I was unable to find any documentation to suggest this being an invalid configuration, however it appears if you configure a failover route, and then advertise that route via BGP with network-import-check enabled, it will cause BGP to fail to start.
In larger configurations it appears this will result in 100% failure rate, but in smaller configs (eg. one route, and one BGP neighbour) it may not always fail.
Additionally it appears if the failover routes are added after BGP is configured, the failure wont appear until BGP is restarted (eg. bgp config change or system reload)
I also noted that if the failover route fails its checks, then BGP will load successfully, so this may also be a timing issue?
The below configuration was used to replicate the issue, with eth0 connected to a device to simulate connectivity (eg. responds to ICMP echo-requests on IP, if one of network-import-check/failover route/network is removed BGP is able to successfully start
interfaces {
ethernet eth0 {
address 103.103.103.3/31
description WAN1
hw-id 0c:57:3c:8e:00:00
}
ethernet eth1 {
address 203.203.203.3/31
description WAN2
hw-id 0c:57:3c:8e:00:01
}
}
protocols {
bgp {
address-family {
ipv4-unicast {
network 1.1.1.1/32 {
}
network 8.8.8.8/32 {
}
network 9.9.9.9/32 {
}
}
}
neighbor 103.103.103.2 {
address-family {
ipv4-unicast {
}
}
description Test
remote-as 1234
update-source 103.103.103.3
}
neighbor 203.203.203.2 {
address-family {
ipv4-unicast {
}
}
remote-as 1234
update-source 203.203.203.3
}
parameters {
network-import-check
}
system-as 64523
}
failover {
route 1.1.1.1/32 {
next-hop 103.103.103.2 {
check {
target 103.103.103.2
timeout 1
}
interface eth0
}
next-hop 203.203.203.2 {
check {
target 203.203.203.2
timeout 1
}
interface eth1
}
}
}
}
Below is a test with the configuration, by making a basic change to BGP (adding a description to a neighbor) which causes BGP config to reload
vyos@fw2# show protocols bgp
address-family {
ipv4-unicast {
network 1.1.1.1/32 {
}
network 8.8.8.8/32 {
}
network 9.9.9.9/32 {
}
}
}
neighbor 103.103.103.2 {
address-family {
ipv4-unicast {
}
}
+ description Test
remote-as 1234
update-source 103.103.103.3
}
neighbor 203.203.203.2 {
address-family {
ipv4-unicast {
}
}
remote-as 1234
update-source 203.203.203.3
}
parameters {
network-import-check
}
system-as 64523
[edit]
vyos@fw2# run show ip bgp
BGP table version is 4, local router ID is 104.104.104.2, vrf id 0
Default local pref 100, local AS 64523
Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0/0 103.103.103.2 0 1234 i
*> 1.1.1.1/32 0.0.0.0 0 32768 i
8.8.8.8/32 0.0.0.0 0 32768 i
9.9.9.9/32 0.0.0.0 0 32768 i
Displayed 4 routes and 4 total paths
[edit]
vyos@fw2# commit
[edit]
vyos@fw2# run show ip bgp
bgpd is not running
[edit]