In the addressvirtual module we have some code that checks if stale macvlans should
be deleted (when the address-virtual or vrrp keywords are removed from the config).
To find those stale macvlans we basically do a glob search in /sys/class/net/ with
the macvlan prefix (ifname) defined by ifupdown2: '%s-v' % ifaceobj.name[0:13], which
for a device foo would create macvlans named foo-v0...foo-vN.
In this particular case we have a vxlan named: sha3szx4-vpn, which gets matched
and removed without actually checking if this device is a macvlan or not.
This commit adds a link_kind check to ensure that we are only removing macvlans.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
As mentioned in a previous commit:
python3 ipaddress behave differently from python2-ipaddr, this is
a serious problem for us since it breaks most of the ip addresses
code.
>>> import ipaddress
>>> ipaddress.ip_network("10.10.10.242/10", False)
IPv4Network('10.0.0.0/10')
This is a problem for us, so we need to use a custom IPNetwork object.
Our custom IPNetwork object uses ipaddress.IPAddress under the hood
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
IPNetwork doesn't exists anymore and is replaced by ip_network. IPv?Network (4 and 6)
objects take an optional argument "strict" that defaults to True. If strict is set
and the ip address has the host bit set it will raise an exception. This is bad
for ifupdown2, so we need to replace all calls to IPNetwork and IPv?Network with
function who will set strict to False. That way we can limit the number of changes
for this patch.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Not when we are reloading and applying config ot existing macvlans -
somebody may be using them, we don't want to protodown them in that
case.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
New VRRP macvlan devices should be set into protodown when first
created, to prevent ND traffic and other automatically generated kernel
traffic from being transmitted on the interface and causing downstream
MAC moves.
Reviewed-by: Julien Fortin <julien@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Now we support the following config:
auto swp1
iface swp1
vrrp 3 50.0.1.1/24
vrrp 3 2001:50:0:1::1/64
vrrp 3 2001:50:0:42::1/64
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
For each VRRP configuration we create 2 macvlans (ip4 and ip6), if the ip4
is removed from the config we need to remove the associated macvlan (same
for ip6).
Testing Done: remove all ip4 (or ip6) from vrr attribute line
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Add a vrrp config under swp intf - ifup, then remove the vrrp config - ifreload
the macvlans are not removed without this patch
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
The issue here lies with how we query the cache to get the ips addresses
configured on the macvlan. A few months ago we added support for link scope
addresses in the cache, since the kernel may add it's own link addresse to
some interfaces we need to filter them out when querying the cache (because
we just want to get the list of IPs managed by ifupdown2). To perform this
filtering we need to look at the current user configuration (/e/n/i) but we
also need to look at past configuration. To perform this filtering we need
to provide the API LinkUtils:get_running_addrs a special parameter for
address-virtual (we need an ifaceobj).
$ ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1000
iface vlan1000
address 192.168.10.2/24
address fc00:10::2/64
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64
address-virtual-ipv6-addrgen off
vlan-id 1000
vlan-raw-device bridge
vrf blue
auto bridge
iface bridge
bridge-ports swp1
auto blue
iface blue
vrf-table auto
$ ifreload -a
$ echo $?
0
$ ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1000
iface vlan1000 [pass]
vlan-raw-device bridge [pass]
vlan-id 1000 [pass]
vrf blue [pass]
address 192.168.10.2/24 [pass]
address fc00:10::2/64 [pass]
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64 [pass]
address-virtual-ipv6-addrgen off [pass]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
auto blue
iface blue [pass]
vrf-table 1001 [pass]
$ ifquery -r vlan1000
auto vlan1000
iface vlan1000
vlan-id 1000
vlan-protocol 802.1Q
vlan-raw-device bridge
address 192.168.10.2/24
address fc00:10::2/64
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fe80::1/64 fc00:10::1/64
address-virtual-ipv6-addrgen off
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
[13:09:20] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-raw-device bridge
ipv6-addrgen no
address-virtual-ipv6-addrgen no
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
auto bridge
iface bridge
bridge-ports swp1
[13:09:25] root:~ # ifup -a -v
info: loading builtin modules from ['/usr/share/ifupdown2/addons']
info: executing /var/lib/ifupdown2/hooks/get_reserved_vlan_range.sh
info: executing /sbin/sysctl net.bridge.bridge-allow-multiple-vlans
info: executing /bin/pidof mstpd
info: executing /bin/ip rule show
info: executing /bin/ip -6 rule show
info: address: using default mtu 1500
info: 'link_master_slave' is set. slave admin state changes will be delayed till the masters admin state change.
