[SOLVED] relationship of frr.conf and frr.conf.local

S

scyto

Well-Known Member
Aug 8, 2023
571
135
53
I am hoping someone can explain how frr.conf.local is used

I gathered from some threads it was to allow local changes to frr config that SDN wouldn't write, however was super confused when the settings i put in the .local conf file AND the SDN managed settings appeared in both frr.conf AND frr.conf.local. This wasnt what i was expecting reading the threads where the .local was first mentioned.

What I had done:
  • got my local FRR working with a frr.conf
  • copied the working frr.conf to frr.conf.local
My expectations:
  • the frr.conf.local file would not be touched
  • the frr.conf would have SDN settings
  • that the in-memory working version of frr config (vtysh -c "show running-config" would show the union of the two files"
My actual experience:
  • that the in-memory config was written to both versions of the conf file
Questions:
  1. What is the high-level merge logic does SDN to merge settings in this file
  2. If i want to make changes to the local settings (e.g. my openfabric or interface settings) where should i make them to ensure SDN doesn't blow them away:
    1. frr.conf or frr.conf.local
    2. both?
    3. or only make them via vtysh and save them (and then will SDN ensure settings are in both files)?
Hoping someone can clarify - i need to understand this so i can add the right instructions to my new mesh network write up
 
Last edited:
  • Like
Reactions: woasaby
The EVPN plugin merges the contents of the frr.conf.local with its own configuration and writes the result to frr.conf, before reloading the FRR daemon. So any additions you want to the FRR config should be made to frr.conf.local - which should then get merged on applying the SDN configuration. Any other changes will get overwritten on reloading the SDN configuration.
 
Thanks, i am confused how the changes from frr.conf by bgp were back propogated into frr.conf.local - but maybe that was me doing a copy and forgetting i did that. I will clean reset both files to how they were and keep an eye on and see if it was just me being stupid
 
I need feedback on what I'm experiencing:

My Goal

Make the FRR merge (SDN-generated /etc/frr/frr.conf + /etc/frr/frr.conf.local) produce the same running config I get when I apply the local changes manually via vtysh.

Environment (facts)
  • Proxmox VE 9.x (clean install)
  • FRRouting 10.3.1
  • Proxmox SDN (EVPN/VXLAN; OSPF underlay)

Inputs to the merge (facts)

A) SDN-generated /etc/frr/frr.conf :

Code: 
frr version 10.3.1
frr defaults datacenter
hostname RvraStgo-ProdPVE-01
log syslog informational
service integrated-vtysh-config
!
!
interface CEPH_Clstr
 access-list pve_ospf_RvraStgo_ips permit 10.22.51.0/24
 ip ospf area 10.22.0.2
!
interface CEPH_Pblc
 access-list pve_ospf_RvraStgo_ips permit 10.22.52.0/24
 ip ospf area 10.22.0.2
!
interface vmbr0
 no ip ospf passive
!
router bgp 65520
 bgp router-id 10.22.0.31
 no bgp hard-administrative-reset
 no bgp default ipv4-unicast
 coalesce-time 1000
 no bgp graceful-restart notification
 neighbor VTEP peer-group
 neighbor VTEP remote-as 65520
 neighbor VTEP bfd
 neighbor VTEP update-source dummy_RvraStgo
 neighbor 10.22.0.32 peer-group VTEP
 neighbor 10.22.0.33 peer-group VTEP
 !
 address-family l2vpn evpn
  neighbor VTEP activate
  neighbor VTEP route-map MAP_VTEP_IN in
  neighbor VTEP route-map MAP_VTEP_OUT out
  advertise-all-vni
 exit-address-family
exit
!
router ospf
 passive interface default
exit
!
route-map MAP_VTEP_IN permit 1
exit
!
route-map MAP_VTEP_OUT permit 1
exit
router ospf
 ospf router-id 10.22.0.31
exit
!
interface dummy_RvraStgo
 ip ospf area 10.22.0.2
 ip ospf passive
exit
!
interface vmbr0
 ip ospf area 10.22.0.2
exit
!
access-list pve_ospf_RvraStgo_ips permit 10.22.0.0/24
!
route-map pve_ospf permit 100
 match ip address pve_ospf_RvraStgo_ips
 set src 10.22.0.31
exit
!
ip protocol ospf route-map pve_ospf
!
!
line vty

B) Local /etc/frr/frr.conf.local (intent is to augment A):

Code: 
!
interface vmbr0
 no ip ospf passive
exit
!
interface CEPH_Clstr
 ip ospf area 10.22.0.2
exit
!
interface CEPH_Pblc
 ip ospf area 10.22.0.2
exit
!
access-list pve_ospf_RvraStgo_ips permit 10.22.51.0/24
access-list pve_ospf_RvraStgo_ips permit 10.22.52.0/24
!
router ospf
 passive-interface default
exit
!

