Ticket: CM-7756
Reviewed By: roopa
Testing Done: built powerpc and tested ifupdown2 as well as new tests
Once mstpctl-portbpdufilter or mstpctl-bpduguard is enabled for
an interface, removing the configuration in /etc/network/interfaces
does not toggle the mstpctl state back to no.
The root cause of this problem is that "ifreload" does not check default settings for MSTP configuration
for bridge ports and use a default when that setting is removed from the configuration.
This patch adds a check in the existing loop on attribute values.
If there is no configured value, we check to see if a default exists.
self._modinfo['attrs'][attrname]['default'] exists.
If it exists and it is different then the currently running value
we reset the attribute to its default. This is what a customer would expect if
they removed a configured value.
(also added test in cl-tests to check this functionality)
(cherry picked from commit 63d0f7082d44fedabe002aebbb658751dc655a46)
Ticket:
Reviewed By:
Testing Done: Tested ifquery --check with bridge-pvid
bridge-pvid and bridge-vids on a bridge does
not correspond directly to a running config
on the bridge. They correspond to default
values for the bridge ports. And they are
already checked against running config of the
bridge port and reported against a bridge port.
So, This patch ignores these attributes under the bridge.
Uses '2' for ignore today. XXX: '2' will be
mapped to a defined value in subsequent patches.
Before:
auto bridge
iface bridge
[fail]
bridge-vlan-aware yes [pass]
bridge-ports swp3 swp4 [pass]
bridge-pvid notfound [fail]
After:
auto bridge
iface bridge
[pass]
bridge-vlan-aware yes [pass]
bridge-ports swp3 swp4 [pass]
bridge-pvid 20
(cherry picked from commit 29e70abbf7920cf94c3ebd738dd757c2ca27b35c)
Ticket: CM-7917
Reviewed By: CCR-3845
Testing Done: Tested changing address and ifreloading on multiple iface stanzas
In presence of multiple iface stanzas, current ifupdown2 does not purge
existing addresses.
Because each ifaceobject processing looks at only its stanzas and it is
afraid that it may purge running addresses that does not belong to
itself. Historically multiple iface stanzas are processed individually
than squashing them as a single interface. Squashing iface stanzas into
a single iface stanza has been a problem in the past and also does not
work well with iface stanzas that are supported by ifupdown (I dont have
a specific problem example right now...but)
This patch processes all address attributes when processing the first iface
object (or iface stanza). Unsure if this can be a surprise to existing
users. It should not but cant say sometimes people have weird things in
their pre-up/post-up commands. Hence this is controlled by a ifupdown2.conf
variable addr_config_squash=0 set to off by default. still debating if this
can be on by default.
When addr_config_squash=0 and existing addresses are not purged a
warning is displayed:
"warning: swp1: interface has multiple iface stanzas skip purging
existing addresses"
(cherry picked from commit 7aaa75674547392f2abb8273b18671f0795b3eaf)
Ticket:
Reviewed By: CCR-3804
Testing Done: Tested regex parsing failures
This is mostly a cosmetic fix. we were failing with weird/unclear errors
on unable to parse regex expressions correctly.
This patch mainly adds the interface name to the message and plus adds
an info message showing the actual regex being used in searches.
example config:
{noformat}
auto br-roopa
iface br-roopa
bridge-vlan-aware yes
bridge-ports regex '(\\Aswp3\\Z|\\Aswp4\\Z)'
bridge-pvid 20
{noformat}
before the patch:
warning: br-roopa: error getting dependent interfaces (unbalanced
parenthesis)
after the patch (not pretty but easier to debug)
info: br-roopa: evaluating port expr '['regex', "'(", 'Aswp3', 'Z|',
'Aswp4', "Z)'"]'
warning: br-roopa: error getting dependent interfaces (br-roopa: error
searching regex ''(' in swp38 (unbalanced parenthesis))
(cherry picked from commit bcca6f753a25494666d53f1f2f3c855ffa41d7f0)
This reverts commit bbd11771f5571c67c8f110c2b464817ce31155b9.
