Ticket: CM-11803
Reviewed By: dsa, scotte, wkok, nikhil, julien
Testing Done: tested config of address-virtual lines on vrf slaves
This patch does the following:
- addressvirtual: enslaves macvlans created on vrf slaves
to the vrf master
- vrf: when looking for stale slaves on vrf master, skip
macvlan devices. This code does basic checking right now
and can be improved to include more cases.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
commands
Ticket: CM-11274
Testing Done: julien, wkok, nikhil
It uses and goes with the the other batch variables and apis.
This one just calls the 'bridge -batch' command instead
of the 'ip -batch' command.
This can be used to batch bridge commands.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11624
Reviewed By: roopa, julien
Testing Done: using configuration mentioned in the bug
This patch fixes 'ifquery -c' failure for 'bridge-pvid' on
all bridge ports.
The following format of '/sbin/bridge -c vlan show' output was not handled properly
by iproute2
port vlan ids
swp1 600
700-710
711 PVID Egress Untagged
712-900
iproute2 was parsing the '/sbin/bridge -c vlan show' output with the assumption that
pvid line '711 PVID Egress Untagged' appears before all the vland ids.
Something like this:
port vlan ids
swp1 711 PVID Egress Untagged
600
700-710
712-900
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: None
Reviewed By: CCR-4692
Testing Done: smoke + scale tests
If called with close_fds=True the subprocess module will try to close every fd
from 3 to MAXFD before executing the specified command. This is done in Python
not even with a C-implementation which truly affecting performances.
This patch aims to better handle the file descriptor used by ifupdown2. Either
by closing them after use or by setting the close-on-exec flag for the file
descriptor, which causes the file descriptor to be automatically
(and atomically) closed when any of the exec-family functions succeed.
With the actual patch all tests are passing, I can't think of any future issue
but if any a possible future modification might be to use the parameter
'preexec_fn', which allows us to set function which will be executed in the
child process before executing the command line. We can always manually close
any remaining open file descriptors with something like:
>>> os.listdir('/proc/self/fd/')
['0', '1', '2', ‘3’, etc..]
>>> for fd in os.listdir('/proc/self/fd/')
>>> if int(fd) > 2:
>>> os.close(fd)
This patch is also totally re-organising the use of subprocesses. By removing
all subprocess code redundancy.
Ticket: CM-8736
Reviewed By: Roopa
Testing Done: Smoke tests + the ones from the ticket
By default ifupdown2 will adjust logical devices MTU
based on the physical interface they are running on top of.
set this flag to 0 to disable this behaviour
adjust_logical_dev_mtu=1
Ticket: CM-10281
Reviewed By: Roopa Prabhu
Testing Done: Tested with the configuration mentioned in the bug id
Due to bug CM-10188, defualt route via gateway is not installed in time.
It needs 2 sec delay, and fix to CM-10188 shall rectify this issue.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: cleanup
Reviewed By:
Testing Done: Tested ifupdown sanity
This gets rid of some ugly previous flag handling which was
passed through modules. This creates a global instance of
flags that all addon modules and helper modules can use.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10302
Reviewed By: julien
Testing Done: Tested ifdown of an interface and make sure the addresses
are deleted
cache_invalidate can be called when an interface gets deleted
or on any other deletion event (this is because we dont really
know, what other things have been implicitly deleted by the kernel).
on ifdown, the cache can get invalidated. But if we dont
reset the cache flag, the fill cache functions can still think
the cache is valid and can return None for any queries.
This was happening to address queries, which resulted in
leaving behind configured addresses. because ifdown
thought that there were no running addresses on the interface.
Ticket: CM-10175
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb onto dell-s3000-02
This patch is a git revert of commit 934c4c49c0.
In addition to that, order of _addr_filter() function call arguments are
changed to match the function definition.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket:
Reviewed By: trivial
Testing Done: tested address gets with refresh flag + ran ssim test testifupdown2.py
- also fixes refresh flag handling in cache _addr_fill function
- this api can be used to get addresses from the cache by first
refreshing the cache. So the caller gets fresh running addresses.
(its not used right now but came up during the need to re-apply
addresses for ipv6 vrf slaves since their addresses may disappear)
This reverts commit 934c4c49c0.
Ticket: CM-10175
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
default addr fix for vrf check is deleting lo addrs accidentally
info: rtnetlink: setting link lo up
info: executing ip addr del ::1/128 dev lo
info: executing ip addr del 127.0.0.1/8 dev lo
info: eth0: running ops ...
