search

FRRouting / frr

The FRRouting Protocol Suite
https://frrouting.org/
Other
3.33k stars 1.25k forks source link

Previously working prefix-list is now being rejected by frr 8.0 #9355

Closed mbaldessari closed 3 years ago

mbaldessari commented 3 years ago

Describe the bug [X] Did you check if this is a duplicate issue? [ ] Did you test it on the latest FRRouting/frr master branch?

To Reproduce On FRR 7.5 we had this working snippet in frr.conf:

! Ansible managed

frr version 7.0
frr defaults traditional
hostname ctrl-1-0
log file /var/log/frr/frr.log debugging
log timestamp precision 3
service integrated-vtysh-config
line vty
debug bfd peer
debug bfd network
debug bfd zebra
debug bgp graceful-restart
debug bgp neighbor-events
debug bgp updates
debug bgp update-groups

router bgp 64999
  bgp router-id 172.30.1.1
  bgp log-neighbor-changes
  bgp graceful-shutdown
  no bgp default ipv4-unicast
  no bgp ebgp-requires-policy

  neighbor uplink peer-group
  neighbor uplink remote-as internal
  ! neighbor uplink capability extended-nexthop
  neighbor uplink bfd
  neighbor enp2s0 interface peer-group uplink
  neighbor enp3s0 interface peer-group uplink
  neighbor uplink ttl-security hops 1
  neighbor evpn-peer peer-group
  neighbor evpn-peer remote-as external
  neighbor evpn-peer ebgp-multihop 10

  address-family ipv4 unicast
    redistribute connected
    neighbor uplink activate
    neighbor uplink allowas-in origin
    neighbor uplink prefix-list only-host-prefixes out
  exit-address-family

  address-family ipv6 unicast
    redistribute connected
    neighbor uplink activate
    neighbor uplink allowas-in origin
    neighbor uplink prefix-list only-host-prefixes out
  exit-address-family

  address-family l2vpn evpn
    neighbor uplink activate
    neighbor evpn-peer activate
    advertise-all-vni
  exit-address-family

ip prefix-list only-default permit 0.0.0.0/0
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32

route-map rm-only-default permit 10
  match ip address prefix-list only-default
  set src 172.30.1.1

ip protocol bgp route-map rm-only-default

ipv6 prefix-list only-default permit ::/0
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128

route-map rm-only-default permit 11
  match ipv6 address prefix-list only-default
  set src f00d:f00d:f00d:f00d:f00d:f00d:f00d:0001

ipv6 protocol bgp route-map rm-only-default
ip nht resolve-via-default

After testing the upgrade to 8.0 with the above config we noticed the default routes were still received but were being filtered out and FRR just refused them with:

2021/08/09 14:18:23 BGP: [JMR52-70SM0][EC 100663332] error processing configuration change: error [validation] event 
  [validate] operation [modify] xpath [/frr-filter:lib/prefix-list[type='ipv4'][name='only-default-host-prefixes']/entry[sequence='5']/
  ipv4-prefix] message: duplicated prefix list value: 0.0.0.0/0

Replacing ip prefix-list only-default permit 0.0.0.0/0 with ip prefix-list only-default permit 0.0.0.0/0 le 1 fixed it for us.

Expected behavior We were just surprised that the previously working config was not being accepted by FRR. We looked around in the release notes at https://frrouting.org/release/8.0/ and found no mention about it. Ideally a line there about this change would be awesome.

Versions CentOS 8 FRR 8.0-01.el8 rpm

Additional context https://github.com/FRRouting/frr/commit/bf79e923167c79b2e813b7e7efda7211949d6378 seems to be relevant here, although have not verified it manually.

idryzhov commented 3 years ago

The config you provided cleanly applies when using FRR 8.0. Also, the log you provided doesn't correspond to the config – in the log you try to configure prefix-list with name [name='only-default-host-prefixes'] and I don't see this name in the config. Please, update the issue with the real config that doesn't work and I'll check it out.

