Add interface configuration option »vxlan-physdev« to set »dev« attribute
of VXLAN interfaces and a check for the running configuration.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
The »vxlan-svcnodeip« corresponds with the multicast »group« parameter
of the VXLAN interface and should be checked against this value instead
of the »remote« parameter for unicast ptp tunnels.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
* Add addon module for B.A.T.M.A.N. advanced interface configuration.
This commit adds support for configuring B.A.T.M.A.N. advanced interfaces
with ifupdown2. B.A.T.M.A.N. advanced is a protocol to build Layer2 based
mesh networks with. It's supported in the Linux kernel and thus available
in many Linux environments.
A configuration could look like this
auto bat0
iface bat0
batman-ifaces eth1 eth2.23
batman-ifaces-ignore-regex .*_nodes
batman-hop-penalty 23
#
address 192.0.2.42/24
where »bat0« would be the local connection to the mesh network.
The interfaces »eth1« and »eth2.23« would be used by the B.A.T.M.A.N. adv.
protocol to communicate to other member of the mesh network.
Any interfaces matching the »ifaces-ignore-regex« will be gently ignored
by ifquery and ifreload as there might be some tunnels or interfaces
added to the mesh network by other means which should not be removed by
any subsequent ifreload run.
The »hop-penalty» parameter set the penalty of this node within the mesh
network.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
* addons: batman_adv: replacing rtnetlink by netlink api call and iproute2 instantiation fix
These changes are due to modifications we introduced in debian-prep2.
We no longer use the rtnetlink_api but a new one "netlink" build on top of python-nlmanager.
* Reflect upstream change where flags are stored.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Pass the same environment variables to addon scripts from /etc/network/
as are passed to user defined commands in interfaces stanzas. This is
needed for compatibility with ifupdown.
Fixes: #14
Checking operstate would require firmware to be loaded and link
negotiation to of taken place. Some firmwares take a few seconds to
upload and online the device, and some link negotiations take a second
or two.
Immediately checking operstate is not feasible here. Checking if the
link is present is a more suitable non-delaying approach.
Signed-off-by: Nigel Kukard <nkukard@lbsd.net>
Ticket:
Reviewed By: Roopa
Testing Done:
Debian Bug#855401, we didn't list pkg_resource as a dependency so the
installation is failing for upstream users.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-14683
Reviewed By: julien, mallik, anita, vivek, balki, wkok
Testing Done: tested with bridge-learning on off
- support for bridge-learning attribute on bridge ports.
(currently uses sysfs, must move to netlink soon)
- Additional feature for vxlan bridge ports: sync learning
flag to vxlan bridge ports. No ifquery check for this auto
sync feature.
example config for vxlan ports:
auto vxlan1000
iface vxlan1000
vxlan-id 1000
bridge-learning off
bridge-access 100
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8424
Reviewed By: Roopa, Julien
Testing Done: using the config mentioned in bug
updelay
Specifies the time, in milliseconds, to wait before enabling a
slave after a link recovery has been detected. This option is
only valid for the miimon link monitor.
downdelay
Specifies the time, in milliseconds, to wait before disabling
a slave after a link failure has been detected. This option
is only valid for the miimon link monitor.
Signed-off-by: Nikhil Gajendrakumar <nikhil@cumulusnetworks.com>
Conflicts:
ifupdownaddons/bondutil.py
This reverts commit 65beb82662.
it's causing testifupdown2.py:TestMakoJson to fail... Basically this commit
uncomment codes which parse mc value from brctl output. So `ifquery -r` output
is different (this new attribute show up under the bridge). TestMakoJson at
some point does:
$ ifquery -a -r -t json > running_json
Then later
$ ifup -i running_json...
This ifup fails on:
...
warning: br0: unsupported attribute 'bridge-mclmt'
...
