Networking somewhat broken after upgrade (BFD + BGP)

Here is the FRR configuration container-side:

log syslog informational
!
ip router-id {{router_id}}
!
router bgp {{bgp_asn}}
neighbor gateway peer-group
neighbor gateway remote-as external
neighbor gateway bfd
no bgp network import-check
neighbor eth1 interface peer-group gateway
!
address-family ipv4 unicast
no neighbor gateway activate
!
address-family ipv6 unicast
network {{routed_ipv6_range}}
neighbor gateway activate
neighbor gateway prefix-list my_ips out
neighbor gateway prefix-list ALL in
!
!
ip prefix-list ALL seq 10 permit any
ipv6 prefix-list ALL seq 10 permit any
!
ipv6 prefix-list my_ips seq 10 permit {{routed_ipv6_range}}
ipv6 prefix-list my_ips seq 20 deny any
route-map my_ips permit 10
match ipv6 address prefix-list my_ips
route-map my_ips permit 20
match ip address prefix-list my_ips
!


It's rather simple (this is basically the ansible template).
 
How is the FRR configuration on the Proxmox node? Would it be possible for you to upgrade the FRR package inside the container to 10.2.2 and see if it works then?

edit: potentially this is also caused by another fix I backported for FRR 10.2.x branch, but isn't yet available in our repositories [1].

[1] https://github.com/FRRouting/frr/pull/18682
 
Last edited:
My node FRR/BGP configuration is very complex/long, so I'll just share the bare relevant stuff:

router bgp 4211286685 vrf employee
bgp router-id 10.1.2.1
no bgp default ipv4-unicast
bgp bestpath as-path multipath-relax
bgp bestpath compare-routerid
timers bgp 3 9
neighbor lancer1 peer-group
neighbor lancer1 remote-as external
neighbor lancer1 bfd
neighbor vlan145 interface peer-group lancer1
!
address-family ipv6 unicast
redistribute connected
neighbor lancer1 activate
neighbor lancer1 prefix-list employee_adv in
neighbor lancer1 prefix-list all out
import vrf route-map employee_import
import vrf to_sf_fw
import vrf to_sl_fw
import vrf vpn
exit-address-family
!
address-family l2vpn evpn
advertise ipv6 unicast route-map employee_adv
exit-address-family
exit
!


As for upgrading to 10.2.2, I am very hesitant to do that, because my containers have just the base/standard Debian (bookworm) package repositories.
 
You must log in or register to reply here.
Top Bottom