Reference Information; Interfaces (facts):

Code: 
root@RvraStgo-ProdPVE-01:~# vtysh -c "show int brief"
Interface       Status  VRF             Addresses
---------       ------  ---             ---------
CEPH_Clstr      up      default         10.22.51.31/32
                                        fe80::f48b:c6ff:fe58:3051/64
CEPH_Pblc       up      default         10.22.52.31/32
                                        fe80::2044:b5ff:fe80:c1ac/64
Trnsprt_01      up      default         fe80::42b0:34ff:fef9:43c3/64
dummy_RvraStgo  up      default         10.22.0.31/32
                                        fe80::443c:32ff:fe21:37cb/64
eno1            up      default
lo              up      default
vSwitch         up      default         fe80::ec25:cfff:fe68:af80/64
vmbr0           up      default         10.22.3.31/24
                                        fe80::42b0:34ff:fef9:43c3/64
vxlan_vSwitch   up      default

Result after GUI “Apply” or reboot (facts)

Code: 
root@RvraStgo-ProdPVE-01:~# vtysh -c "show run"
Building configuration...

Current configuration:
!
frr version 10.3.1
frr defaults datacenter
hostname RvraStgo-ProdPVE-01
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
route-map MAP_VTEP_IN permit 1
exit
!
route-map MAP_VTEP_OUT permit 1
exit
!
route-map pve_ospf permit 100
 match ip address pve_ospf_RvraStgo_ips
 set src 10.22.0.31
exit
!
interface CEPH_Clstr
 ip ospf area 10.22.0.2
exit
!
interface dummy_RvraStgo
 ip ospf area 10.22.0.2
 ip ospf passive
exit
!
interface vmbr0
 ip ospf area 10.22.0.2
 no ip ospf passive
exit
!
router bgp 65520
 bgp router-id 10.22.0.31
 no bgp hard-administrative-reset
 no bgp default ipv4-unicast
 coalesce-time 1000
 no bgp graceful-restart notification
 neighbor VTEP peer-group
 neighbor VTEP remote-as 65520
 neighbor VTEP bfd
 neighbor VTEP update-source dummy_RvraStgo
 neighbor 10.22.0.32 peer-group VTEP
 neighbor 10.22.0.33 peer-group VTEP
 !
 address-family l2vpn evpn
  neighbor VTEP activate
  neighbor VTEP route-map MAP_VTEP_IN in
  neighbor VTEP route-map MAP_VTEP_OUT out
  advertise-all-vni
 exit-address-family
exit
!
router ospf
 ospf router-id 10.22.0.31
 passive-interface default
exit
!
access-list pve_ospf_RvraStgo_ips seq 5 permit 10.22.51.0/24
access-list pve_ospf_RvraStgo_ips seq 10 permit 10.22.52.0/24
access-list pve_ospf_RvraStgo_ips seq 15 permit 10.22.0.0/24
!
ip protocol ospf route-map pve_ospf
!
end


The desired configuration was manually applied by adding it to /etc/frr/frr.conf.local using the vtysh:

Code: 
root@RvraStgo-ProdPVE-01:~# vtysh

Hello, this is FRRouting (version 10.3.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

RvraStgo-ProdPVE-01# config t
RvraStgo-ProdPVE-01(config)# !
RvraStgo-ProdPVE-01(config)# interface vmbr0
interface CEPH_Pblc
 ip ospf area 10.22.0.2
exit
!
access-list pve_ospf_RvraStgo_ips permit 10.22.51.0/24
access-list pve_ospf_RvraStgo_ips permit 10.22.52.0/24
!
router ospf
 passive-interface default
exit
!RvraStgo-ProdPVE-01(config-if)#  no ip ospf passive
RvraStgo-ProdPVE-01(config-if)# exit
RvraStgo-ProdPVE-01(config)# !
RvraStgo-ProdPVE-01(config)# interface CEPH_Clstr
RvraStgo-ProdPVE-01(config-if)#  ip ospf area 10.22.0.2
RvraStgo-ProdPVE-01(config-if)# exit
RvraStgo-ProdPVE-01(config)# !
RvraStgo-ProdPVE-01(config)# interface CEPH_Pblc
RvraStgo-ProdPVE-01(config-if)#  ip ospf area 10.22.0.2
RvraStgo-ProdPVE-01(config-if)# exit
RvraStgo-ProdPVE-01(config)# !
RvraStgo-ProdPVE-01(config)# access-list pve_ospf_RvraStgo_ips permit 10.22.51.0/24
RvraStgo-ProdPVE-01(config)# access-list pve_ospf_RvraStgo_ips permit 10.22.52.0/24
RvraStgo-ProdPVE-01(config)# !
RvraStgo-ProdPVE-01(config)# router ospf
RvraStgo-ProdPVE-01(config-router)#  passive-interface default
RvraStgo-ProdPVE-01(config-router)# exit
RvraStgo-ProdPVE-01(config)# !
RvraStgo-ProdPVE-01(config)# exit
RvraStgo-ProdPVE-01#
RvraStgo-ProdPVE-01# show run
Building configuration...