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10188, CM-10061
Reviewed By: dsa, nikhil, julien
Testing Done: Tested static routes with vrf names for tables
This patch does the following:
- if a single vrf device is present in the config,
builds the vrf map by reading vrf interfaces from the kernel (with
existing link cache. Builds a shadow vrf only attribute cache)
- reads existing table map and adjusts it if required
- main change is the iproute2 map file on disk is updated
immediately on vrf creation, so that static routes used along with the
vrf slaves can use the vrf name for the table. This also helps dhclient dns
hook script which may use mgmt table name directly.
- cleans up default routes on down
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9929
Reviewed By:
Testing Done: Tested vrf dhcp slave enslavement on ifreload
algo:
- when a vrf slave enslavement changes, before performing the
new master enslavement,
- check if vrf slave has dhcp configured
- if yes, release dhclient running on the vrf slave
Ticket: CM-9594
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch fixes the failure to execute the command
'ip link set dev eth0 nomaster' when 'eth0' is associated with any vrf
This patch also include a review comment update for CCR-4210
Ticket: CM-8729
Reviewed By: trivial
Testing Done: Tested with a config with vlan-raw-device
'ip -o -d link show' introduced a new attribute between
'vlan and id'. This makes the move to json or netlink
even more necessary.
The fixes were done for the following format:
61: vlan100@swp1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT group default \ link/ether
00:e0:ec:27:4e:b7 brd ff:ff:ff:ff:ff:ff promiscuity 0 \ vlan protocol
802.1Q id 100 <REORDER_HDR> addrgenmode eui64
The vrf device may not be up when ifup is executed on the
slaves. This commit makes sure:
- vrf slaves dont try to enslave themselves when vrf device is
not present
- And vrf master enslaves any missing slaves during ifup of vrf master
- Also make vrf device the link master, this will make sure
the vrf device brings the vrf slave links up. This is needed to work
around the ipv6 address flush issue
Closes: CM-9493
Review: dsa, nikhil, wkok (via git send-mail)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9520
Reviewed By: CCR-4152
Testing Done: verified service node configuration
Use "remote" attribute in iproute2 command to provision
service node address for service node based replication. Changes also
include allowing only one service node per vxlan device, so its user's
responsiblity to select one service node per vxlan device if there
are multiple nodes to distribute the load.
Ticket:CM-9106
Reviewed By: Roopa Prabhu and Dave Olson
Testing Done: Yes, by installing ifupdown and cumulus-tools deb on to cel-e1031-01
This patch adds per vrf default route: "ip route add table <tbid> unreachable default"
It also accepts a policy file with vrf-default-route [yes/no]
This also includes ifquery fixes for running and check.
Ticket: CM-6806
Reviewed By: CCR-4126
Testing Done:
Currently, when doing ifup of a bridge, the bridge is created
and ports are added to bridge before vlan_filtering is set on
the bridge. This causes extra churn on switchd which has to
configure the hardware one way and then tear it down and
reconfigure it again in the new way. For mlx, it causes even
more problems.
This patch moves the vlan_filtering setting of bridge to before
member ports are being added to the bridge, and it uses the new
iproute2 command for setting the attribute instead of through
sysfs.
Ticket: CM-9097
Reviewed By: Trivial
Testing Done: Tested on Chris' config
In 3.0, the bridge vlan show command does not print
VLAN ranges unless you use the "-c" option.
This patch modifies the bridge vlan show call in
iproute2.py to use "-c".
This patch adds initial support for vrf in ifupdown2.
Example interfaces file section:
auto swp1.100
iface swp1.100
vrf blue
auto blue
iface blue
vrf-table 10
iproute2 vrf map is generated under:
/etc/iproute2/rt_tables.d/ifupdown2.vrf_map
this patch also adds prelimnary support for 'vrf-table auto'.
But this needs more work.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7410
Reviewed By: CCR-3470
Testing Done:
When vxrd is not enabled in /etc/default/vxrd, the 'service vxrd status'
command returns 0, causing the vxlan-remoteip to be not applied even
though it should have. Fix is to change to checking pidfile of vxrd.
Ticket: CM-7087
Reviewed By: CCR-3379
Testing Done: unit testing with clag_vxlan_clos_spec/cfg.py
On clag pairing, clagd changes local address of vxlan device to anycast ip.
If user does ifreload now, ifupdown2 will overwrite local address with
individual ip contained in /etc/netwrok/interfaces. vxlan.py caches
anycast_ip configuration so that ifquery -c can skip it from flagging error
and ifreload skip overwriting vxlan device's local ip.
vxrd provisions head-end replication endpoints by adding bridge fdb entries.
