search

FRRouting / frr

The FRRouting Protocol Suite
https://frrouting.org/
Other
3.27k stars 1.24k forks source link

[BGPd] Routes don't get cleared #16391

Open modzilla99 opened 2 months ago

modzilla99 commented 2 months ago

Description

When a route gets removed some routes will still be advertised by bgpd. We have a route-map consisting of two prefix-lists and only the first gets cleared correctly.

Version

net-router2# show version
FRRouting 9.1.1 (net-router2) on Linux(6.8.0-38-generic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--enable-pim6d' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

### How to reproduce

We use keepalived to switch over routes on failover, when a failover occurs the routes within the second prefix-list (`wg_routes`) get stuck. Only a restart of frr will clear the route. This is our FRR config:

frr version 9.1.1 frr defaults datacenter hostname net-routing-hw2 log syslog informational service integrated-vtysh-config ! interface enp1s0f0np0 ipv6 nd ra-interval 10 no ipv6 nd suppress-ra exit ! interface enp1s0f1np1 ipv6 nd ra-interval 10 no ipv6 nd suppress-ra exit ! router bgp 65309 bgp router-id 10.77.2.109 no bgp default ipv4-unicast bgp bestpath as-path multipath-relax neighbor fabric peer-group neighbor fabric remote-as external neighbor fabric capability extended-nexthop neighbor enp1s0f0np0 interface peer-group fabric neighbor enp1s0f0np0 description net-sw-leaf9 neighbor enp1s0f1np1 interface peer-group fabric neighbor enp1s0f1np1 description net-sw-leaf10 ! address-family ipv4 unicast network 10.77.2.109/32 redistribute kernel route-map advertise redistribute connected route-map advertise neighbor fabric activate neighbor fabric filter-list HOST_ORIGINATED_ROUTES out exit-address-family ! address-family l2vpn evpn neighbor fabric activate advertise-all-vni advertise-svi-ip advertise ipv4 unicast exit-address-family exit ! ip prefix-list DEFAULT_FILTER seq 10 permit 0.0.0.0/0 ip prefix-list local_addresses seq 30 permit 10.77.2.109/32 ip prefix-list local_addresses seq 40 permit 10.77.2.110/32 ip prefix-list evpn_routes seq 10 permit 10.69.1.0/24 ip prefix-list evpn_routes seq 20 permit 10.69.0.0/24 ip prefix-list wg_routes seq 10 permit 10.6.5.0/24 ! bgp as-path access-list HOST_ORIGINATED_ROUTES seq 5 permit ^$ ! route-map advertise permit 10 match ip address prefix-list local_addresses exit ! route-map advertise permit 20 match ip address prefix-list evpn_routes exit ! route-map advertise permit 30 match ip address prefix-list wg_routes exit ! end



### Expected behavior

We expect all routes to be cleared instantly by frr.

### Actual behavior

Even when the route `10.6.5.0/24` is no longer in the kernel routing table, it will still get advertised.

### Additional context

_No response_

### Checklist

- [X] I have searched the open issues for this bug.
- [X] I have not included sensitive information in this report.
ton31337 commented 2 months ago

We need much more details: