From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 4EAC71FF15C
	for <inbox@lore.proxmox.com>; Fri, 18 Apr 2025 13:21:29 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id F2F163A934;
	Fri, 18 Apr 2025 13:21:17 +0200 (CEST)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Fri, 18 Apr 2025 13:21:13 +0200
Message-Id: <20250418112114.2747673-1-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.233 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH frr 1/2] d/patches: add backport for bfd session
 down fix
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

This is a backport of the FRR PR #18562 [1], that has been submitted
upstream as well [2].

With already established BGP/BFD sessions via underlay networks that
use a different routing protocol than BGP, rebooting a node could
cause the BFD session to enter the ADMIN_DOWN state without ever
recovering from it. This could be alleviated by manually resetting the
BFD session. The commit was identified by bisecting and manually
backported, since the upstream commit was on top of a refactored
bgpd.c file, so it didn't apply cleanly anymore.

The jump to version 10.2.2-1+pve1 fixed this issue for BGP underlay
networks, but the issue could still crop up with OpenFabric / OSPF /
IS-IS underlay networks.

[1] https://github.com/FRRouting/frr/pull/18562
[2] https://github.com/FRRouting/frr/pull/18682

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 ...eer-as-not-active-due-to-BFD-down-on.patch | 33 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 debian/patches/pve/0007-bgpd-Treat-the-peer-as-not-active-due-to-BFD-down-on.patch

diff --git a/debian/patches/pve/0007-bgpd-Treat-the-peer-as-not-active-due-to-BFD-down-on.patch b/debian/patches/pve/0007-bgpd-Treat-the-peer-as-not-active-due-to-BFD-down-on.patch
new file mode 100644
index 0000000..6d2c379
--- /dev/null
+++ b/debian/patches/pve/0007-bgpd-Treat-the-peer-as-not-active-due-to-BFD-down-on.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hanreich <s.hanreich@proxmox.com>
+Date: Fri, 18 Apr 2025 10:36:19 +0200
+Subject: [PATCH] bgpd: Treat the peer as not active due to BFD down only if
+ established (backport #18562)
+
+If we have `neighbor X bfd` and BFD status is DOWN and/or ADMIN_DOWN, and BGP
+session is not yet established, we never allow the session to establish.
+
+Let's fix this regression that was in 10.2.
+
+Fixes: 1fb48f5 ("bgpd: Do not start BGP session if BFD profile is in shutdown state")
+Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
+---
+ bgpd/bgpd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
+index 0601400afd..f6b8abd9cc 100644
+--- a/bgpd/bgpd.c
++++ b/bgpd/bgpd.c
+@@ -4648,7 +4648,7 @@ bool peer_active(struct peer *peer)
+ 		return false;
+ 
+ 	if (peer->bfd_config) {
+-		if (bfd_session_is_down(peer->bfd_config->session))
++		if (peer_established(peer->connection) && bfd_session_is_down(peer->bfd_config->session))
+ 			return false;
+ 	}
+ 
+-- 
+2.39.5
+
diff --git a/debian/patches/series b/debian/patches/series
index c59ef31..e795d6c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ pve/0003-tests-add-bgp-evpn-autort-test.patch
 pve/0004-zebra-add-ZEBRA_IF_DUMMY-flag-for-dummy-interfaces.patch
 pve/0005-fabricd-add-option-to-treat-dummy-interfaces-as-loop.patch
 pve/0006-fabricd-enable-dummy_as_loopback-option-per-default.patch
+pve/0007-bgpd-Treat-the-peer-as-not-active-due-to-BFD-down-on.patch
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel