Currently, the only way to enable arp-accept is to enable
a policy with l3_intf_arp_accept.
But this enable arp-accept for all bridges.
This option allow to define it for specific bridge.
This is needed with bgp-evpn and vm migration
https://github.com/FRRouting/frr/issues/4904
As shown in the following example, ifupdown1 sets the default route with the
onlink attribute. This patch will add this capability to ifupdown2 controlled
by a policy variable in the address module: "l3_intf_default_gateway_set_onlink"
default to on
[19:16:07] root:~ # cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto enp0s3
iface enp0s3 inet static
address 78.46.193.234/32
gateway 172.31.1.1
[19:16:19] root:~ # ifup -a -v
ifup: configuring interface enp0s3=enp0s3 (inet)
...
/bin/ip addr add 78.46.193.234/255.255.255.255 broadcast 78.46.193.234 dev enp0s3 label enp0s3
/bin/ip link set dev enp0s3 up
/bin/ip route add default via 172.31.1.1 dev enp0s3 onlink
...
[19:16:21] root:~ # ip route show
default via 172.31.1.1 dev enp0s3 onlink
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
169.254.0.0/16 dev enp0s3 scope link metric 1000
[19:16:21] root:~ #
$ cat /etc/network/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"l3_intf_default_gateway_set_onlink": "yes"
}
}
}
$ ifquery swp1
auto swp1
iface swp1 inet static
address 78.46.193.234/32
gateway 172.31.1.1
$ ifreload -av |& grep "route add default"
info: executing /bin/ip route add default via 172.31.1.1 proto kernel dev swp1 onlink
$
$
$ emacs -nw /etc/network/ifupdown2/policy.d/address.json
$ cat /etc/network/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"l3_intf_default_gateway_set_onlink": "no"
}
}
}
$ ifdown -a -X eth0
$ ifreload -av |& grep "route add default"
info: executing /bin/ip route add default via 172.31.1.1 proto kernel dev swp1
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
[13:09:20] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-raw-device bridge
ipv6-addrgen no
address-virtual-ipv6-addrgen no
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
auto bridge
iface bridge
bridge-ports swp1
[13:09:25] root:~ # ifup -a -v
info: loading builtin modules from ['/usr/share/ifupdown2/addons']
info: executing /var/lib/ifupdown2/hooks/get_reserved_vlan_range.sh
info: executing /sbin/sysctl net.bridge.bridge-allow-multiple-vlans
info: executing /bin/pidof mstpd
info: executing /bin/ip rule show
info: executing /bin/ip -6 rule show
info: address: using default mtu 1500
info: 'link_master_slave' is set. slave admin state changes will be delayed till the masters admin state change.
info: processing interfaces file /etc/network/interfaces
info: lo: running ops ...
info: netlink: ip link show
info: netlink: ip addr show
info: executing /bin/ip addr help
info: address metric support: KO
info: lo: netlink: ip link set dev lo up
info: reading '/proc/sys/net/mpls/conf/lo/input'
info: reading '/proc/sys/net/ipv4/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv6/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv4/conf/lo/accept_local'
info: executing /bin/systemctl is-enabled vxrd.service
info: eth0: running ops ...
info: executing /sbin/ethtool eth0
info: reading '/sys/class/net/eth0/speed'
info: reading '/sys/class/net/eth0/duplex'
info: eth0: netlink: ip link set dev eth0 up
info: dhclient4 already running on eth0. Not restarting.
info: reading '/proc/sys/net/mpls/conf/eth0/input'
info: reading '/proc/sys/net/ipv4/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv6/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv4/conf/eth0/accept_local'
info: swp1: running ops ...
info: executing /sbin/ethtool swp1
info: reading '/sys/class/net/swp1/speed'
info: reading '/sys/class/net/swp1/duplex'
info: executing /sbin/ethtool -s swp1 speed 1000 duplex full
info: reading '/proc/sys/net/mpls/conf/swp1/input'
info: reading '/proc/sys/net/ipv4/conf/swp1/accept_local'
info: bridge: running ops ...
