RUT240 latest firmware breaks BGP

Hello,

I recently upgraded one of my RUT240s to the latest firmware (RUT2_R_00.07.05.4), and with that upgrade lost all my BGP connectivity. I can see from the SSH terminal that bgpd is running, but no routes are added one way or another. The web UI does not accept any changes to the config, since apparently its BGP config no longer supports IPv6 (complains about invalid network). This worked perfectly fine with the old FW. I am using wireguard as my VPN of choice, and at least that still works perfectly fine with IPv6 addresses.

It would also appear that I cannot add IPv6 routes through the UI either. It will complain if I try to add something like fdxx:yyyy:zzzz::/80 via fdxx:yyyy:zzzz::1234. I can add these routes manually via SSH, and they work perfectly fine but naturally disappear at reboot.
Is there a way to go back to an older, functional FW, or what can I do?

Oh, and how can I access the vtysh shell? That command also seems to have disappeared entirely…

1 Like

Hello,

There were quite a few changes with v7.05 when it comes to dynamic routing. Assuming this, and that you are unable to add static IPv6 routes, I would say that the issue is related to the migration of your configurations to a new firmware. Thus, I suggest resetting the device to factory defaults.

Also, if you see that BGP is running but no routes are added, make sure that TTL is configured appropriately.

Regarding vtysh, it is now a separate package (FRR vtysh). This was separted to reserve resource on the devices.

Kind Regards,

Thank you for the response. It could indeed be a problem with config migration. I will try a factory reset and configure it from scratch. I have not changed the BGP config in any way between the firmware upgrades, but I suppose the same migration issue might apply here.

I can live without vtysh, but for debugging it is an invaluable tool. I also noticed when I was configuring one of my old spare RUT240s (with the old firmware) that with vty enabled (from bgp config) it would sometimes generate an invalid zebra.conf (in /etc/quagga/zebra.conf). This would then cause zebra not to be run at boot time, and of course all routing to fail. The problem with the zebra.conf was that it generates “access-list vty permit fdxx:yyyy:zzzz::1/64” without “ipv6” in front. This seemed to happen at random, so booting was unsafe. Disabling vty “fixed” the situation so that the config files were at least valid.

So I’ve reset everything and rebuilt my config. Again wireguard seems to work great, but I am unable to configure BGP via the web admin UI since it does not allow IPv6 at all. I can confirm that it does work if I manually modify the file /tmp/etc/frr/bgp.conf, put in the necessary IPv6 entries and kill the running bgp daemon (and wait for a restart). I also tried to create the config file (/etc/config/bgp) manually, somewhat similar to how it is in the old firmware (/etc/config/quagga) but I am just guessing at options at this point. Restarting the frr service will recreate the /tmp/etc/frr/bgp.conf, which is broken.

So how can I get my BGP config working properly, and of course survive reboots? Also there does not seem to be any way to install vtysh via the UI-based package manager. I can install it via opkg, but what am I supposed to install?

Oh and how do I properly configure an IPv6 address for the br-lan interface? I found some “global ula_prefix” in the configs, which I modified, and then set ::1 for the IPv6 suffix somewhere in the webui. That seems to work more or less fine. But is that the right way?

Hello,

It appears that there are indeed issues with IPv6 and BGP when configuring it via WebUI. The RnD department has been informed. This should be resolved in future firmware releases and the fix shouldn’t take long. Apologies for this inconvenience.

For now, I would suggest configuring it via CLI/SSH. You can utilize the System → Maintenance → Custom scripts page to execute your scripts/commands after each reboot, ensuring they run automatically for persistance. Alternatively, consider using an older firmware temporarily.

Vtysh is now offered as a separate package to conserve resources on the device. However, due to the RUT240’s constrained RAM, the Vtysh package hasn’t been included for RUT2 series devices. At present, it’s uncertain whether this will be introduced to RUT2 series devices, considering it’s RAM limitations.

IPv6 can be configured for the LAN (br-lan) interface via WebUI:

If you disable IPv6 assignment length, you will be be able to set IPv6 address manually if you need to:
image

Kind Regards,

Thank you for the response,

I will wait for a new FW release to handle my BGP config, and until then I will keep my existing devices at the older one for now. I will however do at least some testing with the current “new” FW. I understand there’s no space for vtysh, and I can live without it for now. As long as the configurations work correctly :smile:

I had not realized to disable the “IPv6 assignment length”, as it did not seem that intuitive. Thanks for the tip, it seems to work perfectly fine now.

I’m already using the custom script, since the static IPv6 routes are also a bit broken. It only seems to support a singular IPv6 host, instead of a network. It does say that I can put in a network (in the Target tooltip), but if I do (for example fdxx:yyyy:zzzz:1::/80), it remains red and will not allow me to save the changes. I hope you will also fix this in the next FW release.

Oh and another issue I realized just now. The SSH server config seems perhaps a bit outdated, since at least a somewhat modern Ubuntu (22.04) SSH client refuses to connect without doing some config magicks first.

This topic was automatically closed after 15 days. New replies are no longer allowed.