Ticket: CM-14628
Reviewed By: julien, nikhil, vivek, mallik
Testing Done: Tested with vxlan config and remote ips added externally
Recent handling of vxlan-purge-routes as part of CM-13815 did not fix
handling of remote ips during ifquery --check and ifquery --running.
This patch fixes ifquery -c and ifquery running for external
vxlan controller cases.
Without this, ifquery --check always returns exit code of 1 for
external vxlan controller configs
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-13779
Reviewed By: roopa, satish, julien
Testing Done: testing the config given in the CM
mstpctl showportdetail <bridge> command won't output anything when
bridge-stp is off, therefore ignore mstpctl default attributes during
ifquery -c --with-defaults
This patch also consistently updates bridge and bridge port cache
at the same time.
Earlier bridge and bridge port cache were not consistent
because of the early return condition
attrs = MSTPAttrsCache.get(bridgename)
if attrs:
return attrs
If either of bridge port cache and bridge cache is updated, function used to
return inconsistent cache values
Signed-off-by: Nikhil Gajendrakumar <nikhil@cumulusnetworks.com>
Ticket: CM-14472
Reviewed By: Roopa, Julien
Testing Done: used the config mentioned in CM
Fix introduced by "addons: address: add both v4 and v6 gateways
instead of just one" changed the way gateway commands were configured.
ifupdown2 does not replay default gateway commands on ifreload
This patch ensures all the gateway commands at every ifreload are replayed
Signed-off-by: Nikhil Gajendrakumar <nikhil@cumulusnetworks.com>
Ticket: CM-8401
Reviewed By: Roopa, Julien
Testing Done: tested on all bridge mstpctl attributes.
This patch resets th following bridge attributes to defauls when
users remove settings from interface config file.
mstpctl-treeprio
mstpctl-ageing
mstpctl-fdelay
mstpctl-maxhops
mstpctl-maxage
mstpctl-txholdcount
mstpctl-forcevers
mstpctl-hello
Added an api in policy manager to get policy default value of any
module attribute.
Added a cache for bridge attributes to save some runtime
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-14386
Reviewed By: Roopa, Purna, NIkhil G
Testing Done:
We have incorrect Address Range and Default g/w configuration. Kernel will give
error in such condition and ignore the route. but ifupdown2 is masking this
error and making user in blind spot.
$ ifdown -a -X eth0
$ ifreload -a
error: h2t_c-1: cmd 'ip route add table DataVrf1080 default via 3.0.0.1 dev h2t_c-1' failed: returned 2 (RTNETLINK answers: Network is unreachable
)
$ echo $?
1
$ ifquery -a
auto h2t_c-1
iface h2t_c-1
address 6.0.0.1/26
address 2001:fee1::1/64
bond-slaves swp1 swp2
bond-mode 802.3ad
bond-miimon 100
bond-min-links 1
bond-xmit-hash-policy layer3+4
bond-lacp-rate 1
mtu 9152
alias Local Node/s hostd-1-1 and Ports swp1 swp2 <==> Remote Node/s torc-1-1 torc-1-2 and Ports swp7 swp7
gateway 3.0.0.1
gateway 2001:fee1::1
vrf DataVrf1080
auto DataVrf1080
iface DataVrf1080
vrf-table 1080
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-14209
Reviewed By: Julien
Testing Done:
vids was a list and pvid is not a list, hence the check was failing
$ cat /etc/network/interfaces
auto vxlan1000
iface vxlan1000
vxlan-id 1000
vxlan-local-tunnelip 172.16.20.103
vxlan-remoteip 172.16.20.106
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp1 vxlan1000
bridge-vids 100 200
$
$ ifdown -a -X eth0
$ ifreload -a -s
warning: vxlan1000: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
$ ifreload -a
warning: bridge: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
error: bridge: errors applying port settings
$ ifreload -a
error: vxlan1000: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
warning: bridge: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
error: bridge: errors applying port settings
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-14209
Reviewed By: Roopa
Testing Done:
$ cat /etc/network/interfaces
auto vxlan1000
iface vxlan1000
vxlan-id 1000
vxlan-local-tunnelip 172.16.20.103
vxlan-remoteip 172.16.20.106
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp1 vxlan1000
bridge-vids 100 200
$
$ ifdown -a -X eth0
$ ifreload -a -s
warning: vxlan1000: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
$ ifreload -a
warning: bridge: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
error: bridge: errors applying port settings
$ ifreload -a
error: vxlan1000: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
warning: bridge: `bridge-access` attribute is mandatory when vxlan device (vxlan1000) is part of vlan aware bridge (bridge)
error: bridge: errors applying port settings
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-13815
Reviewed By:
Testing Done: Tested remote purging
vxlan purging remotes is a feature where we clean up
existing fdb remote entries in favor of the ones specified in the
interfaces file. Obviously in precense of an external controller
like bgp or vxrd this is not a good thing because these remotes
maybe installed by these external controller daemons.
