BGP ipv6 routes are advertised without nexthop

kriszos · October 30, 2024, 11:31am

I was upgrading my Incus cluster from 6.3 to 6.6 after upgrade routes that i can see on my router are advertised without nexthop. Regarding documentation:

By default, the next-hop is set to the address used for the BGP session

and it was working like that before the upgrade.

My router have IP 2001:XXXX:YYYY:441::1 and ASN 65001
Incus have IP 2001:XXXX:YYYY:441::2 and ASN 65004

config:
cluster.https_address: 10.0.4.11:8443
core.bgp_address: 0.0.0.0
core.bgp_asn: “65004”
core.bgp_routerid: 10.0.4.11
core.https_address: 10.0.4.11:8443

config:
bgp.peers.o1ovh14.address: 10.2.0.44
bgp.peers.o1ovh14.asn: “65001”
bgp.peers.o1ovh16.address: 2001:XXXX:YYYY:441::1
bgp.peers.o1ovh16.asn: “65001”
ipv4.address: 10.1.1.1/24
ipv4.dhcp: “false”
ipv4.nat: “false”
ipv6.address: 2001:XXXX:YYYY:1011::1/64
ipv6.dhcp: “true”
ipv6.dhcp.stateful: “true”
ipv6.nat: “false”
description: “”
name: lxdbr0
type: bridge

devices:
eth0:
ipv4.routes.external: 10.1.2.60/32
ipv6.routes.external: 2001:XXXX:ZZZZ:fdf::60/128
name: enp5s0
network: lxdbr0
type: nic

The good news is that IPv4 roues are OK

stgraber · October 30, 2024, 7:57pm

That logic hasn’t really changed on our side in the past few years.

Basically if you don’t configure an IPv4 or IPv6 address in your Incus BGP config, then the next-hop is left empty which tells the remote end of the BGP connection to use the peer’s address as the next-hop.

You may want to get some debug details from your BGP router to see exactly what’s going with that session, basically what it thinks the neighbor’s address is and what routes it received, then making sure that then neighbor’s address as seen from BGP is something it can route to.

You can also obviously set an IPv6 next-hop address on the Incus side to work around the issue.

kriszos · October 31, 2024, 2:03pm

I finally resolved my issue by seting next-hop on each node with a --target attribute

incus network set lxdbr0 bgp.ipv6.nexthop=“2001:XXXX:YYYY:441::2” --target o1

tho it’s still weird that it worked before and stopped after the upgrade.

On another note, Is there a way to activate changes made to any bgp. keys in networks without restarting whole incus daemon?

stgraber · October 31, 2024, 4:13pm

Hmm, it’s meant to be applied live, if it doesn’t, an example of what’s not working would be useful as well as details on the network types and whether OVN is involved on top of it.