frr
frr copied to clipboard
Published
20 hours ago •
FRRouting
FRRouting
PIMv6:- IPv6 (S,G) mroutes not removed after configuring source route as blackhole
Initially traffic and mroutes were fine , later have configure source route as blackhole notice that mroutes still populated and traffic is flowing fine , however configuring RP route as blackhole is correct, it removes (*,G) entries immediately
R11(config)# do show ipv6 route
B>* 1020::/64 [20/0] via fe80::250:56ff:feb7:54ad, ens192.4001, weight 1, 00:01:37
R11(config)# ipv6 route 1020::10/64 blackhole
S>* 1020::/64 [1/0] unreachable (blackhole), weight 1, 00:00:03
R11(config)# do show ipv6 route 1020::10
Routing entry for 1020::/64
Known via "static", distance 1, metric 0, best
Last update 00:06:17 ago
* unreachable (blackhole), weight 1
R11(config)# do show ipv6 mroute
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
R - SGRpt Pruned, F - Register flag, T - SPT-bit set
Source Group Flags Proto Input Output TTL Uptime
* ffaa::1 SC MLD ens192.4001 pim6reg 1 00:06:20
MLD ens225 1
1020::10 ffaa::1 S STAR ens192.4001 ens225 1 00:08:18
* ffaa::2 SC MLD ens192.4001 pim6reg 1 00:06:20
MLD ens225 1
1020::10 ffaa::2 S STAR ens192.4001 ens225 1 00:08:18
* ffaa::3 SC MLD ens192.4001 pim6reg 1 00:06:20
MLD ens225 1
1020::10 ffaa::3 S STAR ens192.4001 ens225 1 00:08:18
* ffaa::4 SC MLD ens192.4001 pim6reg 1 00:06:20
MLD ens225 1
1020::10 ffaa::4 S STAR ens192.4001 ens225 1 00:08:18
* ffaa::5 SC MLD ens192.4001 pim6reg 1 00:06:20
MLD ens225 1
1020::10 ffaa::5 S STAR ens192.4001 ens225 1 00:08:18
R11(config)# do show ipv6 mroute count
Source Group LastUsed Packets Bytes WrongIf
* ffaa::1 0 0 0 0
1020::10 ffaa::1 0 1748 185288 0
* ffaa::2 0 0 0 0
1020::10 ffaa::2 0 1748 185288 0
* ffaa::3 0 0 0 0
1020::10 ffaa::3 0 1748 185288 0
* ffaa::4 0 0 0 0
1020::10 ffaa::4 0 1747 185182 0
* ffaa::5 0 0 0 0
1020::10 ffaa::5 0 1748 185288 0
R11(config)# do show ipv6 mroute count
Source Group LastUsed Packets Bytes WrongIf
* ffaa::1 0 0 0 0
1020::10 ffaa::1 0 1753 185818 0
* ffaa::2 0 0 0 0
1020::10 ffaa::2 0 1753 185818 0
* ffaa::3 0 0 0 0
1020::10 ffaa::3 0 1752 185712 0
* ffaa::4 0 0 0 0
1020::10 ffaa::4 0 1752 185712 0
* ffaa::5 0 0 0 0
1020::10 ffaa::5 0 1753 185818 0
R11(config)#
2022/06/29 22:04:58 PIM: [GB086-47SZZ] Recv PIM HELLO packet from 21.4.1.2 to 224.0.0.13 on ens161.4008: pim_version=2 pim_msg_size=74 checksum=f1c5
2022/06/29 22:04:58 PIM: [MQHYQ-FB1JT] pim_neighbor_timer_reset: starting 105 sec timer for neighbor 21.4.1.2 on ens161.4008
2022/06/29 22:04:58 PIM: [GW27G-J4HGZ] Scheduling READ event on PIM socket fd=39
2022/06/29 22:05:02 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 0
2022/06/29 22:05:02 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 2
2022/06/29 22:05:02 PIM: [QHEGA-0QHKJ] pim_msg_send: to 224.0.0.13 on ens225: msg_size=74 checksum=63ab
2022/06/29 22:05:02 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 0
2022/06/29 22:05:02 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 2
2022/06/29 22:05:02 PIM: [QHEGA-0QHKJ] pim_msg_send: to 224.0.0.13 on ens193: msg_size=74 checksum=a17b
2022/06/29 22:05:11 ZEBRA: [WVJCK-PPMGD][EC 4043309093] netlink-cmd (NS 0) error: Operation not supported, type=RTM_GETROUTE(26), seq=2523, pid=3427393936
2022/06/29 22:05:12 PIM: [GB086-47SZZ] Recv PIM HELLO packet from 11.1.1.2 to 224.0.0.13 on ens192.4001: pim_version=2 pim_msg_size=74 checksum=240c
2022/06/29 22:05:12 PIM: [MQHYQ-FB1JT] pim_neighbor_timer_reset: starting 105 sec timer for neighbor 11.1.1.2 on ens192.4001
2022/06/29 22:05:12 PIM: [GW27G-J4HGZ] Scheduling READ event on PIM socket fd=22
2022/06/29 22:05:16 ZEBRA: [WVJCK-PPMGD][EC 4043309093] netlink-cmd (NS 0) error: Operation not supported, type=RTM_GETROUTE(26), seq=2524, pid=3427393936
2022/06/29 22:05:17 ZEBRA: [WVJCK-PPMGD][EC 4043309093] netlink-cmd (NS 0) error: Operation not supported, type=RTM_GETROUTE(26), seq=2525, pid=3427393936
