vxlan interfaces with the external flag get the vni for a frame based on
its vlan tag. If a frame is marked as untagged, the vxlan interface drops
the frame because there's no way to transmit a vxlan frame without a vni.
ifupdown2 configures the bridge pvid as an untagged vlan on single vxlan
interfaces. (Note that bridge-pvid is inherited from bridge to port and it
has a default value of 1.) This leads to the traffic being dropped for
traffic on that vlan. Avoid that problem by not configuring any vlans as
untagged on single vxlan interfaces.
using glob.glob is way to costly, use os.listdir to increase
performances.
Test with timeit show the following for 10k loop:
time_glob executed in 39.16788899600215 seconds
time_listdir executed in 5.625843115005409 seconds
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
The stale mac verification code was only working for the following syntax:
address-virtual MAC IP
and not
address-virtual MAC
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
The loopback addresses on VRF devices is added with scope global.
The scope must be host to prevent the kernel using the address on external routing/addresses.
Since this change is CL specific we need to control this behavior via policy.
We will re-evaluate later if we make this the default behavior for upstream as well.
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
* Fix: Sonarqube issues
* Fix: ifquery hangs indefinitely on ^C
* Fix: Skipping admin down on deleted vlans
* Fix: Merge existing MTU into new netlink object
* Fix: scheduler: env variable not properly set for user commands (fixes#218)
* Fix: ifquery-check: vlan-protocol for dotted interfaces
* Fix: Down ops on vrf-slave should set the slave admin down
* New: Allow bond creation without slaves
* New: Add `--set-ring` option to ethtool
* New: Openvswitch : add support for fakebridge
* New: add support for systemd logging (--systemd)
* New: Process hwaddress before processing ip addresses
* New: Set protodown off on bond slave before bond is deleted
* New: Make sure bond speed and slaves (swps) speed are matching
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
As of now, the distutils is deprecated with removal planned for
python 3.12.
The recommended way is to use setuptools which is an enhanced
alternative to distutils maintained by the python packaging authority.
This commit replace with setuptools the distutil import inserted in the
8126ef0c00eb8e2faae2cf1ca9fbaf25c10582cd commit.
This commit also update the debian control runtime dependency.
distutils: https://docs.python.org/3/library/distutils.html
setuptools: https://setuptools.pypa.io/en/latest/
gvgen module require the six module from python3-six package.
This new dependency is only necessary for python2/python3 cross
compatibility on dict.iteritems() (py2) vs dict.items() (py3).
ifupdown2 does not support python2 so we could replace every iteritems
occurrences to it's python3 format but this means the gvgen module will
diff from upstream.
The simplest way is to make ifupdown depends on python3-six.
In debian 10, ifupdown2 didn't ensure that it will start before network.target and network-online.target.
after local-fs.target because ifupdown2 need to read config file from local filesystem
Other network services will not start after networking.service and fail because no interface is up.
(e.g isc-dhcp-server, tftp-hpa)
original commit ported to the python3 branch:
commit bffa619b11ae7aa9e567c26c255c17ac6df2c495
Author: Maximilian Wilhelm <max@rfc2324.org>
Date: Sat Jan 14 19:08:01 2017 +0100
Add option 'veth-peer-name' to veth links and ensure proper configuration.
The option »veth-peer-name« forces an veth peer link to be created with
a specific interface name. As the interface name of the "local" part of
the veth link pair already is defined by the name of the interface stanza
this option is added to, now both sides are clearly named.
As there is a bidirectional dependency of both link pairs - both cannot
exist without the other - this presents a problem when setting up all
interfaces. Depending on which interface is set up first there might be
a problem when only on dependency is specified. Therefore adding the
»veth-peer-name« option to both interface of the veth link pair ensures
that regardless of which side is configured first the peer name will be
set correctly. This intentionally creates a circular dependency which is
handled accordingly.
Fixing the config check for veth link-type while at it :)
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Enabling this attribute on a bridge will
enslave a dummy interface to the bridge
example:
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-always-up yes
bridge-ports vni42
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
ifupdown2 now tries to monitor the dhclient call to see if an ip address was
successfully assigned on the requested device. The number of retry can be
customized using the "dhclient_retry_on_failure" policy variable (which defaults to 0)
This commit also add debugging capabilities by automatically enabling sysloging when
configuring dhcp at boot (with PERFMODE option).
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
ES bonds have the same "init state" requirements as CLAG bonds -
1. A bond needs to be designated as an "es-bond" for this purpose.
For clag-bonds we used "clag-id" attr (to designate a bond as a "clag-bond").
For ES bonds we will use "es-sys-mac" attr.
2. Slaves added to an "ES bond" must have protodown-on.
This is again similar to CLAG bonds
3. And vice-versa i.e. when a slave is removed from an "es-bond",
protodown-on must be cleared.
4. When es-sys-mac is first set on a bond, all the bond-slaves must be
placed in "protodown-on" state. This is needed whether FRR is running at that point or not.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
this feature doesn't seem to be working anyway. This can be revisited in the
future but this allows us to drop the python3-argcomplete dependency for now
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
* master:
addons: address: process MTU before addrgen and adddresses
ifupdownmain: support for marking interfaces as mgmt interfaces
addons: bridge: fix TypeError: sequence item 0: expected string, int found
addons: bridge: set bridge MTU after bridge creation addons: bridge: get bridge MTU from address policy not bridge
addons: mstpctl: check mstpctl-stp and bridge-stp and fix bridge cache update
lib: nlcache: fix dry_run exception
addons: address: add support for a separate default mtu policy for eth interfaces
debian: changelog: new 2.0.2-1 entry
addons: ethtool: add support for "ethtool_ignore_errors" policy
LinkUtils: mac_str_to_int: fix string to int conversion
addons: dhcp: if mgmt vrf context exec dhclient in default vrf
* master-next:
argv: move --nldebug option to common_argparse to avoid exception in ifreload
debian: changelog: new 2.0.1-1 entry
argv: add new command line argument --nldebug
This commit adds the feature to change offloads for nics. Currently GRO, LRO GSO, TSO, UFO, TX and RX Offload are supported.
python3 ipaddress behave differently from python2-ipaddr, this is
a serious problem for us since it breaks most of the ip addresses
code. The work around install the python3-ipaddr via pip3 (and
installs pip3 if necessary). The workaround will stay in the code
util the ipaddress issue is fixed.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
IPNetwork doesn't exists anymore and is replaced by ip_network. IPv?Network (4 and 6)
objects take an optional argument "strict" that defaults to True. If strict is set
and the ip address has the host bit set it will raise an exception. This is bad
for ifupdown2, so we need to replace all calls to IPNetwork and IPv?Network with
function who will set strict to False. That way we can limit the number of changes
for this patch.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
