Closed mbaldessari closed 3 years ago
The config you provided cleanly applies when using FRR 8.0.
Also, the log you provided doesn't correspond to the config – in the log you try to configure prefix-list with name [name='only-default-host-prefixes']
and I don't see this name in the config.
Please, update the issue with the real config that doesn't work and I'll check it out.
Argh! I'm on crack, sorry about that. This is the config that we were using on some nodes and that was accepted by frr 7.5:
hostname leaf-1-1
log file /var/log/frr/frr.log
service integrated-vtysh-config
line vty
frr version 7.0
debug bfd peer
debug bfd network
debug bfd zebra
debug bgp graceful-restart
debug bgp neighbor-events
debug bgp updates
debug bgp update-groups
router bgp 64999
bgp log-neighbor-changes
bgp graceful-shutdown
neighbor downlink peer-group
neighbor downlink remote-as internal
neighbor downlink bfd
! neighbor downlink capability extended-nexthop
neighbor eth3 interface peer-group downlink
neighbor eth4 interface peer-group downlink
neighbor eth5 interface peer-group downlink
neighbor eth6 interface peer-group downlink
neighbor uplink peer-group
neighbor uplink remote-as external
neighbor uplink bfd
! neighbor uplink capability extended-nexthop
neighbor eth1 interface peer-group uplink
neighbor eth2 interface peer-group uplink
address-family ipv4 unicast
redistribute connected
neighbor downlink route-reflector-client
neighbor downlink default-originate
neighbor downlink prefix-list only-host-prefixes out
neighbor uplink allowas-in origin
neighbor uplink prefix-list only-default-host-prefixes in
exit-address-family
address-family ipv6 unicast
redistribute connected
neighbor downlink activate
neighbor downlink route-reflector-client
neighbor downlink default-originate
neighbor uplink activate
neighbor uplink allowas-in origin
neighbor uplink prefix-list only-default-host-prefixes in
exit-address-family
address-family l2vpn evpn
neighbor uplink activate
neighbor uplink allowas-in origin
neighbor downlink activate
neighbor downlink route-reflector-client
exit-address-family
ip prefix-list only-default-host-prefixes permit 0.0.0.0/0
ip prefix-list only-default-host-prefixes permit 0.0.0.0/0 ge 32
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32
ipv6 prefix-list only-default-host-prefixes permit ::/0
ipv6 prefix-list only-default-host-prefixes permit ::/0 ge 128
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128
ip nht resolve-via-default
It gives us the following errors with frr 8.0:
2021/08/10 14:22:25 ZEBRA: [JMR52-70SM0][EC 100663332] error processing configuration change: error [validation] event [validate] operation [modify] xpath [/frr-filter:lib/prefix-list[type='ipv4'][name='only-default-host-prefixes']/entry[sequence='5']/ipv4-prefix] message: duplicated prefix list value: 0.0.0.0/0
2021/08/10 14:22:25 ZEBRA: [M1996-T2DHD][EC 100663338] nb_candidate_commit_prepare: failed to validate candidate configuration
2021/08/10 14:22:25 ZEBRA: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2021/08/10 14:22:25 BGP: [JMR52-70SM0][EC 100663332] error processing configuration change: error [validation] event [validate] operation [modify] xpath [/frr-filter:lib/prefix-list[type='ipv4'][name='only-default-host-prefixes']/entry[sequence='5']/ipv4-prefix] message: duplicated prefix list value: 0.0.0.0/0
2021/08/10 14:22:25 BGP: [M1996-T2DHD][EC 100663338] nb_candidate_commit_prepare: failed to validate candidate configuration
2021/08/10 14:22:25 BGP: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2021/08/10 14:22:25 STATIC: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2021/08/10 14:22:25 BFD: [JMR52-70SM0][EC 100663332] error processing configuration change: error [validation] event [validate] operation [modify] xpath [/frr-filter:lib/prefix-list[type='ipv4'][name='only-default-host-prefixes']/entry[sequence='5']/ipv4-prefix] message: duplicated prefix list value: 0.0.0.0/0
2021/08/10 14:22:25 BFD: [M1996-T2DHD][EC 100663338] nb_candidate_commit_prepare: failed to validate candidate configuration
I just retried the above config on frr-7.5 and it prints no error. If the config was never valid to start with maybe we can just add a release note?
Your config is correct and works when applied interactively in the console. But it doesn't work when used in the config file. It's a bug and I am able to reproduce it locally, thanks for filing the issue. We'll work on it.
Describe the bug [X] Did you check if this is a duplicate issue? [ ] Did you test it on the latest FRRouting/frr master branch?
To Reproduce On FRR 7.5 we had this working snippet in frr.conf:
After testing the upgrade to 8.0 with the above config we noticed the default routes were still received but were being filtered out and FRR just refused them with:
Replacing
ip prefix-list only-default permit 0.0.0.0/0
withip prefix-list only-default permit 0.0.0.0/0 le 1
fixed it for us.Expected behavior We were just surprised that the previously working config was not being accepted by FRR. We looked around in the release notes at https://frrouting.org/release/8.0/ and found no mention about it. Ideally a line there about this change would be awesome.
Versions CentOS 8 FRR 8.0-01.el8 rpm
Additional context https://github.com/FRRouting/frr/commit/bf79e923167c79b2e813b7e7efda7211949d6378 seems to be relevant here, although have not verified it manually.