This introduced an error where if the config has old bridge driver
and configures port attributes on the bridge, the attributes are reset
to defaults after they are configured by the bridge settings.
(cherry picked from commit 651d1980de02fb108975900ed007087d9a79934c)
Ticket: CM-8143
Reviewed By: scotte, roopa
Testing Done: ssim and powerpc
This was first seen as a side issue with switchd terminating and not restarting (filed as CM-8109).
When ifreload -a is issued, all of the vrr interfaces were bounced, even though there were not any
configuration changes.
In keeping with the philosphy of making ifreload non-disruptive, this patch no longer
disrupts vrrs if the existing config has not changed.
Ticket: CM-8248
Reviewed By: Trivial
Testing Done: None
Fix for
On bootup and during service network restart these warning messages are thrown out.
root@cel-ken-01:/var/log# service networking restart
[....] Reconfiguring network interfaces...warning: global name 'get_mod_subattr' is not defined
warning: global name 'get_mod_subattr' is not defined
warning: global name 'get_mod_subattr' is not defined
warning messages in ifupdown2
Ticket: CM-7756
Reviewed By: roopa
Testing Done: Tested ssim and powerpc images
Once mstpctl-portbpdufilter or mstpctl-bpduguard is enabled for
an interface, removing the configuration in /etc/network/interfaces
does not toggle the mstpctl state back to no.
The root cause of this problem is that "ifreload" does not check default settings for MSTP configuration
for bridge ports and use a default when that setting is removed from the configuration.
This patch adds a check in the existing loop on attribute values.
If there is no configured value, we check to see if a default exists.
self._modinfo['attrs'][attrname]['default'] exists.
If it exists and it is different then the currently running value
we reset the attribute to its default. This is what a customer would expect if
they removed a configured value.
Ticket: CM-6626
Reviewed By: CCR-3768
Testing Done: Tested with testcase specified in bug
There was an earlier implementation for this for 2.5.4 (CCR-3599 a quick
fix for 2.5.4). This patch re-implements the fix.
This patch essentially handles stp set before and after the port is
processed. It replaces the below commit with the patch in this review
{noformat}
commit 3af351f0a005236e747913bb499c6165e3ec43a4
Author: Roopa Prabhu <roopa@cumulusnetworks.com>
Date: Tue Sep 29 10:12:07 2015 -0700
Fix mstp settings ordering issues when bridge stp is toggled on and
off
(when mstp settings are specified under the port)
Ticket: CM-6626
Reviewed By: CCR-3599
Testing Done: Tested the problem case mentioned in the bug (Plan to
re-work the fix a bit for 2.5.5)
{noformat}
Example:
{noformat}
auto host1
iface host1
mtu 9000
bond-slaves glob swp[25-26]
bond-mode 802.3ad
bond-miimon 100
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-xmit-hash-policy layer3+4
clag-id 1
mstpctl-portadminedge yes
mstpctl-bpduguard yes
auto bridge
iface bridge
mtu 9000
bridge-vlan-aware yes
bridge-ports peerlink host1
bridge-stp on
bridge-vids 1000-3000
bridge-pvid 1
info log stmts:
--------------------
info: host1: ignoring mstpctl-portadminedge config (stp on bridge bridge
is not on yet)
info: host1: ignoring mstpctl-bpduguard config (stp on bridge bridge is
not on yet)
<snip>
info: bridge: processing bridge config for port host1
info: bridge: processing mstp config for port host1
info: executing /sbin/mstpctl showportdetail bridge host1
admin-edge-port
info: executing /sbin/mstpctl setportadminedge bridge host1 yes
info: executing /sbin/mstpctl showportdetail bridge host1
bpdu-guard-port
info: executing /sbin/mstpctl setbpduguard bridge host1 yes
{noformat}
Ticket: CM-8161
Reviewed By: Roopa
Testing Done:
With vlan-aware bridge, when replacing a port's pvid, the kernel leaves
the port in the original pvid and relies on user space to explicitly
delete the port from that vlan if it is no longer a member of that.
ifupdown does that correctly in ifup and ifreload cases, but missed
removing the port from the default pvid during system reboot. This
patch fixes that by removing the PERFMODE check specifically for pvid
that causes ifupdown to skip checking running config on reboot which
leads to the bug.