2022/06/29 22:05:18 ZEBRA: [WVJCK-PPMGD][EC 4043309093] netlink-cmd (NS 0) error: Operation not supported, type=RTM_GETROUTE(26), seq=2526, pid=3427393936
2022/06/29 22:05:24 ZEBRA: [WVJCK-PPMGD][EC 4043309093] netlink-cmd (NS 0) error: Operation not supported, type=RTM_GETROUTE(26), seq=2527, pid=3427393936
2022/06/29 22:05:25 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 0
2022/06/29 22:05:25 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 2
2022/06/29 22:05:25 PIM: [QHEGA-0QHKJ] pim_msg_send: to 224.0.0.13 on ens192.4001: msg_size=74 checksum=5485
2022/06/29 22:05:28 PIM: [ZTJJQ-JPDAT] on_neighbor_jp_timer:Sending JP Agg to 21.1.1.2 on ens161.4005 with 0 groups
2022/06/29 22:05:28 PIM: [S0AES-PYS8Z] pim_joinprune_send: from 21.1.1.2 on ens161.4005
2022/06/29 22:05:28 PIM: [ZTJJQ-JPDAT] on_neighbor_jp_timer:Sending JP Agg to 21.2.1.2 on ens161.4006 with 0 groups
2022/06/29 22:05:28 PIM: [S0AES-PYS8Z] pim_joinprune_send: from 21.2.1.2 on ens161.4006
2022/06/29 22:05:28 PIM: [ZTJJQ-JPDAT] on_neighbor_jp_timer:Sending JP Agg to 21.3.1.2 on ens161.4007 with 0 groups
2022/06/29 22:05:28 PIM: [S0AES-PYS8Z] pim_joinprune_send: from 21.3.1.2 on ens161.4007
2022/06/29 22:05:28 PIM: [ZTJJQ-JPDAT] on_neighbor_jp_timer:Sending JP Agg to 21.4.1.2 on ens161.4008 with 0 groups
2022/06/29 22:05:28 PIM: [S0AES-PYS8Z] pim_joinprune_send: from 21.4.1.2 on ens161.4008
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 0
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 2
2022/06/29 22:05:28 PIM: [QHEGA-0QHKJ] pim_msg_send: to 224.0.0.13 on ens161.4005: msg_size=74 checksum=601f
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 0
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 2
2022/06/29 22:05:28 PIM: [QHEGA-0QHKJ] pim_msg_send: to 224.0.0.13 on ens161.4006: msg_size=74 checksum=d44
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 0
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 2
2022/06/29 22:05:28 PIM: [QHEGA-0QHKJ] pim_msg_send: to 224.0.0.13 on ens161.4007: msg_size=74 checksum=54f9
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 0
2022/06/29 22:05:28 PIM: [GEEFD-9DMSG] pim_tlv_append_addrlist_ucast: number of encoded secondary unicast IPv4 addresses: 2
2022/06/29 22:05:28 PIM: [QHEGA-0QHKJ] pim_msg_send: to 224.0.0.13 on ens161.4008: msg_size=74 checksum=5c57
2022/06/29 22:05:28 PIM: [GB086-47SZZ] Recv PIM HELLO packet from 21.1.1.2 to 224.0.0.13 on ens161.4005: pim_version=2 pim_msg_size=74 checksum=814d
2022/06/29 22:05:28 PIM: [MQHYQ-FB1JT] pim_neighbor_timer_reset: starting 105 sec timer for neighbor 21.1.1.2 on ens161.4005
2022/06/29 22:05:28 PIM: [GW27G-J4HGZ] Scheduling READ event on PIM socket fd=33
2022/06/29 22:05:28 PIM: [GB086-47SZZ] Recv PIM HELLO packet from 21.2.1.2 to 224.0.0.13 on ens161.4006: pim_version=2 pim_msg_size=74 checksum=3923
2022/06/29 22:05:28 PIM: [MQHYQ-FB1JT] pim_neighbor_timer_reset: starting 105 sec timer for neighbor 21.2.1.2 on ens161.4006
2022/06/29 22:05:28 PIM: [GW27G-J4HGZ] Scheduling READ event on PIM socket fd=35
2022/06/29 22:05:28 PIM: [GB086-47SZZ] Recv PIM HELLO packet from 21.3.1.2 to 224.0.0.13 on ens161.4007: pim_version=2 pim_msg_size=74 checksum=3e69
2022/06/29 22:05:28 PIM: [MQHYQ-FB1JT] pim_neighbor_timer_reset: starting 105 sec timer for neighbor 21.3.1.2 on ens161.4007
2022/06/29 22:05:28 PIM: [GW27G-J4HGZ] Scheduling READ event on PIM socket fd=37
2022/06/29 22:05:28 PIM: [GB086-47SZZ] Recv PIM HELLO packet from 21.4.1.2 to 224.0.0.13 on ens161.4008: pim_version=2 pim_msg_size=74 checksum=f1c5
2022/06/29 22:05:28 PIM: [MQHYQ-FB1JT] pim_neighbor_timer_reset: starting 105 sec timer for neighbor 21.4.1.2 on ens161.4008
2022/06/29 22:05:28 PIM: [GW27G-J4HGZ] Scheduling READ event on PIM socket fd=39
Noticed that if we configure /128 mask, then blackhole works fine. Checked the same for IPv4, /32 works fine. But other masks does not work.
