Bug 2054160

Summary: FRR reloader does not disable BFD when unsetting BFD profile
Product: Red Hat Enterprise Linux 8 Reporter: Carlos Goncalves <cgoncalves>
Component: frrAssignee: Michal Ruprich <mruprich>
Status: CLOSED ERRATA QA Contact: FrantiĊĦek Hrdina <fhrdina>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.4CC: fhrdina, jorton, mruprich
Target Milestone: rcKeywords: AutoVerified, Reproducer, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: frr-7.5.1-3.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-08 09:39:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2050824    

Description Carlos Goncalves 2022-02-14 10:26:57 UTC 
Description of problem:
Despite the user's desire to disable BFD altogether, the reloader is just unsetting the custom BFD profile falling back to the default built-in profile.

Version-Release number of selected component (if applicable):
FRR 7.5

How reproducible:
100%

Steps to Reproduce:
1. Create an FRR configuration with a BGP router and a BFD profile associated to it:

  [...]
  router bgp 65000
    neighbor 10.0.0.1 remote-as 65000
    neighbor 10.0.0.1 bfd profile bfd-profile-1
  [...]

2. Verify the running configuration:

  $ sudo vtysh -c 'show running-config'
  [...]
  router bgp 65000
    neighbor 10.0.0.1 remote-as 65000
    neighbor 10.0.0.1 bfd
    neighbor 10.0.0.1 bfd profile bfd-profile-1
  [...]

3. Copy the initial FRR configuration file (step 1) and delete the "bfd profile" line:

  [...]
  router bgp 65000
    neighbor 10.0.0.1 remote-as 65000
  [...]

4. Apply the new FRR configuration using the FRR reloader script:
  $ /usr/lib/frr/frr-reload.py --reload --stdout frr.conf.wanted.7.5
  [...]
  router bgp 65000
    neighbor 10.0.0.1 remote-as 65000
    neighbor 10.0.0.1 bfd
  [...]

2022-02-14 10:02:39,023  INFO: Called via "Namespace(bindir='/usr/bin', confdir='/etc/frr', daemon='', debug=False, filename='frr.conf.wanted.7.5', input=None, log_level='info', overwrite=False, pathspace=None, reload=True, rundir='/var/run/frr', stdout=True, test=False, test_reset=False, vty_socket=None)"
2022-02-14 10:02:39,024  INFO: Loading Config object from file frr.conf.wanted.7.5
2022-02-14 10:02:39,294  INFO: Loading Config object from vtysh show running
2022-02-14 10:02:39,561  INFO: Executed "no bfd"
2022-02-14 10:02:39,694  INFO: Executed "bfd  no profile my_bfd_profile"
2022-02-14 10:02:39,827  INFO: Executed "router bgp 65000  no neighbor 10.0.0.1 bfd"
2022-02-14 10:02:39,960  INFO: Executed "router bgp 65000  no neighbor 10.0.0.1 bfd profile my_bfd_profile"
2022-02-14 10:02:39,960  INFO: Loading Config object from vtysh show running

Actual results:

  # vtysh -c 'show running-config'
  Building configuration...

  Current configuration:
  [...]
  router bgp 65000
   no bgp suppress-duplicates
   neighbor 10.0.0.1 remote-as 64512
   neighbor 10.0.0.1 bfd           <-------------------
  [...]


Expected results:
BFD should not be enabled on the 10.0.0.1 BGP neighbor.

Additional info:
Issue reproducible on FRR 7.5 (RHEL 8.4, CentOS 8 Stream) and FRR 8.1 (community RPM builds).
Comment 1 Carlos Goncalves 2022-02-14 10:28:45 UTC 
Proposed fix upstream: https://github.com/FRRouting/frr/pull/10570
Comment 6 Carlos Goncalves 2022-08-22 09:56:05 UTC 
Any updates on this FRR issue?
Just a reminder that this impacts an OpenShift component. The workaround imposes temporary network dataplane disruption.
Comment 7 Michal Ruprich 2022-08-25 13:58:44 UTC 
Hi Carlos,

sorry I had to move to other stuff before actually coming up with the solution here. I was thinking of using the PR that you issued for upstream as a solution in RHEL8 and wait for anything the upstream comes up with but here it seems they don't have this on their radar at this point.

I think that for RHEL8 we could use the solution that you provided but it needs a little tweak in the code as well. The frr-reload.py script is a bit simple in a way that it takes differences in the config and applies them to the running config. Your suggestion works great with the latest version but version of FRR in RHEL8 has a problem when printing the bfd information. It leaves out the part with 'neighbor PEER bfd':

if (!CHECK_FLAG(bfd_info->flags, BFD_FLAG_PARAM_CFG)
            && (bfd_info->type == BFD_TYPE_NOT_CONFIGURED)) {
                vty_out(vty, " neighbor %s bfd", addr); <<----here it should be separated by \n
                if (bfd_info->profile[0])
                        vty_out(vty, " profile %s", bfd_info->profile); <<---- neighbor <peer> bfd should be here.
                vty_out(vty, "\n");
        }

I am fixing this part with my patch, it has worked for me so far.
Comment 28 errata-xmlrpc 2022-11-08 09:39:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (frr bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7560