(cherry picked from commit 0461a3f3cc82691cd32b9f6dbefaacf7b23eaeea)
Ticket: CM-6740
Reviewed By: roopa
Testing Done: tested multiple ifreloads with various test cases
In the case of duplicate iface stanzas where one of the stanzas sets
the link attributes, ifupdown2 was confused because the absence
of link attributes forced it to reset them to default values
(when they existed).
This patch tracks link changes and prevents resetting to defaults
only if there are no explicit settings configured. Furthermore,
only the last interface processed (from the duplicates) will take
care of resetting to defaults.
Ticket: CM-6106
Reviewed By: CCR-3637
Testing Done: Tested address under a bridge
We had shipped example files with addresses under bridges and slaves
in 2.5.3. With the warning introduced in 2.5.4, we will start emitting
warnings for existing customer files. And I have recently
learnt that users are relying on warnings to detect errors.
With this commit I am changing the warn to an info message
to avoid breaking existing users. We can change it back to a warn in
3.0.
changed:
"warning: interface bridge is enslaved or a vlan aware bridge and cannot
have an IP Address"
to:
"info: bridge: ignoring ip address. Interface is enslaved or a vlan
aware bridge and cannot have an IP Address"
(cherry picked from commit ecb20279e3d3c123537b9e6fddea4590c63a5013)
the tree)
Ticket: CM-7765
Reviewed By: CCR-3621
Testing Done: tested interface dependencies with auto and non-auto
interfaces
This commit fixes a change in behaviour introduced by "460906d0552d" ("skip adding
filtered or blacklisted interfaces in the dependency graph") that
skipped non-auto (or blacklisted) interfaces.
Turns out we have files out there that do have non-auto
dependents. This patch makes sure blacklisted interfaces who are
dependents of other interfaces are always picked up.
(when mstp settings are specified under the port)
Ticket: CM-6626
Reviewed By: CCR-3599
Testing Done: Tested the problem case mentioned in the bug (Plan to
re-work the fix a bit for 2.5.5)
problem:
mstp parameters can be specified under the port or under the bridge
When they are specified under the bridge, there should be no problem
(When you process the bridge, all things on the bridge port are set in
order)
When they are specified under the port:
we check if the bridge is up, if yes, and stp is already configured,
we process mstpctl settings
This check today only checks running stp_state
We should also check the user configured stp state for the bridge
Note that the problem exists only if the bridge and ports are
already up and user executes ifup again and when we need to re-evaluate
the bridge port settings
solution:
When the bridge port is being checked for mstp settings, not only
check running stp state, but also check user specified stp state and
correct bridge stp state before proceeding with mstp configuration
Few things to note with this patch:
- If user changed stp state on bridge to 'on', and did `ifup
<bridge_port>'`,
though the user has not ifup'ed the bridge yet, the bridge stp state
will be applied (very few people will run into this and practically this
should not be a problem atall. But from correctness POV it is
a voilation. ).
