Bug 2035250

Summary: Peering with ebgp peer over multi-hops doesn't work
Product: OpenShift Container Platform Reporter: obraunsh
Component: NetworkingAssignee: obraunsh
Networking sub component: Metal LB QA Contact: Greg Kopels <gkopels>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: fpaoline
Version: 4.10   
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:36:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description obraunsh 2021-12-23 11:51:58 UTC 
Description of problem:

Creating a BGPPeer for a peer that is multi-hops away + in a different ASN than ours results in a connection that does not establish.
Comment 3 Greg Kopels 2022-02-16 14:04:12 UTC 
Bug fix validated QE-Validation
Cluster version is 4.10.0-fc.2

1. Create FRR container on external multi-hop Server
2. Apply EBGP BGPpeer yaml
3. Create addresspool
4. Create service
5. Create backend service pod
6. Validate BGP adjacency

cnf-executor-gkopels# sh ip bgp summary

IPv4 Unicast Summary (VRF default):
BGP router identifier 192.168.254.164, local AS number 64501 vrf-id 0
BGP table version 2
RIB entries 1, using 184 bytes of memory
Peers 2, using 1433 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.46.56.13     4      64500        23        22        0    0    0 00:09:48            1        0 N/A
10.46.56.14     4      64500        16        15        0    0    0 00:06:27            1        0 N/A

Total number of neighbors 2

B>  4.4.1.10/32 [20/0] via 10.46.56.13 (recursive), weight 1, 00:07:50
  *                      via 10.0.139.254, eth0, weight 1, 00:07:50
                       via 10.46.56.14 (recursive), weight 1, 00:07:50
                         via 10.0.139.254, eth0, weight 1, 00:07:50


### External FRR Config ###
Current configuration:
!
frr version 8.3-dev_git
frr defaults traditional
hostname cnf-executor-gkopels
log file /etc/frr/frr.log
no ipv6 forwarding
!
debug bgp neighbor-events
debug bgp updates in
debug bgp updates out
!
ip route 10.46.56.0/24 192.168.254.1
!
router bgp 64501
 bgp router-id 192.168.254.164
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 10.46.56.13 remote-as 64500
 neighbor 10.46.56.13 ebgp-multihop 255
 neighbor 10.46.56.13 update-source eth0
 neighbor 10.46.56.14 remote-as 64500
 neighbor 10.46.56.14 ebgp-multihop 255
 neighbor 10.46.56.14 update-source eth0
 !
 address-family ipv4 unicast
  neighbor 10.46.56.13 activate
  neighbor 10.46.56.14 activate
 exit-address-family
 !
 address-family ipv6 unicast
  neighbor 10.46.56.13 activate
  neighbor 10.46.56.14 activate
 exit-address-family
exit
!
ip nht resolve-via-default
!
ipv6 nht resolve-via-default
!
end


### Speaker FRR Config ###
Current configuration:
!
frr version 7.5
frr defaults traditional
hostname helix14.lab.eng.tlv2.redhat.com
log file /etc/frr/frr.log informational
log timestamp precision 3
service integrated-vtysh-config
!
router bgp 64500
 bgp router-id 10.46.56.13
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 10.0.137.253 remote-as 64501
 neighbor 10.0.137.253 ebgp-multihop 255
 neighbor 10.0.137.253 timers 30 90
 !
 address-family ipv4 unicast
  network 4.4.1.10/32
  neighbor 10.0.137.253 activate
  neighbor 10.0.137.253 route-map 10.0.137.253-in in
  neighbor 10.0.137.253 route-map 10.0.137.253-out out
 exit-address-family
!
ip prefix-list 65535:65282-v4prefixes seq 5 permit 4.4.1.10/32
ip prefix-list 65535:65282-v4prefixes seq 10 permit 4.4.1.10/32
ip prefix-list 65535:65282-v4prefixes seq 15 permit 4.4.1.10/32
ip prefix-list 7003:7-v4prefixes seq 5 permit 4.4.1.10/32
ip prefix-list 7003:7-v4prefixes seq 10 permit 4.4.1.10/32
ip prefix-list 7003:7-v4prefixes seq 15 permit 4.4.1.10/32
ip prefix-list 200-v4localpref-prefixes seq 5 permit 4.4.1.10/32
ip prefix-list 200-v4localpref-prefixes seq 10 permit 4.4.1.10/32
ip prefix-list 200-v4localpref-prefixes seq 15 permit 4.4.1.10/32
!
route-map 10.0.137.253-in deny 20
!
route-map 10.0.137.253-out permit 1
 match ip address prefix-list 200-v4localpref-prefixes
 on-match next
 set local-preference 200
!
route-map 10.0.137.253-out permit 2
 match ip address prefix-list 65535:65282-v4prefixes
 on-match next
 set community no-advertise additive
!
route-map 10.0.137.253-out permit 3
 match ip address prefix-list 7003:7-v4prefixes
 on-match next
 set community 7003:7 additive
!
route-map 10.0.137.253-out permit 4
!
ip nht resolve-via-default
!
ipv6 nht resolve-via-default
!
line vty
!
end

###
Comment 5 errata-xmlrpc 2022-03-10 16:36:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056