search

FRRouting / frr

The FRRouting Protocol Suite
https://frrouting.org/
Other
3.12k stars 1.2k forks source link

IS-IS - advertise-passive-only , not install passive route when it is configured : #16325

Open fett0 opened 6 days ago

fett0 commented 6 days ago

Description

advertise-passive-only ,when it's configured Advertise LSPs but not Installing Routes , so , it breaks the communication and route advertisement on ISIS .

Version

FRRouting 9.1

How to reproduce

vyos-isis-01 

Current configuration:
!
frr version 9.1
frr defaults traditional
hostname isis-01
log file /etc/log/frr.log
log syslog
log facility local7
service integrated-vtysh-config
!
debug isis adj-packets
debug isis spf-events
debug isis update-packets
debug isis route-events
debug isis events
!
ip route 0.0.0.0/0 172.16.50.1 eth0 tag 210 210
!
interface eth2
 ip router isis VyOS
 ipv6 router isis VyOS
 isis circuit-type level-2-only
 isis metric 9001
 isis network point-to-point
exit
!
interface eth1
 ip router isis VyOS
 ipv6 router isis VyOS
 isis circuit-type level-2-only
 isis metric 9001
 isis network point-to-point
exit
!
interface dum0
 ip router isis VyOS
 ipv6 router isis VyOS
 isis passive
exit
!
interface dum10
 ip router isis VyOS
 ipv6 router isis VyOS
 isis passive
exit
!
router isis VyOS
 is-type level-2-only
 net 49.0001.0bad.cafe.0001.00
 advertise-passive-only
 log-adjacency-changes
exit

interfaces 👍 

vyos@isis-01:~$ ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 fe80::200:ff:fe00:0/64 scope link
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 50:00:00:01:00:01 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet 172.16.120.1/24 brd 172.16.120.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 2001:db8:3::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5200:ff:fe01:1/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 50:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    altname ens4
    inet 192.0.2.5/30 brd 192.0.2.7 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 2001:db8:4::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5200:ff:fe01:2/64 scope link
       valid_lft forever preferred_lft forever

7: dum10: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 2e:17:2e:81:d7:de brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.11/24 brd 10.0.1.255 scope global dum10
       valid_lft forever preferred_lft forever
    inet6 fe80::2c17:2eff:fe81:d7de/64 scope link
       valid_lft forever preferred_lft forever
8: dum0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether f2:8f:62:dc:ac:f6 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:1:1::1/64 scope global

vyos-r2:

Current configuration:
!
frr version 9.1
frr defaults traditional
hostname isis-02
log syslog
log facility local7
service integrated-vtysh-config
!
interface eth1
 ip router isis VyOS
 ipv6 router isis VyOS
 isis circuit-type level-2-only
 isis network point-to-point
exit
!
interface dum0
 ip router isis VyOS
 ipv6 router isis VyOS
 isis passive
exit
!
interface dum10
 ip router isis VyOS
 ipv6 router isis VyOS
 isis passive
exit
!
router isis VyOS
 is-type level-2-only
 net 49.0001.0bad.cafe.0002.00
exit
!

Expected behavior

when we don't configure isis passive-only , it works as expected : 

isis-01# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [210/0] via 172.16.50.1, eth0, weight 1, 01:01:26
C>* 10.0.1.0/24 is directly connected, dum10, 01:01:31
I>* 10.0.2.0/24 [115/9011] via 172.16.120.2, eth1, weight 1, 00:00:06
C>* 172.16.50.0/24 is directly connected, eth0, 01:01:26
C>* 172.16.100.0/24 is directly connected, eth3, 01:01:30
I   172.16.120.0/24 [115/9011] via 172.16.120.2, eth1 inactive, weight 1, 00:00:06
C>* 172.16.120.0/24 is directly connected, eth1, 01:01:29
C>* 192.0.2.4/30 is directly connected, eth2, 01:01:29
isis-01# show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