PIMv6:
frr(config)# do show ipv6 route 12::1
Routing entry for 12::/64
Known via "static", distance 1, metric 0
Last update 00:01:31 ago
unreachable (blackhole), weight 1
Routing entry for 12::/64
Known via "ospf6", distance 110, metric 10
Last update 01:00:40 ago
directly connected, ens224, weight 1
Routing entry for 12::/64
Known via "connected", distance 0, metric 0, best
Last update 3d23h25m ago
* directly connected, ens224
frr(config)#
Works fine if /128 is configured.
ipv6 route 12::1/128 blackhole
frr(config)# do show ipv6 mroute
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
R - SGRpt Pruned, F - Register flag, T - SPT-bit set
Source Group Flags Proto Input Output TTL Uptime
frr(config)#
Mroutes got deleted. But does not work if /64 is configured
frr(config)# ipv6 route 12::1/64 blackhole
frr(config)# do show ipv6 mroute
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
R - SGRpt Pruned, F - Register flag, T - SPT-bit set
Source Group Flags Proto Input Output TTL Uptime
12::1 ff08::1 SFT PIM ens224 ens192 1 00:00:43
12::1 ffaa::1 SFT PIM ens224 pim6reg 1 00:00:43
PIM ens192 1
12::1 ffaa::2 SFT PIM ens224 ens192 1 00:00:43
12::1 ffaa::3 SFT PIM ens224 ens192 1 00:00:43
12::1 ffaa::4 SFP PIM ens224 pim6reg 1 00:00:43
12::1 ffaa::5 SFP none ens224 none 0 --:--:--
frr(config)# do show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
S 12::/64 [1/0] unreachable (blackhole), weight 1, 00:00:34
O 12::/64 [110/10] is directly connected, ens224, weight 1, 01:04:29
C>* 12::/64 is directly connected, ens224, 3d23h29m
O>* 105::105/128 [110/20] via fe80::250:56ff:feb7:58dd, ens192, weight 1, 01:04:29
O>* 1750::/64 [110/20] via fe80::250:56ff:feb7:58dd, ens192, weight 1, 01:04:29
C * fe80::/64 is directly connected, ens224, 3d23h29m
C * fe80::/64 is directly connected, ens192, 3d23h29m
C>* fe80::/64 is directly connected, ens160, 3d23h29m
frr(config)#
This is not an issue.
Since 12::1/64 is a connected route, it is always preferred over static route. That is the reason it did not work. If you check the do show ipv6 route output, there the connected route is preferred over static and is selected as best route, therefore the traffic still flows.
I am trying to configure blackhole route on LHR for source subnet , if you check o/p given , initially route was learn from BGP later configured as blackhole and traffic was still flowing fine, looks like you are trying to configure blackhole on source itself which is not my case.
R11(config)# do show ipv6 route B>* 1020::/64 [20/0] via fe80::250:56ff:feb7:54ad, ens192.4001, weight 1, 00:01:37
R11(config)# ipv6 route 1020::10/64 blackhole S>* 1020::/64 [1/0] unreachable (blackhole), weight 1, 00:00:03
R11(config)# do show ipv6 route 1020::10 Routing entry for 1020::/64 Known via "static", distance 1, metric 0, best Last update 00:06:17 ago
- unreachable (blackhole), weight 1
Please re-open bug and let me any other details or inout required from my side
Observations: I could see here that after applying blackhole on the source route, the mroutes are switched to RPT path, we can see it in the mroute display, the IIF has become same and 'T' bit is removed.
This commit 69e3538cd89b070d3434192bb28b94d7b721ceeb intentionally has added this behaviour which deviates a little from RFC in order to make things work.
I will check further whether we need to modify this or this behavior is fine.
Discussed this with Vijay. Since this https://github.com/FRRouting/frr/commit/69e3538cd89b070d3434192bb28b94d7b721ceeb commit has specifically added this behaviour to fix scenarios where SPT path is not available to fall back on RPT path, we are not fixing it.