- To avoid this, the other solution would have been to let the bridge
port code be as is, but handle this during bringing up the bridge,
but, this can confuse the user, because when processing the
bridge_port, you will still throw warnings even if the port stp config
is later reapplied when the bridge comes up
- note that the patch only handles the case when stp state is not on and
somebody turned it on. For the case where stp state was on and somebody
turned it off, this patch wont throw warnings for the mstpctl config. But
it will not cause any issues because once stp is off things will be ok
everywhere. I want to keep any changes here out of this patch. I will
document this in the bug...and see if i can handle this in 2.5.5
Ticket: CM-7410
Reviewed By: CCR-3470
Testing Done:
When vxrd is not enabled in /etc/default/vxrd, the 'service vxrd status'
command returns 0, causing the vxlan-remoteip to be not applied even
though it should have. Fix is to change to checking pidfile of vxrd.
Ticket: CM-7087
Reviewed By: CCR-3379
Testing Done: unit testing with clag_vxlan_clos_spec/cfg.py
On clag pairing, clagd changes local address of vxlan device to anycast ip.
If user does ifreload now, ifupdown2 will overwrite local address with
individual ip contained in /etc/netwrok/interfaces. vxlan.py caches
anycast_ip configuration so that ifquery -c can skip it from flagging error
and ifreload skip overwriting vxlan device's local ip.
vxrd provisions head-end replication endpoints by adding bridge fdb entries.
If /etc/network/interfaces doesn't have remote-ip attribute, then on ifreload
ifupdown2 will delete all vxrd provisioned entries. ifupdown will check for
presence of vxrd service and skip add/delete bridge fdb entries for
head-end replication
On ifreload vxlan device are put in proto-down even if they are up and running.
Check for operstate and put it in proto-down only if operstate transitions from
down to up.
Ticket: CM-3525
Reviewed By: CCR-3326
Testing Done: Tested creating dummy devices using ifupdown2
This is modification to gospos loopback module. It solves the same
purpose ie using linux dummy device like a loopback device but there were
objections on calling it loopback so i have renamed it to link and i have changed it
into a generic module that can do any 'ip link'. Can be extended for
link args in the future.
below example creates a loopy device
$ifquery loopy
auto loopy
iface loopy
link-type dummy
$ifup loopy
$ifquery -c loopy
auto loopy
iface loopy [pass]
link-type dummy [pass]
(cherry picked from commit 1151420408a53c106d29183a1e0da5562c8b03a3)
Ticket: CM-7128
Reviewed By: Trivial
Testing Done: unit tested on Ken's machine
The ifupdown2 ethtool addon module fails to set/check
the link-speed on bridge ports.
I removed excessive ifaceLinkKind checking since CM-6619
(03642a9a) added BRIDGE_PORT and BOND_SLAVE. This is ok
since we now check to see if ports have defaults (only swp do)
before showing or changing settings).
Ticket: CM-6862
Reviewed By: CCR-3278
Testing Done:
Currently, ifupdown implicitly configures pvid on a bridge port
in case user doesn't configure it. There is no way to configure
a bridge port to not accept untagged packets. The new option
allows user to do that without changing the current default
behavior.
Ticket: CM-6496
Reviewed By: CCR-3196
Testing Done:
The "ip batch command to add a bridge port and flush the dev" command with 1k netdevices was taking 1.4G of memory. With 2k netdevices batch, this command was causing a OOM condition. To avoid this, commit the batch after 250 ports. Ideally we have to look at the internal batch implementation to see if there is an underlying issue.
Ticket: CM-6702
Reviewed By: roopa
Testing Done: unit and smoke tested with ifupdown2 suite
When address-virtual mac adddress is modified, removed from an SVI, or the SVI is removed,
the permanent mac address is not removed.
This patch addresses all three cases but creating a global statemanager instance
and removing address-virtual FDB entries that were previously configured.
Ticket: CM-6815, CM-6816, CM-6817
Reviewed By: CCR-3234
Testing Done: unit testing
CM-6815 : ip link set syntax for svcnode has been changed. Absence of svcnode
will retain the existing values. svcnode 0.0.0.0 is needed to wipe out service
node addresses in vxlan device. Modified ifupdown2 to use svcnode 0.0.0.0 to
clean up service node address.
