Kernel routes not removed when nexthop becomes unreachable

[gromit1811]

It seems #3152 reappeared in a slightly different form:

The Linux kernel removes routes from its routing table when their nexthop becomes unreachble. Unfortunately, it does not send a RTM_DELROUTE netlink event in this case.

Originally (pre-7.0), FRR noticed the unreachable nexthop and marked the route "inactive", but didn't remove it from its own RIB. This caused it to get stuck in the RIB and even if zebra subsequently learned about another route with the same prefix, it wouldn't use it due to the stuck kernel route.

After merging pull request #3165 (closing #3152), FRR properly handled this situation and removed the kernel route from its RIB when the kernel removed it from its routing table, even without an explicit RTM_DELROUTE.

With current Git master (tried ce746ed), zebra neither removes the route from the RIB nor marks it inactive, so it's even worse than pre-7.0 FRR.

Script to reproduce:

# Create dummy interface for testing, assign address
ip link add frrdummy0 type dummy 2> /dev/null
ip addr flush dev frrdummy0
ip addr add 172.16.0.1/24 dev frrdummy0            
ip link set frrdummy0 up

# Add test route using dummy interface
ip route add 172.16.1.0/24 via 172.16.0.2

# Check kernel routing table and zebra RIB
ip route show 172.16.1.0/24
vtysh -c "show ip route 172.16.1.0/24"

# Make nexthop unreachable
ip addr flush dev frrdummy0
sleep 1

# Check kernel routing table and zebra RIB
ip route show 172.16.1.0/24
vtysh -c "show ip route 172.16.1.0/24"

Expected output is this (from FRR 7.0):

[...]
+ ip route show 172.16.1.0/24
172.16.1.0/24 via 172.16.0.2 dev frrdummy0 
+ vtysh -c 'show ip route 172.16.1.0/24'
Routing entry for 172.16.1.0/24
  Known via "kernel", distance 0, metric 0, best
  Last update 00:00:00 ago
  * 172.16.0.2, via frrdummy0

+ ip addr flush dev frrdummy0
+ sleep 1
+ ip route show 172.16.1.0/24
+ vtysh -c 'show ip route 172.16.1.0/24'
% Network not in table

-> After we make the nexthop 172.16.0.2 unreachable, the route is gone from the kernel and the zebra RIB.

With Git ce746ed, we get this instead:

[...]
+ ip route show 172.16.1.0/24
172.16.1.0/24 via 172.16.0.2 dev frrdummy0 
+ vtysh -c 'show ip route 172.16.1.0/24'
Routing entry for 172.16.1.0/24
  Known via "kernel", distance 0, metric 0, best
  Last update 00:00:00 ago
  * 172.16.0.2, via frrdummy0

+ ip addr flush dev frrdummy0
+ sleep 1
+ ip route show 172.16.1.0/24
+ vtysh -c 'show ip route 172.16.1.0/24'
Routing entry for 172.16.1.0/24
  Known via "kernel", distance 0, metric 0, best
  Last update 00:00:01 ago
  * 172.16.0.2, via frrdummy0

-> Removed from kernel but not from zebra RIB (and not even marked "inactive")

[gromit1811]

According to Git bisect, this broke in 058c16b, not very surprisingly if you read the log entry:

If we receive a valid message from the kernel that
is either a kernel or system route, we should trust
that the route is legit and just use it.

@donaldsharp That might be OK if we receive a new route from the kernel. But it's not if we notice that an old one's nexthop has become unreachable, because we know that Linux does not send us a RTM_DELROUTE in this case (I consider this to be a bug, but it seems there are people defending this as a feature, so it's unlikely to change).

BTW, my original tests were performed with Linux kernel 4.9.82, but the situation is still the same with kernel 5.0.2.

[seanfulton]

I have having this problem on frr-7.0-01.el6.x86_64.

It is quite serious because it is happening on multiple hosts with our default route.

We have two BGP border routers and use RIP internally. When the default switches from one router to another, the default route is marked inactive and left in the routing table. Even though there is a perfectly good default route being broadcast.

Any suggestions for a work-around or prior release would be appreciated. I'm currently considering going back to Quagga...