Current configuration:
!
frr version 10.3.1
frr defaults datacenter
hostname RvraStgo-ProdPVE-01
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
route-map MAP_VTEP_IN permit 1
exit
!
route-map MAP_VTEP_OUT permit 1
exit
!
route-map pve_ospf permit 100
 match ip address pve_ospf_RvraStgo_ips
 set src 10.22.0.31
exit
!
interface CEPH_Clstr
 ip ospf area 10.22.0.2
exit
!
interface CEPH_Pblc
 ip ospf area 10.22.0.2
exit
!
interface dummy_RvraStgo
 ip ospf area 10.22.0.2
 ip ospf passive
exit
!
interface vmbr0
 ip ospf area 10.22.0.2
 no ip ospf passive
exit
!
router bgp 65520
 bgp router-id 10.22.0.31
 no bgp hard-administrative-reset
 no bgp default ipv4-unicast
 coalesce-time 1000
 no bgp graceful-restart notification
 neighbor VTEP peer-group
 neighbor VTEP remote-as 65520
 neighbor VTEP bfd
 neighbor VTEP update-source dummy_RvraStgo
 neighbor 10.22.0.32 peer-group VTEP
 neighbor 10.22.0.33 peer-group VTEP
 !
 address-family l2vpn evpn
  neighbor VTEP activate
  neighbor VTEP route-map MAP_VTEP_IN in
  neighbor VTEP route-map MAP_VTEP_OUT out
  advertise-all-vni
 exit-address-family
exit
!
router ospf
 ospf router-id 10.22.0.31
 passive-interface default
exit
!
access-list pve_ospf_RvraStgo_ips seq 5 permit 10.22.51.0/24
access-list pve_ospf_RvraStgo_ips seq 10 permit 10.22.52.0/24
access-list pve_ospf_RvraStgo_ips seq 15 permit 10.22.0.0/24
!
ip protocol ospf route-map pve_ospf
!
end
RvraStgo-ProdPVE-01#

Observed running config (relevant diffs):

Code: 
root@RvraStgo-ProdPVE-01:~# diff -u /etc/frr/running.conf /etc/frr/reboot.conf
--- /etc/frr/running.conf       2025-10-29 13:18:49.369225060 -0400
+++ /etc/frr/reboot.conf        2025-10-29 13:29:13.343840139 -0400
@@ -25,10 +25,6 @@
  ip ospf area 10.22.0.2
 exit
 !
-interface CEPH_Pblc
- ip ospf area 10.22.0.2
-exit
-!
 interface dummy_RvraStgo
  ip ospf area 10.22.0.2
  ip ospf passive
@@ -62,7 +58,6 @@
 !
 router ospf
  ospf router-id 10.22.0.31
- passive-interface default
 exit
 !
 access-list pve_ospf_RvraStgo_ips seq 5 permit 10.22.51.0/24
root@RvraStgo-ProdPVE-01:~#

Could someone please advise on what needs to be done (from my end or on the SDN code) to make the Proxmox SDN merge produce the same results as the vtysh CLI? If you need any additional information or output from me, I'd be happy to provide it. Thank you very much for your help.
 
Because this thread is mark as resolved, I open a new thread.

T

Thread 'frr.conf and frr.conf.local are not merging completely'

I need feedback on what I'm experiencing:

My Goal

Make the FRR merge (SDN-generated /etc/frr/frr.conf + /etc/frr/frr.conf.local) produce the same active configuration I get when I manually apply the changes via vtysh. Currently, that is not the case happening.

Environment (facts)
  • Proxmox VE 9.x (clean install)
  • FRRouting 10.3.1
  • Proxmox SDN (EVPN/VXLAN; OSPF underlay)

Inputs to the merge (facts)

A) SDN-generated /etc/frr/frr.conf :

Code: 
frr version 10.3.1
frr defaults datacenter
hostname RvraStgo-ProdPVE-01
log...
 
You must log in or register to reply here.
Top Bottom