Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BGP vpnv6 next hop address maybe error? #4661

Closed
DKCopy opened this issue Jul 9, 2019 · 4 comments
Closed

BGP vpnv6 next hop address maybe error? #4661

DKCopy opened this issue Jul 9, 2019 · 4 comments
Labels
bgp triage Needs further investigation

Comments

@DKCopy
Copy link

DKCopy commented Jul 9, 2019

Description

BGP ipv6 vpn use a ipv6 link-address as to UPDATE-Path Attribute - MP_REACH_NLRI next hop address
and zebra can't add correct mpls encap route to VRF

Steps to Reproduce

Linux FRR A -> MPLS network -> Linux FRR B

Linux FRR A

bgp config

!
router bgp 245
 bgp router-id 20.50.47.2
 neighbor 20.42.42.42 remote-as 245
 neighbor 20.42.42.42 update-source 20.40.40.40
 !
 address-family ipv4 unicast
  neighbor 20.42.42.42 next-hop-self
 exit-address-family
 !
 address-family ipv4 vpn
  neighbor 20.42.42.42 activate
  neighbor 20.42.42.42 soft-reconfiguration inbound
 exit-address-family
 !
 address-family ipv6 vpn
  neighbor 20.42.42.42 activate
  neighbor 20.42.42.42 soft-reconfiguration inbound
 exit-address-family
!
router bgp 245 vrf blue
 !
 address-family ipv4 unicast
  redistribute connected
  label vpn export auto
  rd vpn export 100:2
  rt vpn both 65040:1
  export vpn
  import vpn
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute connected
  label vpn export auto
  rd vpn export 100:22
  rt vpn both 65040:1
  export vpn
  import vpn
 exit-address-family
!

vpn status

# do show bgp ipv6 vpn 
BGP table version is 3, local router ID is 20.50.47.2, vrf id 0
Default local pref 100, local AS 245
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:11
*>ifd00:42:42:42::/64
                    fe80::1c31:c5ff:fe00:63fc         0    100      0 ?
    UN=fe80::1c31:c5ff:fe00:63fc EC{65040:1} label=145 type=bgp, subtype=0
Route Distinguisher: 100:22
*> fd00:40:40:40::/64
                    ::@31<         0         32768 ?
    UN=:: EC{65040:1} label=65681 type=bgp, subtype=5

Displayed  2 routes and 2 total paths

vrf status

#  ip -br r show vrf blue
172.16.41.0/24 dev vpna proto kernel scope link src 172.16.41.1 
172.16.42.0/24  encap mpls  229/144 via 20.50.47.1 dev eth5 proto 186 metric 20 
#  ip -br -6  r show vrf blue
anycast fd00:40:40:40:: dev vpna proto kernel metric 0 pref medium
fd00:40:40:40::/64 dev vpna proto kernel metric 256 pref medium
anycast fe80:: dev vpna proto kernel metric 0 pref medium
fe80::/64 dev vpna proto kernel metric 256 pref medium
ff00::/8 dev vpna metric 256 pref medium

Linux FRR B

bgp config

!
router bgp 245
 bgp router-id 20.42.42.42
 neighbor 20.40.40.40 remote-as 245
 neighbor 20.40.40.40 update-source 20.42.42.42
 !
 address-family ipv4 vpn
  neighbor 20.40.40.40 activate
  neighbor 20.40.40.40 soft-reconfiguration inbound
 exit-address-family
 !
 address-family ipv6 vpn
  neighbor 20.40.40.40 activate
  neighbor 20.40.40.40 soft-reconfiguration inbound
 exit-address-family
!
router bgp 245 vrf blue
 !
 address-family ipv4 unicast
  redistribute connected
  label vpn export auto
  rd vpn export 100:1
  rt vpn both 65040:1
  export vpn
  import vpn
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute connected
  label vpn export auto
  rd vpn export 100:11
  rt vpn both 65040:1
  export vpn
  import vpn
 exit-address-family
!