info: processing interfaces file /etc/network/interfaces
info: lo: running ops ...
info: netlink: ip link show
info: netlink: ip addr show
info: executing /bin/ip addr help
info: address metric support: KO
info: lo: netlink: ip link set dev lo up
info: reading '/proc/sys/net/mpls/conf/lo/input'
info: reading '/proc/sys/net/ipv4/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv6/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv4/conf/lo/accept_local'
info: executing /bin/systemctl is-enabled vxrd.service
info: eth0: running ops ...
info: executing /sbin/ethtool eth0
info: reading '/sys/class/net/eth0/speed'
info: reading '/sys/class/net/eth0/duplex'
info: eth0: netlink: ip link set dev eth0 up
info: dhclient4 already running on eth0. Not restarting.
info: reading '/proc/sys/net/mpls/conf/eth0/input'
info: reading '/proc/sys/net/ipv4/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv6/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv4/conf/eth0/accept_local'
info: swp1: running ops ...
info: executing /sbin/ethtool swp1
info: reading '/sys/class/net/swp1/speed'
info: reading '/sys/class/net/swp1/duplex'
info: executing /sbin/ethtool -s swp1 speed 1000 duplex full
info: reading '/proc/sys/net/mpls/conf/swp1/input'
info: reading '/proc/sys/net/ipv4/conf/swp1/accept_local'
info: bridge: running ops ...
info: bridge: netlink: ip link add bridge type bridge
info: bridge: apply bridge settings
info: bridge: set bridge-ageing 1800
info: bridge: set bridge-hashel 4096
info: bridge: set bridge-hashmax 4096
info: bridge: set bridge-mcstats on
info: reading '/sys/class/net/bridge/bridge/stp_state'
info: bridge: stp state reset, reapplying port settings
info: bridge: netlink: ip link set bridge type bridge with attributes
info: writing '1' to file /proc/sys/net/ipv6/conf/swp1/disable_ipv6
info: executing /bin/ip -force -batch - [link set dev swp1 master bridge
addr flush dev swp1
]
info: bridge: applying bridge port configuration: ['swp1']
info: bridge: swp1: set bridge-portprios 8
info: swp1: netlink: ip link set dev swp1: bridge slave attributes
info: executing /sbin/brctl showmcqv4src bridge
info: bridge: applying bridge configuration specific to ports
info: bridge: processing bridge config for port swp1
info: swp1: netlink: ip link set dev swp1 up
info: bridge: setting bridge mac to port swp1 mac
info: executing /bin/ip link set dev bridge address 90:e2:ba:2c:b1:96
info: executing /sbin/mstpctl showportdetail bridge json
info: executing /sbin/mstpctl showbridge json bridge
info: bridge: applying mstp configuration specific to ports
info: bridge: processing mstp config for port swp1
info: bridge: netlink: ip link set dev bridge up
info: reading '/proc/sys/net/mpls/conf/bridge/input'
info: executing /sbin/sysctl net.ipv4.conf.bridge.forwarding
info: executing /sbin/sysctl net.ipv6.conf.bridge.forwarding
info: executing /bin/ip -force -batch - [link set dev bridge down
link set dev bridge addrgenmode eui64
link set dev bridge up
]
info: reading '/proc/sys/net/ipv4/conf/bridge/accept_local'
info: vlan1903: running ops ...
