-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mvrf_ip_rule_priority_change_to_32765: made changes to interfaces.j2 … #4058
base: master
Are you sure you want to change the base?
mvrf_ip_rule_priority_change_to_32765: made changes to interfaces.j2 … #4058
Conversation
…to add eth0 ip rule with fixed low priority 32765
…sults based on changes in interfaces.j2
retest please |
@kannankvs: Can you update the PR to make it more easily understandable? |
Retest this please |
@jleveque : Sure Joe. I think it will be easier if the issue, analysis, root cause and the possible solutions are listed here as follows. ** Issue ** ** Analysis **
b. When any VRF (data VRF or management VRF) is created, a new rule is getting added automatically by kernel as follows.
c. Now, if any IP address is configured and if we try to ping it, it does not work. Configuring the IP address is adding an IP rule for eth0’s IP address, which creates this issue. This rule should not be having higher priority than the rule “1001:from all lookup local “. Self originated packets with source IP as eth0 IP will end up in looking up the “default” table (it should actually lookup “local” table first) which will result in wrong routing and hence ping will fail.
** Root Cause ** ** Possible Solutions: ** This PR is based on Option2 to retain the eth0 ip rule, but with priority 32765. If any other solution need to be chosen instead of Option2, let me know. Let me know if you have further comments. |
Retest this please |
** Analysis ** a. Acctually the rule pref 1001 is modified by vrfmgrd from original pref 0 for lower than l3mdev-table(1000). ** Root Cause ** So I agree with you. And there may be another issue when having mgmt-vrf, then ip rule will be: ** Possible Solutions: ** I prefer option 1 than 2. I think this rule is useless even harmful. Eventhough option 2 lower priority, it would not deal with the issue above very well. That causes mgmt-vrf affect global lookup. And option 3 cannot chose because it is a revert for earlier bug fix, higher priority is to avoid global lookup earlier than vrf. |
is this still needed? |
@kannankvs , could you please resolve the conflict for the change? |
When eth0 IP address is configured, an ip rule is getting added for eth0 IP address through the interfaces.j2 template. This code exists from the beginning; it is not clear on why this is required.
This eth0 ip rule creates an issue when VRF (data VRF or management VRF) is also created in the system.
When any VRF (data VRF or management VRF) is created, a new rule is getting added automatically by kernel as "1000: from all lookup [l3mdev-table]".
This l3mdev IP rule is never getting deleted even if VRF is deleted.
Once if this l3mdev IP rule is added, if user configures IP address for the eth0 interface, interfaces.j2 adds an eth0 IP rule as "1000:from 100.104.47.74 lookup default ". Priority 1000 is automatically chosen by kernel and hence this rule gets higher priority than the already existing rule "1001:from all lookup local ".
This results in an issue "ping from console to eth0 IP does not work once if VRF is created" as explained in Issue551.
More details and possible solutions are explained as comments in the Issue551.
This PR is to resolve the issue by always fixing the low priority 32765 for the IP rule that is created for the eth0 IP address.
Tested with various combinations of VRF creation, deletion and IP address configuration along with ping from console to eth0 IP address.