vpn status

# do show bgp ipv6  vpn 
BGP table version is 2, local router ID is 20.42.42.42, vrf id 0
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:11
*> fd00:42:42:42::/64
                    ::@7<         0         32768 ?
    UN=:: EC{65040:1} label=145 type=bgp, subtype=5
Route Distinguisher: 100:22
*>ifd00:40:40:40::/64
                    fe80::98ac:85ff:fefd:a3b1         0    100      0 ?
    UN=fe80::98ac:85ff:fefd:a3b1 EC{65040:1} label=65681 type=bgp, subtype=0

Displayed  2 routes and 2 total paths

vrf status

# ip -br r show vrf blue
172.16.41.0/24  encap mpls  56/65680 via 20.245.1.1 dev enp5s0f0 proto bgp metric 20 
172.16.42.0/24 dev vpna proto kernel scope link src 172.16.42.1 
# ip -br -6 r show vrf blue
anycast fd00:42:42:42:: dev vpna proto kernel metric 0 pref medium
fd00:42:42:42::/64 dev vpna proto kernel metric 256 pref medium
anycast fe80:: dev vpna proto kernel metric 0 pref medium
fe80::/64 dev vpna proto kernel metric 256 pref medium
ff00::/8 dev vpna metric 256 pref medium

Expected behavior

zebra can add a correct mpls encap route to VRF blue!

Screenshots

HuaWei vpnv6 BGP UPDATE message
在这里插入图片描述
FRR vpnv6 BGP UPDATE message
在这里插入图片描述

Versions

  • OS Kernel: Linux fedora 29 5.0.9-200.fc29.x86_64
  • FRR version [7.1]

Additional context
@DKCopy DKCopy added the triage Needs further investigation label Jul 9, 2019
@DKCopy
Copy link
Author

DKCopy commented Jul 9, 2019
edited
Loading

I check Linux and found it don't support IPv6 mpls encap route over ipv4 gateway, so FRR maybe can't support vpnv6 over ipv4?

@qlyoung qlyoung added the bgp label Jul 9, 2019
@rwestphal
Copy link
Member

Yes, FRR doesn't support VPNv6 over IPv4 at the moment (as specified by RFC 4798). VPNv6 over IPv6 should work though.

One workaround would be to use GRE tunnels with IPv4 endpoints and IPv6 addresses. Then you can configure separate BGP sessions for VPNv6 over these tunnels. This way you don't need to run IPv6 in your MPLS backbone.

I'll add RFC 4798 to our Feature Requests page.

@polychaeta autoclose in 3 days

@DKCopy
Copy link
Author

DKCopy commented Jul 14, 2019

Yes, FRR doesn't support VPNv6 over IPv4 at the moment (as specified by RFC 4798). VPNv6 over IPv6 should work though.

One workaround would be to use GRE tunnels with IPv4 endpoints and IPv6 addresses. Then you can configure separate BGP sessions for VPNv6 over these tunnels. This way you don't need to run IPv6 in your MPLS backbone.

I'll add RFC 4798 to our Feature Requests page.

@polychaeta autoclose in 3 days

Thanks a lot!

@irino irino mentioned this issue Jul 21, 2019
Closed
@oreggin
Copy link

oreggin commented Jun 26, 2024

Yes, FRR doesn't support VPNv6 over IPv4 at the moment (as specified by RFC 4798). VPNv6 over IPv6 should work though.

One workaround would be to use GRE tunnels with IPv4 endpoints and IPv6 addresses. Then you can configure separate BGP sessions for VPNv6 over these tunnels. This way you don't need to run IPv6 in your MPLS backbone.

I'll add RFC 4798 to our Feature Requests page.

@polychaeta autoclose in 3 days

Did you mean RFC 4659? RFC 4798 is 6PE and not 6VPE. In RFC 4659 section 3.2.1.2 describe IPv4 BGP speaker nexthop encoding. In the meanwhile I build a quick interworking test LAB with 3 virtual routers, cisco c8000v v17.12 + FRR v10 on Debian 11 + MikroTik CHR v7.15.1. VPNv4 is works fine between platforms but VPNv6 is another story. Unfortunately IOS-XE does not support LDPv6 but VPNv6 over IPv6 works fine between FRR and RouterOS. The main lack is VPNv6 over IPv4 BGP speakers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bgp triage Needs further investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rwestphal @qlyoung @DKCopy @oreggin @polychaeta