info: bridge: netlink: ip link add bridge type bridge
info: bridge: apply bridge settings
info: bridge: set bridge-ageing 1800
info: bridge: set bridge-hashel 4096
info: bridge: set bridge-hashmax 4096
info: bridge: set bridge-mcstats on
info: reading '/sys/class/net/bridge/bridge/stp_state'
info: bridge: stp state reset, reapplying port settings
info: bridge: netlink: ip link set bridge type bridge with attributes
info: writing '1' to file /proc/sys/net/ipv6/conf/swp1/disable_ipv6
info: executing /bin/ip -force -batch - [link set dev swp1 master bridge
addr flush dev swp1
]
info: bridge: applying bridge port configuration: ['swp1']
info: bridge: swp1: set bridge-portprios 8
info: swp1: netlink: ip link set dev swp1: bridge slave attributes
info: executing /sbin/brctl showmcqv4src bridge
info: bridge: applying bridge configuration specific to ports
info: bridge: processing bridge config for port swp1
info: swp1: netlink: ip link set dev swp1 up
info: bridge: setting bridge mac to port swp1 mac
info: executing /bin/ip link set dev bridge address 90:e2:ba:2c:b1:96
info: executing /sbin/mstpctl showportdetail bridge json
info: executing /sbin/mstpctl showbridge json bridge
info: bridge: applying mstp configuration specific to ports
info: bridge: processing mstp config for port swp1
info: bridge: netlink: ip link set dev bridge up
info: reading '/proc/sys/net/mpls/conf/bridge/input'
info: executing /sbin/sysctl net.ipv4.conf.bridge.forwarding
info: executing /sbin/sysctl net.ipv6.conf.bridge.forwarding
info: executing /bin/ip -force -batch - [link set dev bridge down
link set dev bridge addrgenmode eui64
link set dev bridge up
]
info: reading '/proc/sys/net/ipv4/conf/bridge/accept_local'
info: vlan1903: running ops ...
info: vlan1903: netlink: ip link add link bridge name vlan1903 type vlan id 1903 protocol 802.1q
info: vlan1903: netlink: ip link set dev vlan1903 up
info: reading '/proc/sys/net/mpls/conf/vlan1903/input'
info: reading '/proc/sys/net/ipv4/conf/vlan1903/forwarding'
info: reading '/proc/sys/net/ipv6/conf/vlan1903/forwarding'
info: executing /bin/ip -force -batch - [link set dev vlan1903 down
link set dev vlan1903 addrgenmode none
link set dev vlan1903 up
]
info: vlan1903: netlink: ip link add link vlan1903 name vlan1903-v0 type macvlan mode private
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad=0
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits=0
info: executing /bin/ip -force -batch - [link set dev vlan1903-v0 addrgenmode none
link set dev vlan1903-v0 down
link set dev vlan1903-v0 address 00:00:5e:00:01:a3
link set dev vlan1903-v0 up
addr add 2a06:c01:1:1903::1/64 dev vlan1903-v0
addr add fe80::1/64 dev vlan1903-v0
addr add 185.98.123.1/24 dev vlan1903-v0
route del 2a06:c01:1:1903::/64 dev vlan1903-v0
route del fe80::/64 dev vlan1903-v0
route add 2a06:c01:1:1903::/64 dev vlan1903-v0 proto kernel metric 9999
route add fe80::/64 dev vlan1903-v0 proto kernel metric 9999
]
info: reading '/proc/sys/net/ipv4/conf/vlan1903/accept_local'
[13:09:29] root:~ #
[13:09:30] root:~ #
[13:09:30] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [pass]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [pass]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:09:33] root:~ #
[13:09:35] root:~ #
[13:09:35] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
ipv6-addrgen off
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen off
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
auto swp1
iface swp1
auto eth0
iface eth0 inet dhcp
auto lo
iface lo inet loopback
mtu 65536
[13:09:38] root:~ # ip -d link show vlan1903
20: vlan1903@bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 90:e2:ba:2c:b1:96 brd ff:ff:ff:ff:ff:ff promiscuity 1
vlan protocol 802.1Q id 1903 <REORDER_HDR> addrgenmode none
[13:09:50] root:~ # ip -d link show vlan1903-v0
21: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff promiscuity 0
macvlan mode private addrgenmode none
[13:09:53] root:~ #
[13:09:56] root:~ # ip link set dev vlan1903-v0 addrgenmode eui64
[13:10:23] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [fail]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [fail]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:10:29] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen on
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
auto swp1
iface swp1
auto eth0
iface eth0 inet dhcp
auto lo
iface lo inet loopback
mtu 65536
[13:10:33] root:~ #
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This is a major update coming all at once from master-next branch
master-next branch was started with --orphan option which is basically a new
branch without history.
The major changes are:
- repackaging
- cleanup the directory tree
- rewritte setup.py to allow install from deb file or pypi (pip install)
- add a Makefile to make things (like building a deb) easier
- review all debian files
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
ifupdown2 code was one level deeper because ifupdown2 initially
had ifupdown2 and ifupdown2-addons as two separate packages.
Since they were combined into one package, it makes sense to
move all combined code under the top level directory
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Testing Done: built new ifupdown package and ran testifupdown2 suite of tests
This patch prevents enslaved interfaces from having IP addresses.
(cherry picked from commit 0c00606fbc76db11557a8e946310e93a2b376aa7)
MTU settings are defaulted 1500 when interface is ifdowned.
This has the effect of changing the MTU on the interface and any subinterfaces to
1500. And if these subinterfaces are in a bridge, the bridge will pick the MIN MTU
so the bridge keeps this MTU even after the interface is brought back up. The sub
interface does not change to a higher value then 1500 (kernel VLAN driver only
moves the MTU is the decreasing direction.
(cherry picked from commit 70e67ab15efb13e1499288152d801b39f28a190b)
(cherry picked from commit 56238543a980e983957a180c583b9412c3ab48ab)