If /etc/network/interfaces doesn't have remote-ip attribute, then on ifreload
ifupdown2 will delete all vxrd provisioned entries. ifupdown will check for
presence of vxrd service and skip add/delete bridge fdb entries for
head-end replication
On ifreload vxlan device are put in proto-down even if they are up and running.
Check for operstate and put it in proto-down only if operstate transitions from
down to up.
Ticket: CM-3525
Reviewed By: CCR-3326
Testing Done: Tested creating dummy devices using ifupdown2
This is modification to gospos loopback module. It solves the same
purpose ie using linux dummy device like a loopback device but there were
objections on calling it loopback so i have renamed it to link and i have changed it
into a generic module that can do any 'ip link'. Can be extended for
link args in the future.
below example creates a loopy device
$ifquery loopy
auto loopy
iface loopy
link-type dummy
$ifup loopy
$ifquery -c loopy
auto loopy
iface loopy [pass]
link-type dummy [pass]
(cherry picked from commit 1151420408a53c106d29183a1e0da5562c8b03a3)
Ticket: CM-6815, CM-6816, CM-6817
Reviewed By: CCR-3234
Testing Done: unit testing
CM-6815 : ip link set syntax for svcnode has been changed. Absence of svcnode
will retain the existing values. svcnode 0.0.0.0 is needed to wipe out service
node addresses in vxlan device. Modified ifupdown2 to use svcnode 0.0.0.0 to
clean up service node address.
CM-6816: "bridge-clan-aware no" is not handled in query-check and hence ifquery
on bridge interface with "bridge-vlan-aware no" fails. Modified bridge's
query-check to take care of this.
CM-6817: With default ageing value (300), if query -c <vxlan device> was
failing. Set ageing to 300 if not specified and compare it with running config.
Ticket: CM-6329
Reviewed By: roopa
Testing Done: unit testing with vxlan configs
A bug iproute2.py creates an unnecessary warning
about appending the ageing value to a string.
This patch removes the append and simply sets the ageing value.
Ticket: CM-5105
Reviewed By: roopa
Testing Done: tested configs before and after change
We needed a configuration option to add vxlan-ageing to
ifupdown2 configs. This patch adds the option to change
the vxlan-ageing timer currently set with "ip link"
commands.
(cherry picked from commit 9832462c365bd2b900b98f5675d407d1b11c4a95)
Conflicts:
packages/ifupdown2/addons/vxlan.py
packages/ifupdown2/ifupdownaddons/iproute2.py
Ticket: CM-5637
Reviewed By: CCR-2755
Testing Done:
Replaced vxlan-peernodeip attribute with vxlan-remoteip. Updated
the vxlan and iproute2 modules to configure head end replication
using bridge fdb commands.
Ticket: CM-4859, CM-4382
Reviewed By:
Testing Done: Tested with config which included bond bridge ports with
zero address on the bond.
The bridge driver rejects the port add with -EINVAL.
A bond with no slaves is one usecase where the bond interface
has a zero hw address and is rejected by the bridge.
EINVAL currently is very confusing.
This patch checks for a valid ether add before enslaving the port to the
bridge.
Ticket: CM-4723
Reviewed By: CCR-2408
Testing Done: vxlan_fld_test.py:test_bond_vxlinux_convergence_flaps, manual testing
On tunnel delete, tunnel termination object in BCM sdk is not cleaned properly.
As a result, mpls_entry in the hardware is left around even though software has
deleted the tunnel. This prevents subsequent dynamic creation of the same tunnel
and also mac learning, as mpls_entry points to invalid SVP with no CML setting
to do hardware learning.
Also, changes in ifupdown2 to make "vxlan-learning on" as default, so that
user/script doesn't have to explicitly turn on the learning.
the vrr network is pointing to it
Ticket: CM-4639
Reviewed By:
Testing Done: Tested with interfaces file and steps from the bug
This is a Hack to make sure the primary address
is the first in the routing table. Its not a full proof solution.
We use `ip route get` on the vrr network to see which
device the kernel returns. if it is the mac vlan device,
flap the macvlan device to adjust the routing table entry.
flapping the macvlan device makes sure the macvlan
connected route goes through delete + add, hence adjusting
the order in the routing table.
Ticket: CM-4462
Reviewed By:
Testing Done: Tested with interfaces file given in the bug.
The 'network down' msg from the kernel is when the lower device is not
'admin up'. In CM-4462 it is seen when the vlan interface on the bond
is 'admin up' when the bond is still in 'admin down' state.
The bond is also a bridge port so, bond will be 'admin up' when
the bridge it belongs to is brought up.
As link_master_slave feature is on only when all network interfaces
are brought up/down, the states of all interfaces will eventually
converge to 'admin up', so ignoring such transient 'network down' messages.
