frr icon indicating copy to clipboard operation
frr copied to clipboard
verified publisher icon FRRouting

zebra failing to install routes in vpn setup: missing 'onlink'

Open melissaboiko opened this issue 3 years ago • 0 comments

  • frr version: 8.3.1-0~deb11u1
  • OS: Debian 11 (bullseye)
  • Kernel: 5.13.10

I'm trying to upgrade some ancient systems running quagga to Debian bullseye with frr, and while it initially worked, recently I started getting this type of error on zebra logs:

2022/09/05 11:21:49 ZEBRA: [VYKYC-709DP] default(0:254):192.0.4.0/23: Route install failed
2022/09/05 11:21:49 ZEBRA: [HSYZM-HV7HF] Extended Error: Nexthop has invalid gateway
2022/09/05 11:21:49 ZEBRA: [VYKYC-709DP] default(0:254):192.0.7.0/24: Route install failed
2022/09/05 11:21:49 ZEBRA: [WVJCK-PPMGD][EC 4043309093] netlink-dp (NS 0) error: Network is unreachable, type=RTM_NEWNEXTHOP(104), seq=75, pid=2149937139
2022/09/05 11:21:49 ZEBRA: [VYKYC-709DP] default(0:254):192.0.8.0/23: Route install failed
2022/09/05 11:21:49 ZEBRA: [HSYZM-HV7HF] Extended Error: Nexthop id does not exist
2022/09/05 11:21:49 ZEBRA: [P2XBZ-RAFQ5][EC 4043309074] Failed to install Nexthop ID (80) into the kernel
2022/09/05 11:21:49 ZEBRA: [WVJCK-PPMGD][EC 4043309093] netlink-dp (NS 0) error: Invalid argument, type=RTM_NEWROUTE(24), seq=76, pid=2149937139

I'm getting the routes via ospf as always; vtysh shows all of them.

vtysh# show ip route 192.0.4.0/23
    Routing entry for 192.0.4.0/23
     Known via "ospf", distance 110, metric 20, best
     Last update 00:22:41 ago
     r 192.0.49.11, via vpn2, weight 1

So I tried to add the route manually:

$ ip -c -br addr show dev vpn2
vpn2             UP             192.0.49.13/24 fd00::acab/64 fe80::acab/64

$ ip route add 192.0.4.0/23 via 192.0.49.11 dev vpn2
Error: Nexthop has invalid gateway.

Whoops. The command above works in the old servers, but somewhere along the line of Linux upgrades a new flag is necessary:

$ ip route add 192.0.4.0/23 via 192.0.49.11 dev vpn2 onlink

$ ip route show 192.0.4.0/23
192.0.4.0/23 via 192.0.49.11 dev vpn2 onlink

$ ping -c 3 192.0.4.1
PING 192.0.4.1 (192.0.4.1) 56(84) bytes of data.
64 bytes from 192.0.4.1: icmp_seq=1 ttl=64 time=20.2 ms

I'm guessing zebra can't install the flags for the same reason. How do I tell it to use 'onlink' or the equivalent?

melissaboiko avatar Sep 05 '22 10:09 melissaboiko