Skip to main content

Upgrade from 5.6 to 6.1 may result in missing FIB entries

Upgrade from 5.6.8 to 6.1.7 may result in missing FIB entries and service-paths, causing connectivity issues.

Issue ID: I95-55904
Last Updated: 2024-04-24
Introduced in SSR Version: 6.1.7

Problem

The key of the data structure storing service configuration is a net::IpMask, which has custom operator< and operator== operator functions. These operators treat the bits after the prefix length as 1s, so 147.161.128.0/17 should be equal to 147.161.254.0/23 (as an example). The container used in 5.6 uses the operator<. The container used in 6.1 takes a hash operator which is not hashing these equivalent net::IpMasks to be equal, hence the difference in behavior.

Release Notes

Fix case where adding services with overlapping address prefixes would cause config to not apply in highway.

Severity

info

The potential impact of a software defect if encountered. Severity levels are:

  • Critical: Could severely affect service, capacity/traffic, and maintenance capabilities. May have a prolonged impact to the entire system.
  • Major: Could seriously affect system operation, maintenance, administration and related tasks.
  • Minor: Would not significantly impair the functioning or affect service.

Critical

Status

Closed

Resolved In

6.1.8

Product

SSR

Functional Area

Routing

Workaround

info

Juniper may provide a method to temporarily circumvent a problem; workarounds do not exist for all issues.

curl -JLO https://github.com/majes-git/128t-scripts/raw/main/t128-show-ip-prefix-conflicts.pyz
chmod +x t128-show-ip-prefix-conflicts.pyz

Command Help

$ ./t128-show-ip-prefix-conflicts.pyz --help
usage: t128-show-ip-prefix-conflicts.pyz [-h] [-c HOST] [-u USER] [-p PASSWORD] [--config-store {running,candidate}] [-r READ_JSON] [--dump-json]

Show overlapping ip prefixes in 128T services

optional arguments:
  -h, --help            show this help message and exit
  -c HOST, --host HOST  Conductor/router hostname
  -u USER, --user USER  Conductor/router username (if no key auth)
  -p PASSWORD, --password PASSWORD
                        Conductor/router password (if no key auth)
  --config-store {running,candidate}
                        Config store to be used (running/candidate)
  -r READ_JSON, --read-json READ_JSON
                        Read services config from json file
  --dump-json           Write config dump to json file "t128-show-ip-prefix-conflicts.json"

Sample

$ ./t128-show-ip-prefix-conflicts.pyz -r ssr-configuration.json
WARNING: Service "zscaler__client.internet" has conflicting addresses:
* 147.161.254.0/23 and 147.161.128.0/17
* 104.129.192.0/20 and 104.129.206.0/23
* 136.226.0.0/16 and 136.226.254.0/23