mbaldessari commented 3 years ago

Argh! I'm on crack, sorry about that. This is the config that we were using on some nodes and that was accepted by frr 7.5:

hostname leaf-1-1
log file /var/log/frr/frr.log
service integrated-vtysh-config
line vty
frr version 7.0

debug bfd peer
debug bfd network
debug bfd zebra

debug bgp graceful-restart
debug bgp neighbor-events
debug bgp updates
debug bgp update-groups

router bgp 64999
  bgp log-neighbor-changes
  bgp graceful-shutdown

  neighbor downlink peer-group
  neighbor downlink remote-as internal
  neighbor downlink bfd
  ! neighbor downlink capability extended-nexthop
  neighbor eth3 interface peer-group downlink
  neighbor eth4 interface peer-group downlink
  neighbor eth5 interface peer-group downlink
  neighbor eth6 interface peer-group downlink

  neighbor uplink peer-group
  neighbor uplink remote-as external
  neighbor uplink bfd
  ! neighbor uplink capability extended-nexthop
  neighbor eth1 interface peer-group uplink
  neighbor eth2 interface peer-group uplink

  address-family ipv4 unicast
    redistribute connected
    neighbor downlink route-reflector-client
    neighbor downlink default-originate
    neighbor downlink prefix-list only-host-prefixes out
    neighbor uplink allowas-in origin
    neighbor uplink prefix-list only-default-host-prefixes in
  exit-address-family

  address-family ipv6 unicast
    redistribute connected
    neighbor downlink activate
    neighbor downlink route-reflector-client
    neighbor downlink default-originate
    neighbor uplink activate
    neighbor uplink allowas-in origin
    neighbor uplink prefix-list only-default-host-prefixes in
  exit-address-family

  address-family l2vpn evpn
    neighbor uplink activate
    neighbor uplink allowas-in origin
    neighbor downlink activate
    neighbor downlink route-reflector-client
  exit-address-family

ip prefix-list only-default-host-prefixes permit 0.0.0.0/0
ip prefix-list only-default-host-prefixes permit 0.0.0.0/0 ge 32
ip prefix-list only-host-prefixes permit 0.0.0.0/0 ge 32

ipv6 prefix-list only-default-host-prefixes permit ::/0
ipv6 prefix-list only-default-host-prefixes permit ::/0 ge 128
ipv6 prefix-list only-host-prefixes permit ::/0 ge 128

ip nht resolve-via-default

It gives us the following errors with frr 8.0:

2021/08/10 14:22:25 ZEBRA: [JMR52-70SM0][EC 100663332] error processing configuration change: error [validation] event [validate] operation [modify] xpath [/frr-filter:lib/prefix-list[type='ipv4'][name='only-default-host-prefixes']/entry[sequence='5']/ipv4-prefix] message: duplicated prefix list value: 0.0.0.0/0
2021/08/10 14:22:25 ZEBRA: [M1996-T2DHD][EC 100663338] nb_candidate_commit_prepare: failed to validate candidate configuration
2021/08/10 14:22:25 ZEBRA: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2021/08/10 14:22:25 BGP: [JMR52-70SM0][EC 100663332] error processing configuration change: error [validation] event [validate] operation [modify] xpath [/frr-filter:lib/prefix-list[type='ipv4'][name='only-default-host-prefixes']/entry[sequence='5']/ipv4-prefix] message: duplicated prefix list value: 0.0.0.0/0
2021/08/10 14:22:25 BGP: [M1996-T2DHD][EC 100663338] nb_candidate_commit_prepare: failed to validate candidate configuration
2021/08/10 14:22:25 BGP: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2021/08/10 14:22:25 STATIC: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2021/08/10 14:22:25 BFD: [JMR52-70SM0][EC 100663332] error processing configuration change: error [validation] event [validate] operation [modify] xpath [/frr-filter:lib/prefix-list[type='ipv4'][name='only-default-host-prefixes']/entry[sequence='5']/ipv4-prefix] message: duplicated prefix list value: 0.0.0.0/0
2021/08/10 14:22:25 BFD: [M1996-T2DHD][EC 100663338] nb_candidate_commit_prepare: failed to validate candidate configuration

I just retried the above config on frr-7.5 and it prints no error. If the config was never valid to start with maybe we can just add a release note?

idryzhov commented 3 years ago

Your config is correct and works when applied interactively in the console. But it doesn't work when used in the config file. It's a bug and I am able to reproduce it locally, thanks for filing the issue. We'll work on it.