Re: Questions about VRF function in /etc/network/interfaces

2018-12-28 Thread Reco 
Hi.

On Sat, Dec 29, 2018 at 01:31:02PM +0800, Simon Jones wrote:
> Hi all,
> 
> This is my OS:
> 
> > # uname -a
> > Linux dut211 4.9.0-7-amd64 #1 SMP Debian 4.9.110-3+deb9u2 (2015-12-19)
> > x86_64 GNU/Linux

That's not a kernel 4.3, for starters. And it's outdated, consider
upgrading. Does not affect your problem though.


> Now I have to rewrite /etc/network/interfaces to implement this function,
> but I got errors, so I want to know if there is demo about how to define
> VRF interface and implement VRF function in /etc/network/interfaces.
> 
> As I follow your man file, I don't know how to do, and gots errors.

Usual debugging of interfaces(5) involves 'ifup -v' and 'ifdown -v'.


> This is my try on this feature, rewrite /etc/network/interfaces like this
> 
> iface eth0 inet static
> > address 172.18.8.211
> > netmask 255.255.255.0
> > ## management network policy routing rules
> > # management port up rules
> > up ip -4 link add mgmtvrf type vrf table 10
> > up ip -4 link set dev mgmtvrf up
> > up ip -4 link set dev eth0 master mgmtvrf
> > up ip -4 route add default via 172.18.8.1 dev eth0 table 10
> > up ip -4 route add 172.18.8.0/24 dev eth0 table 10
> > up ip -4 rule add from 172.18.8.211/32 table 10
> > post-up sysctl -w net.ipv4.tcp_l3mdev_accept=1
> > # management port down rules
> > down ip -4 route delete default via 172.18.8.1 dev eth0 table 10
> > down ip -4 route delete 172.18.8.0/24 dev eth0 table 10
> > down ip -4 rule delete from 172.18.8.211/32 table 10
> > down ip -4 link set dev eth0 nomaster

'-4' is redundant here (you either modify L2 entities or it can be
guessed from the context), you might remove it as well.

> This is errors I got
> 
> Dec 29 02:38:48 dut211 ifup[8690]: RTNETLINK answers: File exists

This. Everything else in your log is useless.
A simple test shows that:

$ ifup -v eth0

ifup: configuring interface eth0=eth0 (inet)
/bin/run-parts --exit-on-error --verbose /etc/network/if-pre-up.d
/bin/ip addr add 172.18.8.211/255.255.255.0 broadcast 172.18.8.255
dev eth0 label eth0
/bin/ip link set dev eth0   up

ip -4 link add mgmtvrf type vrf table 10
ip -4 link set dev mgmtvrf up
ip -4 link set dev eth0 master mgmtvrf
ip -4 route add default via 172.18.8.1 dev eth0 table 10
ip -4 route add 172.18.8.0/24 dev eth0 table 10
RTNETLINK answers: File exists
ifup: failed to bring up eth0

So, it's all good until you try to add an additional route to
172.18.8.0/24, because this route is there already:

$ ip ro l table 10
broadcast 172.18.8.0 dev eth0 proto kernel scope link src 172.18.8.211
172.18.8.0/24 dev eth0 proto kernel scope link src 172.18.8.211
local 172.18.8.211 dev eth0 proto kernel scope host src 172.18.8.211
broadcast 172.18.8.255 dev eth0 proto kernel scope link src 172.18.8.211

And you've got your 'down' rules wrong, you should delete your custom
'mgmtvrf' interface:

# ifdown eth0
# ip a l dev mgmtvrf
5: mgmtvrf:  mtu 65536 qdisc noqueue state UP
group default qlen 1000
link/ether 4a:dc:f1:71:c7:00 brd ff:ff:ff:ff:ff:ff

And, of course, there's a leftover kernel knob:

# /sbin/sysctl net.ipv4.tcp_l3mdev_accept
net.ipv4.tcp_l3mdev_accept = 1

Summing all this up:

iface eth0 inet static
 address 172.18.8.211
 netmask 255.255.255.0
 ## management network policy routing rules
 # management port up rules
 up ip link add mgmtvrf type vrf table 10
 up ip link set dev mgmtvrf up
 up ip link set dev eth0 master mgmtvrf
 up ip route add default via 172.18.8.1 dev eth0 table 10
 up ip rule add from 172.18.8.211/32 table 10
 post-up sysctl -qw net.ipv4.tcp_l3mdev_accept=1
 # management port down rules
 down ip -4 route delete default via 172.18.8.1 dev eth0 table 10
 down ip -4 route delete 172.18.8.0/24 dev eth0 table 10
 down ip -4 rule delete from 172.18.8.211/32 table 10
 down ip -4 link set dev eth0 nomaster
 down ip -4 link del mgmtvrf
 post-down sysctl -qw net.ipv4.tcp_l3mdev_accept=0

Reco

Questions about VRF function in /etc/network/interfaces

2018-12-28 Thread Simon Jones 
Hi all,

I'm working on SONiC project management vrf function under debian with
kernel 4.3.

This is my OS:

> # uname -a
> Linux dut211 4.9.0-7-amd64 #1 SMP Debian 4.9.110-3+deb9u2 (2015-12-19)
> x86_64 GNU/Linux


This is SONiC project management vrf function:

> https://www.youtube.com/watch?v=uAHmZKEdqDE&feature=youtu.be


Now I have to rewrite /etc/network/interfaces to implement this function,
but I got errors, so I want to know if there is demo about how to define
VRF interface and implement VRF function in /etc/network/interfaces.

As I follow your man file, I don't know how to do, and gots errors.

This is my try on this feature, rewrite /etc/network/interfaces like this

iface eth0 inet static
> address 172.18.8.211
> netmask 255.255.255.0
> ## management network policy routing rules
> # management port up rules
> up ip -4 link add mgmtvrf type vrf table 10
> up ip -4 link set dev mgmtvrf up
> up ip -4 link set dev eth0 master mgmtvrf
> up ip -4 route add default via 172.18.8.1 dev eth0 table 10
> up ip -4 route add 172.18.8.0/24 dev eth0 table 10
> up ip -4 rule add from 172.18.8.211/32 table 10
> post-up sysctl -w net.ipv4.tcp_l3mdev_accept=1
> # management port down rules
> down ip -4 route delete default via 172.18.8.1 dev eth0 table 10
> down ip -4 route delete 172.18.8.0/24 dev eth0 table 10
> down ip -4 rule delete from 172.18.8.211/32 table 10
> down ip -4 link set dev eth0 nomaster


This is errors I got

Dec 29 02:38:48 dut211 ifup[8690]: RTNETLINK answers: File exists
> Dec 29 02:38:48 dut211 ifup[8690]: ifup: failed to bring up eth0
> Dec 29 02:38:48 dut211 systemd[1]: networking.service: Main process
> exited, code=exited, status=1/FAILURE
> Dec 29 02:38:48 dut211 systemd[1]: Failed to start Raise network
> interfaces.
> -- Subject: Unit networking.service has failed
> -- Defined-By: systemd
> -- Support: https://www.debian.org/support
> --
> -- Unit networking.service has failed.
> --
> -- The result is failed.
> Dec 29 02:38:48 dut211 systemd[1]: networking.service: Unit entered failed
> state.
> Dec 29 02:38:48 dut211 systemd[1]: networking.service: Failed with result
> 'exit-code’.


Thank you.


Simon Jones