Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update FRR to recent stable release #1307

Merged
merged 3 commits into from
Feb 27, 2025
Merged

Update FRR to recent stable release #1307

merged 3 commits into from
Feb 27, 2025

Conversation

sysvinit
Copy link
Member

Due to recurring problems with FRR since we upgraded most of our hardware from 21.05 to 24.11, we've decided to update our pinned FRR version from 8.5.7 to the much more recent 10.1.2. Nixpkgs stable currently only has 10.1, and this has some bugs in the handling of IPv4-via-IPv6 nexthops which render it unsuitable for our use case, so this change retains our version pinning with the newer version.

I've additionally refactored the RIB integrity check script to use the new JSON interface of the bridge command (new since 21.05) to improve the robustness of the script, and I've written an additional FRR test with a (very simple) sanity check for working MAC mobility functionality.

@flyingcircusio/release-managers

Release process

  • Created changelog entry using ./changelog.sh => none, internal change.

PR release workflow (internal)

  • PR has internal ticket
  • internal issue ID (PL-…) part of branch name
  • internal issue ID mentioned in PR description text
  • ticket is on Platform agile board
  • ticket state set to Pull request ready
  • if ticket is more urgent than within the next few days, directly contact a member of the Platform team

Design notes

  • Provide a feature toggle if the change might need to be adjusted/reverted quickly depending on context. Consider whether the default should be on or off. Example: rate limiting.
  • All customer-facing features and (NixOS) options need to be discoverable from documentation. Add or update relevant documentation such that hosted and guided customers can understand it as well.

Security implications

  • Security requirements defined? (WHERE)
    • Software version update.
    • Refactoring tools for changing interfaces of third party software.
  • Security requirements tested? (EVIDENCE)
    • The Hydra tests are clean.
    • Manually tested on a development host.
    • We're relying on our development and staging environments in order to test the new FRR version under real workloads, as this requires greater scale and resources than we have in the integration test environment.

@sysvinit
pkgs: update frr to 10.1.2
32b6a32 
PL-133474
@sysvinit
pkgs: update check_rib_integrity to use bridge(8) json interface
865546d 
The structured JSON output is less error-prone to parse than the
semi-structured text records, especially if the number or order of
bridge table entry flags changes.
@sysvinit
tests: add frr tests for guest migration
6160e01 
This adds a sanity check to guard against obvious problems with EVPN
MAC mobility.
@sysvinit sysvinit requested a review from ctheune February 26, 2025 17:11
@ctheune ctheune merged commit ea5efdc into fc-24.11-dev Feb 27, 2025
2 checks passed
@ctheune ctheune deleted the PL-133474-update-frr-pin-version branch February 27, 2025 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctheune ctheune ctheune approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sysvinit @ctheune