info: vlan1903: netlink: ip link add link bridge name vlan1903 type vlan id 1903 protocol 802.1q
info: vlan1903: netlink: ip link set dev vlan1903 up
info: reading '/proc/sys/net/mpls/conf/vlan1903/input'
info: reading '/proc/sys/net/ipv4/conf/vlan1903/forwarding'
info: reading '/proc/sys/net/ipv6/conf/vlan1903/forwarding'
info: executing /bin/ip -force -batch - [link set dev vlan1903 down
link set dev vlan1903 addrgenmode none
link set dev vlan1903 up
]
info: vlan1903: netlink: ip link add link vlan1903 name vlan1903-v0 type macvlan mode private
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad=0
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits=0
info: executing /bin/ip -force -batch - [link set dev vlan1903-v0 addrgenmode none
link set dev vlan1903-v0 down
link set dev vlan1903-v0 address 00:00:5e:00:01:a3
link set dev vlan1903-v0 up
addr add 2a06:c01:1:1903::1/64 dev vlan1903-v0
addr add fe80::1/64 dev vlan1903-v0
addr add 185.98.123.1/24 dev vlan1903-v0
route del 2a06:c01:1:1903::/64 dev vlan1903-v0
route del fe80::/64 dev vlan1903-v0
route add 2a06:c01:1:1903::/64 dev vlan1903-v0 proto kernel metric 9999
route add fe80::/64 dev vlan1903-v0 proto kernel metric 9999
]
info: reading '/proc/sys/net/ipv4/conf/vlan1903/accept_local'
[13:09:29] root:~ #
[13:09:30] root:~ #
[13:09:30] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [pass]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [pass]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:09:33] root:~ #
[13:09:35] root:~ #
[13:09:35] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
ipv6-addrgen off
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen off
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
auto swp1
iface swp1
auto eth0
iface eth0 inet dhcp
auto lo
iface lo inet loopback
mtu 65536
[13:09:38] root:~ # ip -d link show vlan1903
20: vlan1903@bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 90:e2:ba:2c:b1:96 brd ff:ff:ff:ff:ff:ff promiscuity 1
vlan protocol 802.1Q id 1903 <REORDER_HDR> addrgenmode none
[13:09:50] root:~ # ip -d link show vlan1903-v0
21: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff promiscuity 0
macvlan mode private addrgenmode none
[13:09:53] root:~ #
[13:09:56] root:~ # ip link set dev vlan1903-v0 addrgenmode eui64
[13:10:23] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [fail]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [fail]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:10:29] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen on
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
auto swp1
iface swp1
auto eth0
iface eth0 inet dhcp
auto lo
iface lo inet loopback
mtu 65536
[13:10:33] root:~ #
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
When setting addrgenmode it is necessary to flap the macvlan
device. After flapping the device we also need to re-add all
the user configuration. The best way to add the user config
is to flush our internal address cache.
[10:12:10] root:~ # ifquery vlan1000
auto vlan1000
iface vlan1000
address 192.168.10.1/24
address fc00:10::1/64
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64
vlan-id 1000
vlan-raw-device bridge
[10:12:15] root:~ # ifup -a
[10:12:24] root:~ # echo $?
0
[10:12:26] root:~ # ifquery vlan1000 -c
auto vlan1000
iface vlan1000 [pass]
vlan-raw-device bridge [pass]
vlan-id 1000 [pass]
address 192.168.10.1/24 [pass]
address fc00:10::1/64 [pass]
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64 [pass]
[10:12:30] root:~ # ip -6 -o addr show vlan1000-v0
48: vlan1000-v0 inet6 fc00:10::1/64 scope global \ valid_lft forever preferred_lft forever
48: vlan1000-v0 inet6 fe80::200:5eff:fe00:101/64 scope link \ valid_lft forever preferred_lft forever
48: vlan1000-v0 inet6 fe80::1/64 scope link \ valid_lft forever preferred_lft forever
[10:12:33] root:~ #
[10:12:34] root:~ #
[10:12:34] root:~ # ifquery vlan1000
auto vlan1000
iface vlan1000
address 192.168.10.1/24
address fc00:10::1/64
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64
address-virtual-ipv6-addrgen off
vlan-id 1000
vlan-raw-device bridge
[10:12:39] root:~ #
[10:12:41] root:~ # ifreload -a -d
...
debug: vlan1000: up : running module addressvirtual
debug: vlan1000-v0: reset address cache <<<<<<<<<<<<<<<<<<<<<< without this reset ifupdown2 would be in a broken state
info: vlan1000: checking route entry ...
info: executing /bin/ip route get 192.168.10.0/24
info: netlink: ip link show dev vlan1000
info: netlink: ip link show dev vlan1000-v0
info: vlan1000-v0: netlink: ip link set dev vlan1000-v0 up
info: executing /bin/ip -force -batch - [link set dev vlan1000-v0 down
link set dev vlan1000-v0 addrgenmode none
link set dev vlan1000-v0 up
addr add 192.168.10.1/24 dev vlan1000-v0
addr add fc00:10::1/64 dev vlan1000-v0
addr add fe80::1/64 dev vlan1000-v0
]
...
