The bridge-ports-condone-regex option can be used to tell ifupdown2 to let
some bridge member ports alone and do not remove them on ifreload runs.
This might come in handy when running a KVM (or any other virtualization
system) host with a bridged network setup.
Before this option, ifupdown2 would either complain about not existing
member ports when setting up the bridge (if all VM interfaces were to
be specified in /etc/network/interfaces) or remove any VM interface
from a bridge if it was not specified in /e/n/i.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Co-authored-by: Julien Fortin <julien@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Add a ifupdown2 policy attribute dhcp6-duid to allow user to specify the DUID type
to be used on an IPv6 enabled interface.
Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
When module policies are split up in seperate files ifupdown2 doesn't merge
them together but simply overrides duplicates. This pathc fixes the issue
and merge the related policies together.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Not when we are reloading and applying config ot existing macvlans -
somebody may be using them, we don't want to protodown them in that
case.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
It is available since Kernel 4.19 and has two parmeters:
1. XFRM ID to map to an SA/SAs
2. Underlying Interface if you want to take advantage of IPSec Hardware Offload
Otherwise it is treated as a normal interface and not like a tunnel (VTI).
I added two attributes to the interface to configure it and otherwise use it as a normal interface.
One example is:
auto ipsec1
iface ipsec1 inet
xfrm-physdev lo
xfrmid 1
This fix this kind of error:
error: bond0: cmd '/sbin/sysctl net.bridge.bridge-stp-user-space' failed: returned 255 (sysctl: cannot stat /proc/sys/net/bridge/bridge-stp-user-space: No such file or directory
)
error: fwpr103p0: cmd '/sbin/sysctl net.bridge.bridge-stp-user-space' failed: returned 255 (sysctl: cannot stat /proc/sys/net/bridge/bridge-stp-user-space: No such file or directory
)
Add a new attribute for B.A.T.M.A.N. advanced interfaces to control the
B.A.T.M.A.N. advanced routing algorithm to be used when setting up new
interfaces. As the routing algorithm must be set before an interface is
created, it needs special handling and can't be implemented as a common
attribute. D'oh.
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Tested-by: Annika Wickert <aw@awlnx.space>
On ifreload (down ops) we need to purge the cache entry of the bridge and its upper devices
to avoid stale values in our cache.
ifup this config, then remove bridge-vids 20, ifreload: since the bridge is removed because
of ifreload_down_changed=1, we need torecreate the vlan bridge.10 and it's configuration, the
cache is stale. We need to clear it to remove the ip 10.10.10.10/32.
auto bridge
iface bridge
bridge-ports swp1 swp2
bridge-vids 10 20
bridge-vlan-aware yes
auto swp1
iface swp1
link-speed 10000
auto swp2
iface swp2
auto bridge.10
iface bridge.10
address 10.10.10.10/32
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
New VRRP macvlan devices should be set into protodown when first
created, to prevent ND traffic and other automatically generated kernel
traffic from being transmitted on the interface and causing downstream
MAC moves.
Reviewed-by: Julien Fortin <julien@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Now we support the following config:
auto swp1
iface swp1
vrrp 3 50.0.1.1/24
vrrp 3 2001:50:0:1::1/64
vrrp 3 2001:50:0:42::1/64
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
For each VRRP configuration we create 2 macvlans (ip4 and ip6), if the ip4
is removed from the config we need to remove the associated macvlan (same
for ip6).
Testing Done: remove all ip4 (or ip6) from vrr attribute line
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
if igmp snooping is enabled on a vxlan bridge and if the
vxlan_bridge_igmp_snooping_enable_port_mcrouter is turned on, ifupdown2
will automatically enable multicast router on the vxlan brport unless
this attribute was provided by the user. The policy is enabled by default.
The policy can be disabled as follow:
{
"bridge": {
"module_globals": {
"vxlan_bridge_igmp_snooping_enable_port_mcrouter": "no"
}
}
}
auto br0
iface br0
bridge-ports vx42
bridge-mcsnoop yes
auto vx42
iface vx42
vxlan-id 42
$ ifreload -ad
will show that the config is applied
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Add a vrrp config under swp intf - ifup, then remove the vrrp config - ifreload
the macvlans are not removed without this patch
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
New vxlan-ttl attribute: specifies the TTL value to use in outgoing
packets. Valid values: range 1..255 or auto (0)
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
ifupdown2 behaviour significantly diverges from ifupdown on debian stretch.
Original ifupdown uses run-parts which supposedly doesn't run non-executable
files in the directory. However, ifupdown2 doesn't seem to make this
distinction.
This patch will log warning EACCES exceptions (instead of log error) and exit 0
Reported-by: George Diamantopoulos <gedia>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
