[FROG] Is there an IPv6 forwarding bug in FRR running in namespace?

Peter Olsson list-frog at jyborn.se
Wed Sep 23 21:57:07 UTC 2020 

On Wed, Sep 23, 2020 at 10:31:48PM +0200, Peter Olsson wrote:
> Or am I doing it wrong? (But it works in quagga.)
> 
> Debian 10.5.
> FRR tried both 6.0.2 and 7.3.1.
> Installed package is frr-snmp.
> 
> This is what i do:
> 
> /etc/sysctl.d/local.conf:
> net.ipv4.ip_forward=1
> net.ipv6.conf.all.forwarding=1
> 
> mkdir -p /run/frr/$NS
> chown frr:frr /run/frr/$NS
> /sbin/ip netns add $NS
> /sbin/ip netns exec $NS /sbin/ip link set dev lo up
> 
> Create two interfaces, one of which is a veth peer to a veth interface in the default namespace.
> Both interfaces have IPv4 and IPv6 addresses.
> 
> /sbin/ip netns exec $NS /usr/lib/frr/zebra -d -A 127.0.0.1 -s 90000000 -N $NS
> /sbin/ip netns exec $NS /usr/lib/frr/bgpd -d -A 127.0.0.1 -N $NS
> /sbin/ip netns exec $NS /usr/lib/frr/ospfd -d -A 127.0.0.1 -N $NS
> /sbin/ip netns exec $NS /usr/lib/frr/ospf6d -d -A 127.0.0.1 -N $NS
> /sbin/ip netns exec $NS /usr/lib/frr/staticd -d -A 127.0.0.1 -N $NS
> 
> cat /proc/sys/net/ipv6/conf/*/forwarding show all ones.
> (However, the namespace interfaces aren't displayed in
> /proc/sys/net/ipv6/conf, just the default namespace interfaces.
> But the same goes for IPv4, and I have no problems with IPv4.)

Found this:

# ip netns exec $NS sysctl -a|grep forwarding|grep -v bc_|grep -v mc_
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.enp10s0f0/117.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.veth-gotanet-C.forwarding = 1
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.enp10s0f0/117.forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.veth-gotanet-C.forwarding = 0

So the IPv4 forwarding configuration in Debian is inherited by the namespace,
but not the IPv6 forwarding configuration. I don't know how to fix this, my
attempts at echo 1 > xxx/forwarding or sysctl -w net.ipv6.conf.all.forwarding=1
in the namespace during the boot sequence fail.
But anyway, this is not an FRR problem.

Sorry about the noise!

Peter Olsson

More information about the frog mailing list