2035250 – Peering with ebgp peer over multi-hops doesn't work

Bug 2035250 - Peering with ebgp peer over multi-hops doesn't work

Summary: Peering with ebgp peer over multi-hops doesn't work

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.10.0
Assignee:	obraunsh
QA Contact:	Greg Kopels
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-12-23 11:51 UTC by obraunsh
Modified:	2022-03-10 16:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-10 16:36:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift metallb-operator pull 49	None	open	Bug 2035250: upstream alignement	2021-12-23 15:53:27 UTC
Github	openshift metallb pull 23	None	open	Bug 2035250: Upstream alignement	2021-12-23 16:04:40 UTC
Red Hat Product Errata	RHSA-2022:0056	None	None	None	2022-03-10 16:36:34 UTC

Description obraunsh 2021-12-23 11:51:58 UTC

Description of problem:

Creating a BGPPeer for a peer that is multi-hops away + in a different ASN than ours results in a connection that does not establish.

Comment 3 Greg Kopels 2022-02-16 14:04:12 UTC

Bug fix validated QE-Validation
Cluster version is 4.10.0-fc.2

1. Create FRR container on external multi-hop Server
2. Apply EBGP BGPpeer yaml
3. Create addresspool
4. Create service
5. Create backend service pod
6. Validate BGP adjacency

cnf-executor-gkopels# sh ip bgp summary

IPv4 Unicast Summary (VRF default):
BGP router identifier 192.168.254.164, local AS number 64501 vrf-id 0
BGP table version 2
RIB entries 1, using 184 bytes of memory
Peers 2, using 1433 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.46.56.13     4      64500        23        22        0    0    0 00:09:48            1        0 N/A
10.46.56.14     4      64500        16        15        0    0    0 00:06:27            1        0 N/A

Total number of neighbors 2

B>  4.4.1.10/32 [20/0] via 10.46.56.13 (recursive), weight 1, 00:07:50
  *                      via 10.0.139.254, eth0, weight 1, 00:07:50
                       via 10.46.56.14 (recursive), weight 1, 00:07:50
                         via 10.0.139.254, eth0, weight 1, 00:07:50


### External FRR Config ###
Current configuration:
!
frr version 8.3-dev_git
frr defaults traditional
hostname cnf-executor-gkopels
log file /etc/frr/frr.log
no ipv6 forwarding
!
debug bgp neighbor-events
debug bgp updates in
debug bgp updates out
!
ip route 10.46.56.0/24 192.168.254.1
!
router bgp 64501
 bgp router-id 192.168.254.164
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 10.46.56.13 remote-as 64500
 neighbor 10.46.56.13 ebgp-multihop 255
 neighbor 10.46.56.13 update-source eth0
 neighbor 10.46.56.14 remote-as 64500
 neighbor 10.46.56.14 ebgp-multihop 255
 neighbor 10.46.56.14 update-source eth0
 !
 address-family ipv4 unicast
  neighbor 10.46.56.13 activate
  neighbor 10.46.56.14 activate
 exit-address-family
 !
 address-family ipv6 unicast
  neighbor 10.46.56.13 activate
  neighbor 10.46.56.14 activate
 exit-address-family
exit
!
ip nht resolve-via-default
!
ipv6 nht resolve-via-default
!
end


### Speaker FRR Config ###
Current configuration:
!
frr version 7.5
frr defaults traditional
hostname helix14.lab.eng.tlv2.redhat.com
log file /etc/frr/frr.log informational
log timestamp precision 3
service integrated-vtysh-config
!
router bgp 64500
 bgp router-id 10.46.56.13
 no bgp ebgp-requires-policy
 no bgp default ipv4-unicast
 no bgp network import-check
 neighbor 10.0.137.253 remote-as 64501
 neighbor 10.0.137.253 ebgp-multihop 255
 neighbor 10.0.137.253 timers 30 90
 !
 address-family ipv4 unicast
  network 4.4.1.10/32
  neighbor 10.0.137.253 activate
  neighbor 10.0.137.253 route-map 10.0.137.253-in in
  neighbor 10.0.137.253 route-map 10.0.137.253-out out
 exit-address-family
!
ip prefix-list 65535:65282-v4prefixes seq 5 permit 4.4.1.10/32
ip prefix-list 65535:65282-v4prefixes seq 10 permit 4.4.1.10/32
ip prefix-list 65535:65282-v4prefixes seq 15 permit 4.4.1.10/32
ip prefix-list 7003:7-v4prefixes seq 5 permit 4.4.1.10/32
ip prefix-list 7003:7-v4prefixes seq 10 permit 4.4.1.10/32
ip prefix-list 7003:7-v4prefixes seq 15 permit 4.4.1.10/32
ip prefix-list 200-v4localpref-prefixes seq 5 permit 4.4.1.10/32
ip prefix-list 200-v4localpref-prefixes seq 10 permit 4.4.1.10/32
ip prefix-list 200-v4localpref-prefixes seq 15 permit 4.4.1.10/32
!
route-map 10.0.137.253-in deny 20
!
route-map 10.0.137.253-out permit 1
 match ip address prefix-list 200-v4localpref-prefixes
 on-match next
 set local-preference 200
!
route-map 10.0.137.253-out permit 2
 match ip address prefix-list 65535:65282-v4prefixes
 on-match next
 set community no-advertise additive
!
route-map 10.0.137.253-out permit 3
 match ip address prefix-list 7003:7-v4prefixes
 on-match next
 set community 7003:7 additive
!
route-map 10.0.137.253-out permit 4
!
ip nht resolve-via-default
!
ipv6 nht resolve-via-default
!
line vty
!
end

###

Comment 5 errata-xmlrpc 2022-03-10 16:36:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.