25.1 FRR Errors

Started by danderson, January 29, 2025, 04:33:38 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 29, 2025, 04:33:38 PM
after upgrade to 25.1 FRR config file shows empty and I get bgp and other errors, it does not connect to neighbors.
January 29, 2025, 04:34:18 PM #1
pic 2
January 29, 2025, 04:35:11 PM #2
pic 3
January 29, 2025, 04:44:21 PM #3
Thanks for the report. We are currently investigating. Problem unclear.


Cheers,
Franco
January 29, 2025, 07:09:17 PM #4
The new rc.d script in the FreeBSD ports update creates an empty frr.conf file which breaks our configuration because of how frr reacts to the presence of it... can't make this up:

https://github.com/opnsense/ports/commit/912f69f36b#diff-a0a7b370c8706be05fa3b2824b8d16470f76d437b86c82ac908bed4bcb29bd5bR203

We will roll back the change, but it may be that the file needs to be deleted manually to avoid further complications.
January 29, 2025, 07:24:46 PM #5 Last Edit: January 29, 2025, 07:39:27 PM by franco
Can somebody confirm this fixes it?

# opnsense-revert -z frr8
# rm /usr/local/etc/frr/frr.conf
# rm /usr/local/etc/frr/frr.conf.sav

And try to restart the service now.

For reference: https://github.com/opnsense/ports/commit/f005f9c9a34


Cheers,
Franco
January 29, 2025, 07:37:15 PM #6
also

# rm /usr/local/etc/frr/frr.conf.sav

Just to be sure
Hardware:
DEC740
January 29, 2025, 07:51:16 PM #7
Quote from: franco on January 29, 2025, 07:24:46 PMCan somebody confirm this fixes it?

# opnsense-revert -z frr8
# rm /usr/local/etc/frr/frr.conf
# rm /usr/local/etc/frr/frr.conf.sav

And try to restart the service now.

For reference: https://github.com/opnsense/ports/commit/f005f9c9a34


Cheers,
Franco

it works!

tks :D
January 29, 2025, 08:02:15 PM #8
@franco,

can also confirm that the above does fix the issue.
January 29, 2025, 08:30:42 PM #9
Confirm the fix works.
January 29, 2025, 08:55:17 PM #10
Thank you, I updated the packages to avoid this issue for all the other upgraders.

But: for anyone running into this already having upgraded make sure frr.conf variants are removed:

# rm -f /usr/local/etc/frr/frr.conf /usr/local/etc/frr/frr.conf.sav

The behaviour of FRR is a little strange here and since the FreeBSD package is also not tracking a frr.conf.sample this was bound to happen.

Suffice to say the commit did not land in 24.7.12 because it was deemed a bit risky... ;)

Special thanks to Cedrik for figuring this out quickly.


Cheers,
Franco
January 29, 2025, 09:06:09 PM #11
Did the upgrade 10 minutes too early ^^
Well the fix did the job, thanks
February 01, 2025, 09:37:15 AM #12
Not sure if it's correlated but since upgrading to 25.1 FRR doesn't establish OSPF relationships.

My downstream switches are stuck in an INIT or EXSTART stance and won't form a connection.
February 01, 2025, 09:45:57 AM #13
Connect via ssh to the OPNsense

Go into the shell

# vtysh
# show running-config
Hardware:
DEC740
February 01, 2025, 04:59:29 PM #14 Last Edit: February 01, 2025, 05:52:12 PM by Deathmage85
@cedrik - doing that it trails off the screen inside of putty, how do I make it scrollable in the console?

Should be noted, the OPNsense is running on a Protectli VP6670: https://protectli.com/product/vp6670/ with 32 GB of DDR5.

I've been switching between P2P and broadcast. Also strangely the OSPF interfaces have a hello set at 10, but it doesn't show in the running config. I've been switching between enabling different STP on my Netgear M4300 16X16F, and also enabling igmp. But prior to the OPNsense I didn't need igmp/STP for my previous Sophos XG Home firewall.

Below is the FFR config, I'm using default OPNsense NAT, and I'm using the autoconfigured OSPF firewall rules.

Right now my downstream Netgear M4300 16X16F is stuck in an INIT/DR-Backup state for native vlan, and for the other vlans they are stuck in EXSTART/DROther.