CM-6816: "bridge-clan-aware no" is not handled in query-check and hence ifquery
on bridge interface with "bridge-vlan-aware no" fails. Modified bridge's
query-check to take care of this.
CM-6817: With default ageing value (300), if query -c <vxlan device> was
failing. Set ageing to 300 if not specified and compare it with running config.
Ticket: CM-6619
Reviewed By: CCR-3191
Testing Done: Tested upperiface bringup for bridge and vlan devices
'up' on bridge was always done to add the newly created port to the bridge
in cases where the bridge is not part of the interfaces being brought
up. But This will try to re-apply bridge port attributes on all bridge
ports and that can take a while when there are large number of bridge
ports. This patch currently avoids the bridge up for only the vlan
aware bridge case.
Ticket: CM-6723
Reviewed By: roopa
Testing Done: unit tested and testifupdown2 test suite
This patch installs bond interface defaults in
/etc/network/ifupdown2/policy.d/bond_defaults.json
and allows users to modify this file. Users can then leave out these
bond attributes in their configs to save typing and space.
It also changes the ifenslave and ifenslaveutil module to bond and
bondutil, respectively to be consistent with other modules
(and also because customers think of "bond" interfaces not
"ifenslave" interfaces.)
For example, the default file installed looks like the following:
{
"README": "This file is user generated and modifiable.",
"bond": {
"defaults": {
"bond-mode": "802.3ad",
"bond-miimon": "100",
"bond-use-carrier": "1",
"bond-lacp-rate": "0",
"bond-min-links": "1",
"bond-xmic-hash-policy": "layer3+4"
}
}
}
Please enter the commit message for your changes. Lines starting
Ticket: CM-6630
Reviewed By: roopa
Testing Done: unit tested
We still run ethtool on most interfaces even if we don't have defaults to use.
The last bug I fixed (CM-6557) should have also fixed that (even if it was specific to
ifquery).
We now check if there is a configured attribute and if there is a default
value. If we do not have both, we continue without calling ethtool to get the running value.
Ticket: CM-6284
Reviewed By: roopa
Testing Done: unit tested change
Running ifquery --running -a will truncate the pvid number to a single digit for the bridge.
This patch appendis the entire pvid instead of only the first character.
Ticket: CM-6557
Reviewed By: roopa, gospo
Testing Done: unit tested
ifquery should not show link attributes for interfaces we do not have defaults for.
Although somewhat useful, we don't want people saving the bond link attributes
to try to use then in a config
Ticket: CM-5730
Reviewed By: roopa
Testing Done: tested change on Sean and Jason's lab setup
The dhcp restart on all interfaces using dhcp causes a reconnection
for NTP and in addition, a recent addition of rack management packages
(CM-5782) added ntp and a exit-hook script that also interrupted NTP
for a second time. This patch will check for dhclient running (IPv4 and IPv6)
and not restart dhcp if it's already running.
Ticket: CM-6106
Reviewed By: roopa,scotte
Testing Done: ran ifupdown2 regression suite and hand tested
This patch prevents IP address assignment under vlan aware bridges.
This prevents some confusion because a bridge subinterface is required
for layer 3 termination.
Ticket: CM-6275
Reviewed By: roopa,dustin
Testing Done: Unit tested and ran complete ifupdown2 test suite
There are unnecessary calls to the ethtool module that cause some error messages to be printed.
We currently don't check ifaceobj.link_kind at the start
so this check was added.
If someone creates a new interface without setting link_kind, we still printed error message.
This patch adds a check at the start of ethtool.
This patch also removes the global link defaults (used by ifupdown2/ethtool)
created when update-ports is called. The defaults are created for each swp port
so we don't have defaults (and therefore will not attempt to set) for interfaces
like eth0, loopbacks, dummys, vxlans, or any other non swp interface.
Ticket: CM-5146
Reviewed By: roopa,jtoppins
Testing Done: built new ifupdown package and ran testifupdown2 suite of tests
This patch prevents enslaved interfaces from having IP addresses.
