BGP behaviour change on upgrade from 1.3.2 to 1.4 rolling

mpsl · June 14, 2023, 10:00am

I am running BGP unnumbered over wireguard tunnels on multiple vyos routers (see BGP IPv6 unnumbered with extended nexthop — VyOS 1.3.x (equuleus) documentation)

I just finished upgrading them from 1.3.2 to 1.4-rolling-202306130317 and the bgp configuration failed to commit, complaining about a missing remote-as on the neighbor. On 1.3.2 the config worked without issue.

old config:

[edit protocols bgp]
set neighbor wg3 interface v6only peer-group 'peers'
set peer-group peers address-family ipv4-unicast prefix-list export 'internal'
set peer-group peers address-family ipv4-unicast prefix-list import 'internal'
set peer-group peers address-family ipv4-unicast soft-reconfiguration inbound
set peer-group peers address-family ipv6-unicast prefix-list export 'internal-6'
set peer-group peers address-family ipv6-unicast prefix-list import 'internal-default-6'
set peer-group peers address-family ipv6-unicast soft-reconfiguration inbound
set peer-group peers capability extended-nexthop
set peer-group peers remote-as 'external'

after modifying the config as seen here it works without isse:

[edit protocols bgp]
set neighbor wg3 interface v6only peer-group 'peers'
set neighbor wg3 interface v6only remote-as 'external'
set peer-group peers address-family ipv4-unicast prefix-list export 'internal'
set peer-group peers address-family ipv4-unicast prefix-list import 'internal'
set peer-group peers address-family ipv4-unicast soft-reconfiguration inbound
set peer-group peers address-family ipv6-unicast prefix-list export 'internal-6'
set peer-group peers address-family ipv6-unicast prefix-list import 'internal-default-6'
set peer-group peers address-family ipv6-unicast soft-reconfiguration inbound
set peer-group peers capability extended-nexthop

It’s not a big deal if going forward the remote-as must be configured directly on the neighbor, but a migration would be nice, to avoid losing the entire bgp config on an upgrade

tomcat667 · June 14, 2023, 10:38am

try to migrate your configuration offline with this script

/usr/libexec/vyos/run-config-migration.py

/usr/libexec/vyos/run-config-migration.py --virtual --set-vintage vyos /tmp/config.boot

mpsl · June 14, 2023, 11:23am

does run-config-migration.py log its actions somewhere? It doesn’t give me any output and the config file remains untouched.

tomcat667 · June 15, 2023, 11:08am

look in the directory you will find two files

mpsl · June 15, 2023, 11:28am

I’m sure I should, but that’s not what I’m seeing:

user@r1:/tmp$ ls
config.boot  systemd-private-f9cc574c87a34a809a5fcccf74afb73a-chrony.service-HB7RFW   systemd-private-f9cc574c87a34a809a5fcccf74afb73a-ocserv.service-PzdBAd         systemd-private-f9cc574c87a34a809a5fcccf74afb73a-radvd.service-fvsphU           vyos-configd-script-stdout
dhcpd.conf   systemd-private-f9cc574c87a34a809a5fcccf74afb73a-haveged.service-FxVk0t  systemd-private-f9cc574c87a34a809a5fcccf74afb73a-pdns-recursor.service-AaQ8hf  systemd-private-f9cc574c87a34a809a5fcccf74afb73a-systemd-logind.service-sTG02W  vyos-config-status
user@r1:/tmp$ tail -n 5 config.boot                                                                                                                                                                                                                                   


// Warning: Do not remove the following line.
// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.3.2
user@r1:/tmp$ sudo /usr/libexec/vyos/run-config-migration.py --virtual --set-vintage vyos /tmp/config.boot
user@r1:/tmp$ ls
config.boot  systemd-private-f9cc574c87a34a809a5fcccf74afb73a-chrony.service-HB7RFW   systemd-private-f9cc574c87a34a809a5fcccf74afb73a-ocserv.service-PzdBAd         systemd-private-f9cc574c87a34a809a5fcccf74afb73a-radvd.service-fvsphU           vyos-configd-script-stdout
dhcpd.conf   systemd-private-f9cc574c87a34a809a5fcccf74afb73a-haveged.service-FxVk0t  systemd-private-f9cc574c87a34a809a5fcccf74afb73a-pdns-recursor.service-AaQ8hf  systemd-private-f9cc574c87a34a809a5fcccf74afb73a-systemd-logind.service-sTG02W  vyos-config-status
user@r1:/tmp$ tail -n 5 config.boot


// Warning: Do not remove the following line.
// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.3.2
user@r1:/tmp$

a.srividya · June 21, 2023, 8:39am

A bug report is submitted: ⚓ T5306 config migration failed with v6only option configured with peer-group

You can add any additional comments if you want.