Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv6 static route with route-map set src rejected route #18221

Open
2 tasks done
EasyNetDev opened this issue Feb 21, 2025 · 2 comments
Open
2 tasks done

IPv6 static route with route-map set src rejected route #18221

EasyNetDev opened this issue Feb 21, 2025 · 2 comments
Labels
triage Needs further investigation

Comments

@EasyNetDev
Copy link
Contributor

EasyNetDev commented Feb 21, 2025
edited
Loading

Description

Hello,

Using ipv6 protocol static route-map ROUTE-MAP is rejecting the default route in GRT.

Version

FRRouting 10.4-dev (R01) on Linux(6.12.12-amd64).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--sbindir=/usr/lib/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--enable-pim6d' '--disable-grpc' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-pcre2posix' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

Latest commit I have it:

commit fc6b0413fa3f9d52857f6b534d5ab6ab1420b3b2 (HEAD -> master, origin/master, origin/HEAD)
Merge: dad880201 8280257cc
Author: Jafar Al-Gharaibeh <jafar@atcorp.com>
Date:   Thu Feb 20 10:56:05 2025 -0600

    Merge pull request #14227 from routingrocks/pim_data_fix
    
    pimd: Fix for data packet loss when FHR is LHR and RP

How to reproduce

This is the configuration I'm using:

Because the default vrf is not having any kind of access to internet, I want to send the default traffic via internet vrf using a routable source IP configured in default vrf.

ip prefix-list pl-DEFAULT-ROUTE description IPv4 Default Route
ip prefix-list pl-DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
ipv6 prefix-list pl-DEFAULT-ROUTE description IPv6 Default Route
ipv6 prefix-list pl-DEFAULT-ROUTE seq 5 permit ::/0

route-map rm-GRT-SRC-v6 permit 1000
 description IPv6 default route for GRT using a local IPv6
 set src 2aXX:XX:XXXX::1:1
exit

route-map rm-GRT-SRC permit 1000
 match ip address prefix-list pl-DEFAULT-ROUTE
 match source-vrf default
 set src 89.X.X.0
exit

interface lo0
 ip address 89.X.X.117/32
 ip address 89.X.X.0/32
 ip ospf passive
 ipv6 address 2aXX:XXXX:XXXX::1:1/128
 mpls enable
 no link-detect
exit

ip route 0.0.0.0/0 internet nexthop-vrf internet
ipv6 route ::/0 internet nexthop-vrf internet

ip protocol static route-map rm-GRT-SRC
ipv6 protocol static route-map rm-GRT-SRC-v6

The output

R01(config)# do sh ipv6 route
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv6 unicast VRF default:
S>r ::/0 [1/0] is directly connected, internet (vrf internet), weight 1, 00:06:53

If I'm not using ipv6 protocol static route-map rm-GRT-SRC-v6 is installing the route without source and is working:

route-map rm-GRT-SRC-v6 permit 1000
 description IPv6 default route for GRT using a local IPv6
exit

ipv6 route ::/0 internet nexthop-vrf internet

R01(config)# do sh ipv6 route
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv6 unicast VRF default:
S>* ::/0 [1/0] is directly connected, internet (vrf internet), weight 1, 00:00:05

When I'm using set src I'm seeing this in logs:

2025-02-21T15:08:34.036642+02:00 R01 zebra[56704]: [HSYZM-HV7HF] Extended Error: Invalid source address
2025-02-21T15:08:34.036969+02:00 R01 zebra[56704]: [WVJCK-PPMGD][EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=5928043, pid=2257034316
2025-02-21T15:08:34.037165+02:00 R01 zebra[56704]: [VYKYC-709DP] default(0:254):::/0: Route install failed

Expected behavior

It suppose to install the IPv6 default route with source IP.

Actual behavior

The route should be installed in the RIB.

Additional context

No response

Checklist

  • I have searched the open issues for this bug.
  • I have not included sensitive information in this report.
@EasyNetDev EasyNetDev added the triage Needs further investigation label Feb 21, 2025
@EasyNetDev
Copy link
Contributor Author

I've been able to debug the kernel messages. I'm uploading the file.

ipv6-route-with-src-rejected.txt

@EasyNetDev
Copy link
Contributor Author

EasyNetDev commented Feb 21, 2025
edited
Loading

Good. After some researches I found this:

IPv6 Addresses Are Scoped More Strictly
    Linux applies source address selection rules from RFC 6724, which impact how source addresses are picked.

In this case IPv6 doesn't work as IPv4 can work.

So, to solve this issue I came with this solution:

  1. Move the IPv6 address from lo0 to internet interface:
interface internet
 ipv6 address 2aXX:XX:XXXX::1:1/128
  1. Keep the same ipv6 protocol static route-map:
route-map rm-GRT-SRC-v6 permit 1000
 description IPv6 default route for GRT using a local IPv6
 match ipv6 address prefix-list pl-DEFAULT-ROUTE
 match source-vrf default
 set src 2aXX:XX:XXXX::1:1
exit

Using match source-vrf default and match ipv6 address to ensure this route-map is not applied on other ipv6 static routes in other VRFs.
3. Add a default route in VRF default:

ipv6 route ::/0 internet nexthop-vrf internet
  1. Ping from default VRF:
$ ping 2001:4860:4860::8844
PING 2001:4860:4860::8844 (2001:4860:4860::8844) 56 data bytes
64 bytes from 2001:4860:4860::8844: icmp_seq=1 ttl=57 time=24.9 ms
64 bytes from 2001:4860:4860::8844: icmp_seq=2 ttl=57 time=24.9 ms
^C
--- 2001:4860:4860::8844 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 24.865/24.881/24.897/0.016 ms

Conclusion:

  1. IPv4 source address must resides in the same VRF with default gateway, otherwise ip route can't select the source address.
  2. IPv6 source address must resides in the VRF where the default gateway will point to.

Maybe it can help others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage Needs further investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EasyNetDev