[10:12:50] root:~ #
[10:12:51] root:~ # ip -6 -o addr show vlan1000-v0
48: vlan1000-v0 inet6 fc00:10::1/64 scope global \ valid_lft forever preferred_lft forever
48: vlan1000-v0 inet6 fe80::1/64 scope link \ valid_lft forever preferred_lft forever
[10:12:53] root:~ # ifquery vlan1000 -c
auto vlan1000
iface vlan1000 [pass]
vlan-raw-device bridge [pass]
vlan-id 1000 [pass]
address 192.168.10.1/24 [pass]
address fc00:10::1/64 [pass]
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64 [pass]
[10:13:03] root:~ # echo $?
0
[10:13:04] root:~ #
Reviewed-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
$ ifquery -a
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp1
auto bridge.2
iface bridge.2
address-virtual 01:01:01:02:02:02 1.10.10.10/32
$ ifup -a
error: bridge.2: Multicast bit is set in the virtual mac address '01:01:01:02:02:02'
$ echo $?
1
$
Reviewed-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ifupdown2 is now setting a default metric on macvlan ips. This policy will let
users disable this new default behavior. addressvirtual_with_route_metric is
boolean policy variable.
addressvirtual_with_route_metric: yes|no|on|off|1|0 (default to yes)
$ cat /var/lib/ifupdown2/policy.d/addressvirtual.json
{
"addressvirtual": {
"module_globals": {
"addressvirtual_with_route_metric": "no"
}
}
}
Reviewed-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Now that some system support ip addr METRIC sets we dont have to do this
"fix_connected_route" hack. The hack was previously introduced to make
sure the primary address was the first in the routing table. Some events
could cause some issues like having the macvlan address first in the
routing table. In that case the macvlan needs to be flapped. This shouldn't
happen when we are able to set the address metric
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
[14:53:46] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1903
iface vlan1903
alias LAB-CUST-VMS
vlan-id 1903
vlan-raw-device bridge
address 2a06:c01:1:1903::3/64
address 185.98.123.3/24
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
vrf public
auto public
iface public
vrf-table auto
auto bridge
iface bridge
bridge-ports swp1
[14:53:47] root:~ # ifup -a
[14:53:50] root:~ # ip addr show vlan1903-v0
46: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master public state UP group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff
inet 185.98.123.1/24 scope global vlan1903-v0
valid_lft forever preferred_lft forever
inet6 2a06:c01:1:1903::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::200:5eff:fe00:1a3/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
[14:53:52] root:~ #
[14:53:54] root:~ #
[14:53:54] root:~ # nano /etc/network/interfaces
[14:53:57] root:~ # ifquery vlan1903
auto vlan1903
iface vlan1903
alias LAB-CUST-VMS
vlan-id 1903
vlan-raw-device bridge
address 2a06:c01:1:1903::3/64
address 185.98.123.3/24
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
address-virtual-ipv6-addrgen off
vrf public
[14:54:05] root:~ # ifdown -a -X eth0
[14:54:08] root:~ # ifup -a -v
...
...
info: executing /bin/ip -force -batch - [link set dev vlan1903-v0 master public
link set dev vlan1903-v0 addrgenmode none
link set dev vlan1903-v0 down
link set dev vlan1903-v0 address 00:00:5e:00:01:a3
link set dev vlan1903-v0 up
addr add 2a06:c01:1:1903::1/64 dev vlan1903-v0
addr add fe80::1/64 dev vlan1903-v0
addr add 185.98.123.1/24 dev vlan1903-v0
route del 2a06:c01:1:1903::/64 table 1001 dev vlan1903-v0
route del fe80::/64 table 1001 dev vlan1903-v0
route add 2a06:c01:1:1903::/64 table 1001 dev vlan1903-v0 proto kernel metric 9999
route add fe80::/64 table 1001 dev vlan1903-v0 proto kernel metric 9999
]
...
...
[14:54:14] root:~ # ip addr show vlan1903-v0
50: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master public state UP group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff
inet 185.98.123.1/24 scope global vlan1903-v0
valid_lft forever preferred_lft forever
inet6 2a06:c01:1:1903::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
[14:54:16] root:~ #
Reviewed-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This is a major update coming all at once from master-next branch
master-next branch was started with --orphan option which is basically a new
branch without history.
The major changes are:
- repackaging
- cleanup the directory tree
- rewritte setup.py to allow install from deb file or pypi (pip install)
- add a Makefile to make things (like building a deb) easier
- review all debian files
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
ifupdown2 code was one level deeper because ifupdown2 initially
had ifupdown2 and ifupdown2-addons as two separate packages.
Since they were combined into one package, it makes sense to
move all combined code under the top level directory
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
