Hi, Claudio!
It seems there were at least two issues:
1. VPN routes were never installed to fib (with errno 'Network is
unreachable'
returned when send_rtmsg tried to writev them)
2. kroute_remove brakes when prefix withdraw comes from rde (with 'Not
handled AID')
I applied your patch and vpn routes now get installed to the fib!
But kroute_remove cannot handle vpn prefixes withdrawal still.
I manually triggered prefix withdraw on the other side of bgp session and
hooked the prefix at kroute_remove just before it returned -1.
"
kroute_remove: rd 65001:100 10.42.200.9/32 NH ???
kroute_remove: not handled AID
"
So I extend the patch abit and the issue 2 seems to go:
(Not sure that I did it right. Also don't know if kf->nexthop = '???' is ok
in kroute_remove during withdrawal, but fib reflects correctly.)
Index: kroute.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
retrieving revision 1.300
diff -u -p -r1.300 kroute.c
--- kroute.c 21 Sep 2022 21:12:03 -0000 1.300
+++ kroute.c 4 Nov 2022 06:51:21 -0000
@@ -580,6 +580,9 @@ krVPN4_change(struct ktable *kt, struct
(kf->prefix.labelstack[2] << 8);
mplslabel = htonl(mplslabel);
+ kf->mplslabel = mplslabel;
+ kf->flags |= F_MPLS;
+
/* for blackhole and reject routes nexthop needs to be 127.0.0.1 */
if (kf->flags & (F_BLACKHOLE|F_REJECT))
kf->nexthop.v4.s_addr = htonl(INADDR_LOOPBACK);
@@ -590,6 +593,7 @@ krVPN4_change(struct ktable *kt, struct
return (-1);
} else {
kr->mplslabel = mplslabel;
+ kr->flags |= F_MPLS;
kr->ifindex = kf->ifindex;
kr->nexthop.s_addr = kf->nexthop.v4.s_addr;
rtlabel_unref(kr->labelid);
@@ -632,6 +636,9 @@ krVPN6_change(struct ktable *kt, struct
(kf->prefix.labelstack[2] << 8);
mplslabel = htonl(mplslabel);
+ kf->mplslabel = mplslabel;
+ kf->flags |= F_MPLS;
+
/* for blackhole and reject routes nexthop needs to be ::1 */
if (kf->flags & (F_BLACKHOLE|F_REJECT))
memcpy(&kf->nexthop.v6, &lo6, sizeof(kf->nexthop.v6));
@@ -642,6 +649,7 @@ krVPN6_change(struct ktable *kt, struct
return (-1);
} else {
kr6->mplslabel = mplslabel;
+ kr6->flags |= F_MPLS;
kr6->ifindex = kf->ifindex;
memcpy(&kr6->nexthop, &kf->nexthop.v6, sizeof(struct
in6_addr));
kr6->nexthop_scope_id = kf->nexthop.scope_id;
@@ -1878,9 +1886,11 @@ kroute_remove(struct ktable *kt, struct
switch (kf->prefix.aid) {
case AID_INET:
+ case AID_VPN_IPv4:
multipath = kroute4_remove(kt, kf, any);
break;
case AID_INET6:
+ case AID_VPN_IPv6:
multipath = kroute6_remove(kt, kf, any);
break;
default:
чт, 3 нояб. 2022 г. в 16:43, Claudio Jeker <[email protected]>:
> On Mon, Oct 31, 2022 at 09:54:12AM +0300, Bars Bars wrote:
> > Hi!
> >
> > Just upgraded to 7.2 and bgpd began to crash with VPNs, not immediately
> > but in 1 minute after daemon start (probably the issue happens
> > when prefix withdraw received or so, and rde goes to change the fib, not
> > sure).
> > If only using IPv4 sessions and keeping VPN sessions down then it works
> > stable.
> > "
> > kroute_remove: not handled AID
> > peer closed imsg connection
> > SE: Lost connection to parent
> > peer closed imsg connection notification: Cease, administratively down
> > fatal in RTR: Lost connection to parent
> > peer closed imsg connection
> > fatal in RDE: Lost connection to parent
> > "
> > im not sure that is a bug, but there was huge kroute refactoring under
> bgpd
> > source tree since 7.1 and it seems that routes with VPN4/VPN6 AIDs are
> > now handled very differently. Im bad at code to
> > investigate and to try to fix the issue, so i simply rolled back
> > bgpd/bgpctl
> > to 7.1 base revision and rebuild, ok now.
> > Сan't imagine what else I can do.
>
> Please try the following diff. It should fix the problem with MPLS routes.
>
> --
> :wq Claudio
>
> Index: kroute.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
> retrieving revision 1.301
> diff -u -p -r1.301 kroute.c
> --- kroute.c 18 Oct 2022 09:30:29 -0000 1.301
> +++ kroute.c 3 Nov 2022 13:42:11 -0000
> @@ -580,6 +580,9 @@ krVPN4_change(struct ktable *kt, struct
> (kf->prefix.labelstack[2] << 8);
> mplslabel = htonl(mplslabel);
>
> + kf->mplslabel = mplslabel;
> + kf->flags |= F_MPLS;
> +
> /* for blackhole and reject routes nexthop needs to be 127.0.0.1 */
> if (kf->flags & (F_BLACKHOLE|F_REJECT))
> kf->nexthop.v4.s_addr = htonl(INADDR_LOOPBACK);
> @@ -590,6 +593,7 @@ krVPN4_change(struct ktable *kt, struct
> return (-1);
> } else {
> kr->mplslabel = mplslabel;
> + kr->flags |= F_MPLS;
> kr->ifindex = kf->ifindex;
> kr->nexthop.s_addr = kf->nexthop.v4.s_addr;
> rtlabel_unref(kr->labelid);
> @@ -632,6 +636,9 @@ krVPN6_change(struct ktable *kt, struct
> (kf->prefix.labelstack[2] << 8);
> mplslabel = htonl(mplslabel);
>
> + kf->flags |= F_MPLS;
> + kf->mplslabel = mplslabel;
> +
> /* for blackhole and reject routes nexthop needs to be ::1 */
> if (kf->flags & (F_BLACKHOLE|F_REJECT))
> memcpy(&kf->nexthop.v6, &lo6, sizeof(kf->nexthop.v6));
> @@ -642,6 +649,7 @@ krVPN6_change(struct ktable *kt, struct
> return (-1);
> } else {
> kr6->mplslabel = mplslabel;
> + kr6->flags |= F_MPLS;
> kr6->ifindex = kf->ifindex;
> memcpy(&kr6->nexthop, &kf->nexthop.v6, sizeof(struct
> in6_addr));
> kr6->nexthop_scope_id = kf->nexthop.scope_id;
>