MTU is hardcoded end to end with 1500.

Here is the config from within OPNsense from inside the
GUI.




Current configuration:
!
frr version 8.5.6
frr defaults traditional
hostname base1.maxdomain.local
log syslog notifications
!
interface enc0
 ip ospf passive
exit
!
interface igc0
 ip ospf passive
exit
!
interface igc1
 ip ospf passive
exit
!
interface igc2
 ip ospf passive
exit
!
interface igc3
 ip ospf passive
exit
!
interface lo0
 ip ospf passive
exit
!
interface vlan01
 ip ospf dead-interval 40
 ip ospf network broadcast
exit
!
interface vlan02
 ip ospf dead-interval 40
 ip ospf network broadcast
exit
!
interface vlan03
 ip ospf dead-interval 40
 ip ospf network broadcast
exit
!
router ospf
 ospf router-id 192.168.115.1
 redistribute kernel
 redistribute connected
 redistribute static
 network 192.168.115.0/24 area 0.0.0.0
 network 192.168.120.0/24 area 0.0.0.0
 network 192.168.130.0/24 area 0.0.0.0
 area 0.0.0.0 range 192.168.115.0/24
 area 0.0.0.0 range 192.168.120.0/24
 area 0.0.0.0 range 192.168.130.0/24
 default-information originate metric 1
exit
!
end

For context, here is the config from the Netgear M4300 16X16F (all ports operate at 10GE):

interface 1/0/15
description 'Uplink to firewall'
mtu 1500
switchport mode trunk
switchport trunk allowed vlan 1,100,200
ip ospf area 0
exit

interface vlan 1
description 'Native vLAN Network'
routing
ip address 192.168.115.3 255.255.255.0
ip ospf area 0
ip mtu 1500
exit



interface vlan 100
description 'LAB Server vLAN'
routing
ip address 192.168.120.3 255.255.255.0
ip ospf area 0
ip mtu 1500
exit



interface vlan 200
description 'Lab Desktop vLAN'
routing
ip address 192.168.130.3 255.255.255.0
ip ospf area 0
ip mtu 1500
exit

router ospf
router-id 1.1.1.1
no 1583compatibility
network 192.168.115.0 0.0.0.255 area 0
network 192.168.116.0 0.0.0.255 area 0
network 192.168.120.0 0.0.0.255 area 0
network 192.168.130.0 0.0.0.255 area 0
network 192.168.190.0 0.0.0.255 area 1
network 172.16.100.0 0.0.0.255 area 0
network 172.16.110.0 0.0.0.255 area 0
default-metric 2
default-information originate always metric 11
redistribute connected subnets
exit

Here is what "Show IP OSPF Neighbor" looks like on the Netgear M4300 (192.168.115.1 is the vlan 1 IP on the OPNsense):
30.30.30.30 is another Netgear M4300 12X12F (as you can see OSPF is fully up to that switch) in series below my 16X16F. My 16X is my Core switch, my 12X is my distro layer, below that and out of scope is another 16X for a VMware ESXi 8.0U3 datacenter with 6 ESXi hosts. I'm a VMware vExpert, hence free Enterprise Plus licensing.

(M4300-16X16F) #show ip ospf ne

Router ID       Priority IP Address      Neighbor    State              Dead
                                         Interface                      Time
--------------- -------- --------------- ----------- ------------------ ----
30.30.30.30     1        172.16.100.5    vlan 400    Full/BACKUP-DR     38
30.30.30.30     1        172.16.110.5    vlan 410    Full/BACKUP-DR     38
192.168.115.1   1        192.168.115.1   vlan 1      Init/BACKUP-DR     37
30.30.30.30     1        192.168.115.5   vlan 1      Full/BACKUP-DR     38
192.168.115.1   1        192.168.120.1   vlan 100    Ex Start/DR-OTHER  37
30.30.30.30     1        192.168.120.5   vlan 100    Ex Start/DR-OTHER  31
192.168.115.1   1        192.168.130.1   vlan 200    Ex Start/DR-OTHER  37
30.30.30.30     1        192.168.130.5   vlan 200    Loading/DR-OTHER   31

Print
Go Up Pages1 2
User actions