C>* 2001:db8:1:1::/64 is directly connected, dum0, 01:01:37
I>* 2001:db8:2:2::/64 [115/9011] via fe80::5200:ff:fe02:1, eth1, weight 1, 00:00:12
C>* 2001:db8:3::/64 is directly connected, eth1, 01:01:33
C>* 2001:db8:4::/64 is directly connected, eth2, 01:01:33
C * fe80::/64 is directly connected, eth0, 01:01:32
C * fe80::/64 is directly connected, eth2, 01:01:33
C * fe80::/64 is directly connected, eth1, 01:01:34
C * fe80::/64 is directly connected, eth3, 01:01:34
C>* fe80::/64 is directly connected, lo, 01:01:36
C * fe80::/64 is directly connected, dum0, 01:01:37
C * fe80::/64 is directly connected, dum10, 01:01:37
isis-01#

Actual behavior

when the isis passive-only is configured: 


isis-01# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

S>* 0.0.0.0/0 [210/0] via 172.16.50.1, eth0, weight 1, 00:32:00
C>* 10.0.1.0/24 is directly connected, dum10, 00:32:05
C>* 172.16.50.0/24 is directly connected, eth0, 00:32:00
C>* 172.16.100.0/24 is directly connected, eth3, 00:32:04
C>* 172.16.120.0/24 is directly connected, eth1, 00:32:03
C>* 192.0.2.4/30 is directly connected, eth2, 00:32:03
isis-01# show ipv6
% Command incomplete: show ipv6
isis-01# show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

C>* 2001:db8:1:1::/64 is directly connected, dum0, 00:32:12
C>* 2001:db8:3::/64 is directly connected, eth1, 00:32:08
C>* 2001:db8:4::/64 is directly connected, eth2, 00:32:08
C * fe80::/64 is directly connected, eth0, 00:32:07
C * fe80::/64 is directly connected, eth2, 00:32:08
C * fe80::/64 is directly connected, eth1, 00:32:09
C * fe80::/64 is directly connected, eth3, 00:32:09
C>* fe80::/64 is directly connected, lo, 00:32:11
C * fe80::/64 is directly connected, dum0, 00:32:12
C * fe80::/64 is directly connected, dum10, 00:32:12

Additional context

we can see in the devices that is getting the LSP from isis neighbor , although , it can't install it in the RIB: 

IS-IS Level-2 link-state database:
LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL
isis-01.00-00        *     91   0x00000014  0x12fb    1155    0/0/0
  Protocols Supported: IPv4, IPv6
  Area Address: 49.0001
  Hostname: isis-01
  TE Router ID: 192.0.2.5
  Router Capability: 192.0.2.5 , D:0, S:0
  IPv4 Interface Address: 192.0.2.5
  Extended IP Reachability: 10.0.1.0/24 (Metric: 10)
  IPv6 Reachability: 2001:db8:1:1::/64 (Metric: 10)

isis-02.00-00             126   0x0000000b  0x6211     880    0/0/0
  Protocols Supported: IPv4, IPv6
  Area Address: 49.0001
  Hostname: isis-02
  TE Router ID: 172.16.120.2
  Router Capability: 172.16.120.2 , D:0, S:0
  Extended Reachability: 0bad.cafe.0001.00 (Metric: 10)
  IPv4 Interface Address: 172.16.120.2
  Extended IP Reachability: 10.0.2.0/24 (Metric: 10)
  Extended IP Reachability: 172.16.120.0/24 (Metric: 10)
  IPv6 Reachability: 2001:db8:2:2::/64 (Metric: 10)
  IPv6 Reachability: 2001:db8:3::/64 (Metric: 10)

    2 LSPs

isis-01# show isis topology
  <cr>
  algorithm  Show Flex-algo routes
  level-1    Paths to all level-1 routers in the area
  level-2    Paths to all level-2 routers in the domain
isis-01# show isis topology
Area VyOS:
IS-IS paths to level-2 routers that speak IP
Vertex               Type         Metric Next-Hop             Interface Parent
isis-01
10.0.1.0/24          IP internal  0                                     isis-01(4)

IS-IS paths to level-2 routers that speak IPv6
Vertex               Type         Metric Next-Hop             Interface Parent
isis-01
2001:db8:1:1::/64    IP6 internal 0                                     isis-01(4)

Checklist

fett0 commented 2 days ago

@odd22 sorry for bother you , but maybe you have an idea what is going on . i don't know if this feature was tested before that is last commit : https://github.com/FRRouting/frr/issues/3521