(cherry picked from commit 0c00606fbc76db11557a8e946310e93a2b376aa7)
(cherry picked from commit dc30987acfc6af356b9e055db95d94ae45f0de9f)
Ticket: CM-5254
Reviewed By: roopa
Testing Done: tested master and 2.5_br images with testifupdown2 suite and hand tested
This patch creates a json defaults file upon bootup
(which can be overridden by customer configs in /etc)
which the ethtool module in ifupdown2 will consult
when "link-x" configs are removed in order to restore
them to the initial settings used by the switch.
(cherry picked from commit 8388664f5a5a85f2a813cafbf40ac92d7b86f4bf)
Conflicts:
packages/cl-utilities/usrlib/update-ports
(cherry picked from commit 21c9c10ab2fccaf60be9accb337e82541d497cc4)
Ticket: CM-5105
Reviewed By: roopa
Testing Done: tested configs before and after change
We needed a configuration option to add vxlan-ageing to
ifupdown2 configs. This patch adds the option to change
the vxlan-ageing timer currently set with "ip link"
commands.
(cherry picked from commit 9832462c365bd2b900b98f5675d407d1b11c4a95)
Conflicts:
packages/ifupdown2/addons/vxlan.py
packages/ifupdown2/ifupdownaddons/iproute2.py
Ticket: CM-5887
Reviewed By: trivial
Testing Done: Tested with sample config in the bug
(cherry picked from commit e90149a1e8ea3bc94e07fb080361e6909b12e81b)
Ticket: CM-5924, CM-5937, CM-5921, CM-5932
Reviewed By: CCR-2911
Testing Done:
bonding driver:
- renamed bond lacp-bypass-use-priority config option to
lacp-bypass-all-active with the default value of 0
- ignore clag role when lacp-bypass-all-active is enabled
- added info logging of lacp bypass state changes
iproute2:
- renamed bond lacp-bypass-use-priority config option
ifupdown:
- renamed bond lacp-bypass-use-priority config option
- added default value handling for lacp bypass attributes
switchd:
- macs learned on individual slaves are now sync to kernel with
the bond's ifindex. This eliminates flooding when cpu is
communicating to the host where the bond is in lacp bypass
- fixed bond forwarding state propagation to individual slaves in
bypass
Ticket: CM-5832
Reviewed By: CCR-2875
Testing Done: Tested with test case in the bug and other orders
kernel(upstream and us) does not seem to honor the vidinfo flags
during the deletes. Hence, this reordering becomes necessary.
tested with the example in the bug and also some other examples.
code wise this combines two existing methods but leaves the two existing methods
around for future use. Will remove them if they become completely
unnecessary.
Ticket: CM-5693
Reviewed By: roopa
Testing Done: tested bridge and bonds with interfaces with configs
Both bridge and mstpctl modules set priv_flags on interfaces
that have configs (like link-speed) even when used as bridge-ports.
And this collision causes statemanager.ifaceobj_sync() to never get called
because ifaceobj.priv_flags is 1 (we return immediately):
The fix was to create a new iface module_flags array to carry module info.
Ticket: CM-5637
Reviewed By: CCR-2755
Testing Done:
Replaced vxlan-peernodeip attribute with vxlan-remoteip. Updated
the vxlan and iproute2 modules to configure head end replication
using bridge fdb commands.
Ticket: CM-5355
Reviewed By: roopa
Testing Done: Tested config in ticket
MTU settings are defaulted 1500 when interface is ifdowned.
This has the effect of changing the MTU on the interface and any subinterfaces to
1500. And if these subinterfaces are in a bridge, the bridge will pick the MIN MTU
so the bridge keeps this MTU even after the interface is brought back up. The sub
interface does not change to a higher value then 1500 (kernel VLAN driver only
moves the MTU is the decreasing direction.
