Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: rhos-18.0.7
Affects Version/s: rhos-18.0 FR 2 (Mar 2025)
Component/s: edpm-ansible
Labels:
None

Story Points:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs Approval:
?
Fixed In Version:
rhos-18.0.7
Fixed in Build:
openstack-ansible-ee-container-1.0.8-10
Regression:
None
Release Note Text:

Hide
.BFD now works as expected in RHOSO deployments with dynamic routing

Before this update, when you deployed RHOSO with Dynamic Routing with border gateway protocol (BGP), bi-directional forwarding (BFD) did not work as expected because there was no `nft` rule to permit BFD and BGP ports. With this update, an `nft` rule has been added and BFD works as expected:

----
  BGP
       - 179 tcp
   BFD
       - 3784 udp
       - 3785 udp
       - 4784 udp
       - 49152 udp
       - 49153 udp
----

Show
.BFD now works as expected in RHOSO deployments with dynamic routing Before this update, when you deployed RHOSO with Dynamic Routing with border gateway protocol (BGP), bi-directional forwarding (BFD) did not work as expected because there was no `nft` rule to permit BFD and BGP ports. With this update, an `nft` rule has been added and BFD works as expected: ----   BGP        - 179 tcp    BFD        - 3784 udp        - 3785 udp        - 4784 udp        - 49152 udp        - 49153 udp ----
Release Note Type:
Bug Fix
Release Note Status:
Done
Intelligence Requested:
Market:
Errata Link:
https://errata.engineering.redhat.com/advisory/147983

Sprint:
BGP sprint 2
sprint_count:
1
Severity:
Important

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Bfd and Bgp traffic is blocked when it goes from leafs to osp nodes, it does bfd sessions was in shutdown state :

compute-dvjbnlua-2# show bfd peers brief
Session count: 2
SessionId LocalAddress PeerAddress Status
========= ============ =========== ======
2306232674 100.64.2.2 100.64.2.1 down
125656952 100.65.2.2 100.65.2.1 down
compute-dvjbnlua-2#
compute-dvjbnlua-2#

Affected ports :

root@ctrl-1-0 ~]# ss -punta | egrep "4247|4549|4686|4721|4739"
udp UNCONN 0 0 0.0.0.0:3784 0.0.0.0:* users("bfdd",pid=4739,fd=10))

udp UNCONN 0 0 0.0.0.0:3785 0.0.0.0:* users("bfdd",pid=4739,fd=14))

udp UNCONN 0 0 0.0.0.0:4784 0.0.0.0:* users("bfdd",pid=4739,fd=11))

udp UNCONN 0 0 0.0.0.0%enp3s0:49152 0.0.0.0:* users("bfdd",pid=4739,fd=21))

udp UNCONN 0 0 0.0.0.0%enp2s0:49153 0.0.0.0:* users("bfdd",pid=4739,fd=22))

udp UNCONN 0 0 [::]:3784 [::]:* users("bfdd",pid=4739,fd=12))

udp UNCONN 0 0 [::]:3785 [::]:* users("bfdd",pid=4739,fd=15))

udp UNCONN 0 0 [::]:4784 [::]:* users("bfdd",pid=4739,fd=13))

tcp LISTEN 0 4096 0.0.0.0:179 0.0.0.0:* users("bgpd",pid=4686,fd=24)) tcp ESTAB 0 0 100.64.0.2:49740 100.64.0.1:179 users("bgpd",pid=4686,fd=21))

tcp ESTAB 0 0 100.65.1.2:38688 100.65.1.1:179 users("bgpd",pid=4686,fd=26))

tcp LISTEN 0 4096 [::]:179 [::]:* users("bgpd",pid=4686,fd=25))

udp 3784 49152 49153 4784 3785 tcp 179

example rules to unblock:

...

tcp dport 179 ct state new counter packets 0 bytes 0 accept comment "007 frr bgp port"
....
udp dport { 3784, 3785, 4784, 49152, 49153 } ct state new counter packets 28 bytes 1456 accept comment "122 Allow frr bfd udp ports"