Skip to content

add default link local route to fix ndp inside vrf issue #3973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add default link local route to fix ndp inside vrf issue #3973

wants to merge 3 commits into from
+39 −0

Conversation

@baorliu
Copy link
Contributor

@baorliu baorliu commented Nov 5, 2025
edited
Loading

What I did
Add default IPv6 link local route to fix ipv6 ndp issue inside VRF

Why I did it
When a VRF is created, all the assigned IP addresses are removed and a new link local address is regenerated in Linux kernel but SWSS does not add a route for link local fe80::/10.
Linux sends NS packet with link local addresses and peer reply NA packet also uses link local address caused the NA packet be dropped and the ndp cannot be updated.

How I verified it
Built test image with the fix and verified it in a SONiC router. The system can process replied NA packet with link local dst IP address to that VRF.

2025 Nov  5 05:59:13.630349 sonic NOTICE swss#vrfmgrd: :- doTask: Created vrf netdev Vrf01
2025 Nov  5 05:59:13.630188 sonic INFO (udev-worker)[30654]: Network interface NamePolicy= disabled on kernel command line.
2025 Nov  5 05:59:14.244172 sonic NOTICE swss#orchagent: :- addLinkLocalRouteToMe: Created link local ipv6 route  fe80::/10 to cpu
2025 Nov  5 05:59:14.244295 sonic NOTICE swss#orchagent: :- addOperation: Created link local ipv6 route fe80::/10 to cpu for VRF 'Vrf01'
2025 Nov  5 05:59:14.244359 sonic NOTICE swss#orchagent: :- addOperation: VRF 'Vrf01' was added

06:00:09.796519 Ethernet16 Out IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::c0:a2ff:fe61:9d2 > ff02::1:ff00:2: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2001:db8:2:4::2
	  source link-address option (1), length 8 (1): 02:c0:a2:61:09:d2
	    0x0000:  02c0 a261 09d2
06:00:09.796590 Ethernet24 Out IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::c0:a2ff:fe61:9d2 > ff02::1:ff00:5: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2001:db8:4:5::5
	  source link-address option (1), length 8 (1): 02:c0:a2:61:09:d2
	    0x0000:  02c0 a261 09d2
06:00:09.949298 Ethernet16 In  IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:db8:2:4::2 > fe80::c0:a2ff:fe61:9d2: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:db8:2:4::2, Flags [router, solicited, override]
	  destination link-address option (2), length 8 (1): 02:e1:2b:f0:9d:2c
	    0x0000:  02e1 2bf0 9d2c
06:00:09.950745 Ethernet24 In  IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:db8:4:5::5 > fe80::c0:a2ff:fe61:9d2: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:db8:4:5::5, Flags [router, solicited, override]
	  destination link-address option (2), length 8 (1): 02:0a:d6:dc:69:74
	    0x0000:  020a d6dc 6974

Details if related

@mssonicbld
Copy link
Collaborator

mssonicbld commented Nov 5, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 5, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

mssonicbld commented Nov 5, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 5, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@baorliu baorliu marked this pull request as ready for review November 5, 2025 23:43
@baorliu baorliu requested a review from prsunny as a code owner November 5, 2025 23:43
@baorliu baorliu changed the title add default link local route to fix ndp inside vrf add default link local route to fix ndp issue inside vrf Nov 6, 2025
@baorliu baorliu changed the title add default link local route to fix ndp issue inside vrf add default link local route to fix ndp inside vrf issue Nov 6, 2025
prsunny
prsunny reviewed Nov 17, 2025
View reviewed changes
orchagent/vrforch.cpp Outdated
vrf_table_[vrf_name].ref_count = 0;
vrf_id_table_[router_id] = vrf_name;
gFlowCounterRouteOrch->onAddVR(router_id);
if (gRouteOrch != nullptr) {
Copy link
Collaborator

@prsunny prsunny Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this check is redundant. Please remove. As you see on line above, there is no check on gFlowCounterRouteOrch

prsunny
prsunny reviewed Nov 17, 2025
View reviewed changes
orchagent/vrforch.cpp Outdated

sai_object_id_t router_id = vrf_table_[vrf_name].vrf_id;
// Delete link-local routes before removing VRF
if (gRouteOrch != nullptr) {
Copy link
Collaborator

@prsunny prsunny Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment

@mssonicbld
Copy link
Collaborator

mssonicbld commented Nov 17, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 17, 2025

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prsunny prsunny prsunny left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@baorliu @mssonicbld @prsunny