BFD in a VRF not listening for port 3784/4784
Hi, I'm running frr 7.5.1 and trying to configure BFD for an interface in a VRF. BFD counters don't show any "Control packet input" packets, and I think this is because FRR needs to listen on port 3784 inside the VRF, it's non-VRF socket won't receive any packets from the VRF. I manually tested this idea with "netcat -ul 3784", and I was only able to receive BFD packets if I create the netcat listening socket within the VRF (e.g. "ip vrf exec myvrf netcat -ul 3784"). BFDD does create a socket in the VRF, but it's for a high port not for 3784/4784. I'm running on RHEL8 / kernel 4.18.0-240.15.1.el8_3.x86_64 and using FRR from rpm.frrouting.org/repo/el8. Is there some config I'm missing, or should I file this as a bug? For example, bfd peer 192.0.2.12 vrf myvrf interface enp4s0f1 Results in # ss -abnp | fgrep bfd udp UNCONN 0 0 0.0.0.0%myvrf:49155 0.0.0.0:* users:(("bfdd",pid=160681,fd=26)) udp UNCONN 0 0 0.0.0.0:3784 0.0.0.0:* users:(("bfdd",pid=160681,fd=14)) udp UNCONN 0 0 0.0.0.0:3785 0.0.0.0:* users:(("bfdd",pid=160681,fd=18)) udp UNCONN 0 0 [::]:4784 [::]:* users:(("bfdd",pid=160681,fd=17)) udp UNCONN 0 0 [::]:3784 [::]:* users:(("bfdd",pid=160681,fd=16)) udp UNCONN 0 0 [::]:3785 [::]:* users:(("bfdd",pid=160681,fd=19)) # vtysh -c "show bfd peers counter" peer 192.0.2.12 multihop local-address 192.0.2.13 vrf internet Control packet input: 0 packets Control packet output: 5140 packets Echo packet input: 0 packets Echo packet output: 0 packets Session up events: 0 Session down events: 0 Zebra notifications: 2 Compare with BGP, which does work for me in a VRF because it listens on port 179 inside the VRF. # ss -abnp 'sport = :179' Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp LISTEN 0 128 0.0.0.0%myvrf:179 0.0.0.0:* users:(("bgpd",pid=160658,fd=26)) tcp LISTEN 0 128 [::]%myvrf:179 [::]:* users:(("bgpd",pid=160658,fd=27)) Thank you, Andrew
After further research, this appears to be https://github.com/FRRouting/frr/issues/5146.<https://github.com/FRRouting/frr/issues/5146> As suggested there I have set net.ipv4.udp_l3mdev_accept=1 and that works. I'm puzzled though, it seems like https://github.com/FRRouting/frr/pull/5274 should have opened the VRF socket without needing the sysctl? On Wed, 2021-04-07 at 11:41 -0700, Andrew Denton wrote: Hi, I'm running frr 7.5.1 and trying to configure BFD for an interface in a VRF. BFD counters don't show any "Control packet input" packets, and I think this is because FRR needs to listen on port 3784 inside the VRF, it's non-VRF socket won't receive any packets from the VRF. I manually tested this idea with "netcat -ul 3784", and I was only able to receive BFD packets if I create the netcat listening socket within the VRF (e.g. "ip vrf exec myvrf netcat -ul 3784"). BFDD does create a socket in the VRF, but it's for a high port not for 3784/4784. I'm running on RHEL8 / kernel 4.18.0-240.15.1.el8_3.x86_64 and using FRR from rpm.frrouting.org/repo/el8. Is there some config I'm missing, or should I file this as a bug? For example, bfd peer 192.0.2.12 vrf myvrf interface enp4s0f1 Results in # ss -abnp | fgrep bfd udp UNCONN 0 0 0.0.0.0%myvrf:49155 0.0.0.0:* users:(("bfdd",pid=160681,fd=26)) udp UNCONN 0 0 0.0.0.0:3784 0.0.0.0:* users:(("bfdd",pid=160681,fd=14)) udp UNCONN 0 0 0.0.0.0:3785 0.0.0.0:* users:(("bfdd",pid=160681,fd=18)) udp UNCONN 0 0 [::]:4784 [::]:* users:(("bfdd",pid=160681,fd=17)) udp UNCONN 0 0 [::]:3784 [::]:* users:(("bfdd",pid=160681,fd=16)) udp UNCONN 0 0 [::]:3785 [::]:* users:(("bfdd",pid=160681,fd=19)) # vtysh -c "show bfd peers counter" peer 192.0.2.12 multihop local-address 192.0.2.13 vrf internet Control packet input: 0 packets Control packet output: 5140 packets Echo packet input: 0 packets Echo packet output: 0 packets Session up events: 0 Session down events: 0 Zebra notifications: 2 Compare with BGP, which does work for me in a VRF because it listens on port 179 inside the VRF. # ss -abnp 'sport = :179' Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp LISTEN 0 128 0.0.0.0%myvrf:179 0.0.0.0:* users:(("bgpd",pid=160658,fd=26)) tcp LISTEN 0 128 [::]%myvrf:179 [::]:* users:(("bgpd",pid=160658,fd=27)) Thank you, Andrew
On 07/04/2021 22:07, Andrew Denton wrote:
After further research, this appears to be https://github.com/FRRouting/frr/issues/5146. <https://github.com/FRRouting/frr/issues/5146> As suggested there I have set net.ipv4.udp_l3mdev_accept=1 and that works.
I'm puzzled though, it seems like https://github.com/FRRouting/frr/pull/5274 <https://github.com/FRRouting/frr/pull/5274> should have opened the VRF socket without needing the sysctl?
I'd be tempted to test with a newer kernel. -- Tim Bray Technology Director, ProVu Communications Ltd, Huddersfield, UK. http://www.provu.co.uk/ Phone: +44 1484 840048 IP Telephones, Drop shipping, pre-configuration, XML orders ***** If it is important, just phone *****
participants (2)
-
Andrew Denton -
Tim Bray