32:12
Additional context
we can see in the devices that is getting the LSP from isis neighbor , although , it can't install it in the RIB:
IS-IS Level-2 link-state database:
LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OL
isis-01.00-00 * 91 0x00000014 0x12fb 1155 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: isis-01
TE Router ID: 192.0.2.5
Router Capability: 192.0.2.5 , D:0, S:0
IPv4 Interface Address: 192.0.2.5
Extended IP Reachability: 10.0.1.0/24 (Metric: 10)
IPv6 Reachability: 2001:db8:1:1::/64 (Metric: 10)
isis-02.00-00 126 0x0000000b 0x6211 880 0/0/0
Protocols Supported: IPv4, IPv6
Area Address: 49.0001
Hostname: isis-02
TE Router ID: 172.16.120.2
Router Capability: 172.16.120.2 , D:0, S:0
Extended Reachability: 0bad.cafe.0001.00 (Metric: 10)
IPv4 Interface Address: 172.16.120.2
Extended IP Reachability: 10.0.2.0/24 (Metric: 10)
Extended IP Reachability: 172.16.120.0/24 (Metric: 10)
IPv6 Reachability: 2001:db8:2:2::/64 (Metric: 10)
IPv6 Reachability: 2001:db8:3::/64 (Metric: 10)
2 LSPs
isis-01# show isis topology
<cr>
algorithm Show Flex-algo routes
level-1 Paths to all level-1 routers in the area
level-2 Paths to all level-2 routers in the domain
isis-01# show isis topology
Area VyOS:
IS-IS paths to level-2 routers that speak IP
Vertex Type Metric Next-Hop Interface Parent
isis-01
10.0.1.0/24 IP internal 0 isis-01(4)
IS-IS paths to level-2 routers that speak IPv6
Vertex Type Metric Next-Hop Interface Parent
isis-01
2001:db8:1:1::/64 IP6 internal 0 isis-01(4)
Checklist
[X] I have searched the open issues for this bug.
[X] I have not included sensitive information in this report.
@odd22 sorry for bother you , but maybe you have an idea what is going on . i don't know if this feature was tested before that is last commit : https://github.com/FRRouting/frr/issues/3521
Description
advertise-passive-only ,when it's configured Advertise LSPs but not Installing Routes , so , it breaks the communication and route advertisement on ISIS .
Version
How to reproduce
vyos-isis-01
vyos-r2:
Expected behavior
when we don't configure isis passive-only , it works as expected :
Actual behavior
when the isis passive-only is configured:
Additional context
we can see in the devices that is getting the LSP from isis neighbor , although , it can't install it in the RIB:
Checklist