[seanfulton]

R 0.0.0.0/0 [120/2] via 10.10.2.254 inactive, 06:53:00
R>* 10.0.0.9/32 [120/2] via 10.10.2.2, bond1, 00:42:50
R>* 10.0.0.10/32 [120/2] via 10.10.2.2, bond1, 00:42:50
R>* 10.0.3.0/24 [120/2] via 10.10.2.34, bond1, 00:10:24

It sits forever ...

[sworleys]

@seanfulton I am a little confused. The routes you just shared not being removed are RIPD routes.

The problem in this issue resolves around Kernel routes not being removed from the rib after flushing the link address.

Are you sure the issue you are seeing is related to that?

[seanfulton]

You are right. I noticed that after I pasted it in. Any thoughts on why this is happening? Should I open a new ticket? The behavior is almost exactly the same.

[sworleys]

Yea open a new ticket but link this one in it just in case. It might be related but we will need some more info on your configs and other routes on the hosts.

[seanfulton]

Will do. Thanks!
sean

[sworleys]

Fixed in master with #5184

[badgerdog]

I have the same problem... even now:

Running pfSense community version:
2.7.2-RELEASE (amd64)
built on Mon Mar 4 9:53:00 HST 2024
FreeBSD 14.0-CURRENT
and FRR package 2.0.2_1 with installed dependencies frr9-9.0.2 and frr9-pythontools-9.0.2

Description
When trying to run failover with default-information originate (Redistribute Default Route) from FRR OSPF to neighbors, when the primary path fails, by shutting down its wan interface, the default kernel route remains in the Zebra table causing the route to continue to be advertised to neighbors. This falsely notifies neighbors to use a downed device/interface/route for their default gateway. Note that the kernel route will clear if the OSPF process is restarted, but otherwise will remain in the table indefinitely

Kernel route with WAN interface up:

K>* 0.0.0.0/0 [0/0] via 24.94.72.1, em0, 00:50:34
O>* 10.0.0.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:50:23
O>* 10.0.15.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:50:23
C>* 24.94.72.0/21 [0/1] is directly connected, em0, 00:50:34

Kernel route with same WAN interface down:

K>* 0.0.0.0/0 [0/0] via 24.94.72.1, em0, 00:53:42
O>* 10.0.0.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:53:31
O>* 10.0.15.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:50:23
**note that connected wan is no longer in the table here

How to reproduce
Choose multiple ospf neighbors to participate in area 0 and choose, on the FRR OSPF configuration tab and section "Default Route Redistribution, to be the default route for all it's neighbors by telling it to "redistribute default route" in its ospf configuration.

Note that the neighbors are receiving the default route in their ospf routing table.

Now do a hard or software shutdown of the default gateway (pfSense) WAN interface and you';; not that it still maintains the default route 0.0.0.0/0 in its kernel table and that ospf continues to advertise this default rout to its neighbors - even though the interface is down

Expected behavior
Expected behavior is that the kernel default route (0.0.0.0/0) for the downed interface, should be immediately removed from the Zebra table and ospf, or any other routing protocol, and should stop advertising it to its neighbors by its protocol specific methods of default-information originate

Actual behavior
Kernel route with WAN interface up:

K>* 0.0.0.0/0 [0/0] via 24.94.72.1, em0, 00:50:34
O>* 10.0.0.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:50:23
O>* 10.0.15.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:50:23
C>* 24.94.72.0/21 [0/1] is directly connected, em0, 00:50:34

Kernel route with same WAN interface down:

K>* 0.0.0.0/0 [0/0] via 24.94.72.1, em0, 00:53:42
O>* 10.0.0.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:53:31
O>* 10.0.15.0/24 [110/101] via 192.168.0.1, em1, weight 1, 00:50:23
**note that connected wan is no longer in the table here

Here a neighbor is still receiving the default route - will continue indefinitely in this state:

sho ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

• • replicated route, % - next hop override

Gateway of last resort is 192.168.0.254 to network 0.0.0.0
*** note her that 192.168.0.254 is the pfSense router with the WAN interface shut down

O*E2 0.0.0.0/0 [110/10] via 192.168.0.254, 00:00:06, Vlan1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Vlan10
L 10.0.0.1/32 is directly connected, Vlan10
C 10.0.15.0/24 is directly connected, Vlan15
L 10.0.15.1/32 is directly connected, Vlan15

Additional context
I'm pretty sure this isn't working right but might be as it should. Please fix if this is not operating correctly as suspected. THANKS!!!!