1.2 rolling - static routes not working

hahosting · March 28, 2019, 5:35pm

Hi there,

Using vyos-1.2.0-rolling+201903120337-amd64, problem when adding /24 static routes into VyOS so they propagate into BGP.

If I add a static route via conf it doesn’t propagate into the routing table:
# set pro static route 193.x.x.0/24 next-hop 10.254.254.2 distance 1
# commit
# save
# exit
$ sh ip route 193.x.x.0/24
% Network not in table
$ sh ip bgp 193.x.x.0/24
% Network not in table

But if I add the route via sudo, it appears as a kernel route, but not into BGP because we don’t allow kernel routes to redistribute:
$ sudo ip route add 193.x.x.0/24 via 10.254.254.2
$ sh ip route 193.x.x.0/24
Routing entry for 193.x.x.0/24
Known via "kernel", distance 0, metric 0, best
Last update 00:00:05 ago
* 10.254.254.2, via eth1
$ sh ip bgp 193.x.x.0/24
% Network not in table

The local IP on the router is 10.254.254.253, the next hop, 10.254.254.2 is directly connected on a flat ethernet segment, connectivity between the hosts is fine.

To me it seems that there’s something wrong with how static routes are being injected from config mode. I’ve found similar posts on here, and on google relating to Ubnt’s version of Vyatta, but nothing specific to VyOS 1.2, and nothing helpful as yet. Has anyone else seen this? any ideas?

PS - this works fine on VyOS 1.1.8

Thanks,
Stuart.

hagbard · March 28, 2019, 7:21pm

What do you have in your route map allowed?

hahosting · March 29, 2019, 8:37am

The prefix is allowed in a prefix-list, the prefix list is allowed in the route-map, and the route-map is the export within BGP. The route however never gets injected into BGP because it needs to be in the routing table locally first

# sh pol route-map 
 route-map BGP-Export-To-Carrier {
     rule 1 {
         action permit
         match {
             ip {
                 address {
                     prefix-list BGP-Export-To-Carrier
                 }
             }
         }
     }
     rule 2 {
         action permit
         match {
             ip {
                 address {
                     prefix-list BGP-Blackhole
                 }
             }
         }
     }
 }
# sh pol prefix-list BGP-Export-To-Carrier
<snip>
     rule 9 {
         action permit
         prefix 193.x.x.0/24
     }
<snip>

zsdc · April 10, 2019, 3:08pm

Hello, @hahosting!
Could you show us a full configuration of your interfaces and protocols sections and output of the show ip route?

hahosting · May 1, 2019, 12:15pm

We’ve found the same bug reported on the VyOS Phabricator:
https://phabricator.vyos.net/T1218

…seems to have been an issue for some time, now fixed in the H4 update for 1.2.0. As we’re still evaluating 1.2 before committing to a subscription we don’t have access behind the paywall yet. We’ve reverted back to 1.1.8 on the routers we’ve upgraded.

If H4 appears in the rolling release sometime (not sure how to check that!), we can retest.

Thanks to all who read this and posted a reply.

ciprian.craciun · May 3, 2019, 6:35am

Would this issue also apply to other situations when static routes aren’t applied?

My concrete use-case is L2TP/IPsec server (on VyOS), which fails to add static routes when a client (in fact another router) connects.