Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New network route logic has lower priority in route table #2001

Open
Thunderbottom opened this issue May 16, 2024 · 1 comment
Open

New network route logic has lower priority in route table #2001

Thunderbottom opened this issue May 16, 2024 · 1 comment
Labels
bug Something isn't working client routes

Comments

@Thunderbottom
Copy link
Contributor

Describe the problem

Recently, on upgrading to the latest netbird versions (> 0.27.0), new networking route logic is being used, which creates a separate route table for netbird with a priority number higher than the main route table (lower priority overall). This causes netbird to fail to route to subnet network routes that collide with the user's local subnet. On connecting to netbird, the netbird routes should have a higher priority than the main table routes (lower priority number).

For example, on connecting to tailscale, the tailscale route network creates a routing table with priority 50, and the main table has a priority of 100. In case of netbird, it creates a route table with priority 110 and sets the main table's priority to 100. See the code here:

netbird/client/internal/routemanager/systemops_linux.go

Lines 76 to 83 in a5811a2

func getSetupRules() []ruleParams {
return []ruleParams{
{100, -1, syscall.RT_TABLE_MAIN, netlink.FAMILY_V4, false, 0, "rule with suppress prefixlen v4"},
{100, -1, syscall.RT_TABLE_MAIN, netlink.FAMILY_V6, false, 0, "rule with suppress prefixlen v6"},
{110, nbnet.NetbirdFwmark, NetbirdVPNTableID, netlink.FAMILY_V4, true, -1, "rule v4 netbird"},
{110, nbnet.NetbirdFwmark, NetbirdVPNTableID, netlink.FAMILY_V6, true, -1, "rule v6 netbird"},
}
}

Currently to fix this, we need to revert to the old routing logic:

$ sudo mkdir -p /etc/sysconfig
$ echo 'NB_USE_LEGACY_ROUTING=true'  | sudo tee -a /etc/sysconfig/netbird
$ sudo systemctl restart netbird

To Reproduce

Steps to reproduce the behavior:

  1. Upgrade to a newer version of Netbird.
  2. Check ip route show. It won't show the Netbird routes in the main table.
  3. Check ip route show table all. See Netbird table with ID 7120.
  4. Check ip rule show. See that the main table has a higher lookup priority than the Netbird table.
  5. Netbird network route fails in case the network route's subnet (eg. 192.168.0.0/16), overlaps with the local network subnet (eg. 192.168.0.0/24).

Expected behavior

On connecting to Netbird, the Netbird routes should have a higher lookup priority than the local subnet.

Are you using NetBird Cloud?

Self-hosted NetBird's control plane.

NetBird version

netbird version: 0.27.7
@mlsmaycon mlsmaycon added bug Something isn't working client routes and removed triage-needed labels May 17, 2024
@mlsmaycon
Copy link
Collaborator

Thanks for opening this bug report. We will look into the best solution for this case and fix in the next releases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working client routes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlsmaycon @Thunderbottom