This patch makes the purgining behaviour explicit by a new attribute.
We will ship with a default policy file which sets vxlan-purge-remotes to no.
This also cleans up a bug introduced by fix to CM-13767 where we were
trying to delete default remote entry pointing to the local ip.
more details below.
problem:
for static configuration, ifupdown2 has some code to "purge" existing
default remote fdb entries and install
new ones corresponding to the ones specified in the interfaces file
(with vxlan-remoteip).
For non-static configuration (ie in presence of an external controller),
it skips this "purge"...because these entries
maybe added by an external controller. To detect that there is no
external controller running..., today it
checks if the vxrd process is running or not. We need to extend this
check to now include bgp (for evpn)...and it gets trickier with bgp
since just checking the quagga pid is not good.
Solution:
I would like to make this purging explicit with an attribute. This patch
adds a 'vxlan-purge-remotes yes|no' attribute. vxlan remote address purging
will take into affect when:
vxlan-remoteip attribute is present in the interfaces file
or
vxlan-purge-remotes is set to 'yes'
We will ship a ifupdown2 default policy file to disable purging by
default (vxlan-purge-remotes no).
For existing customer deployed static configs, since the interfaces file
will already have remote entries, this change
will behave as existing code (ie purge = yes).
For existing vxrd deployments, as long as already deployed interfaces
files have no vxlan-remoteip entries,
this patch does not change any behavior (can people confirm that
existing vxrd deployments have no vxlan-remoteip entries in their
interfaces ?)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Daniel: Having both bridge-vids and bridge-trunk at the
net add interface NAME <TAB>
level creates confusion… need to remove bridge-vids
This commit adds bridge-trunk as an alias for bridge-vids
Ticket: CM-14041
Reviewed By: Roopa, Nikhil G
Testing Done:
$ ifquery -a
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp1 swp9
bridge-trunk 2-100
bridge-pvid 101
bridge-stp on
$ ifrelaod -a
$ ifquery -a -c
auto bridge
iface bridge [pass]
bridge-vlan-aware yes [pass]
bridge-ports swp1 swp9 [pass]
bridge-stp yes [pass]
bridge-pvid 101
bridge-trunk 2-100 []
$ ifquery -a -r
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp9 swp1
bridge-stp yes
bridge-pvid 101
bridge-vids 2-101
$ net show bridge vlan
port vlan ids
swp1 2-100
101 PVID Egress Untagged
swp9 2-100
101 PVID Egress Untagged
bridge None
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This features will allow attributes to have aliases. Our use case today is
between bond-slaves and bridge-ports, which be a little confusing.
It follows the kernel api and existing linux tools. Bonding driver calls them
slaves and to the bridge driver they are ports.
With NCLU we we would like to be more consistent. We will now also support
"bond-ports"a
Ticket: CM-12763
Reviewed By: Roopa
Testing Done:
$ ifquery -a -c
auto bond0
iface bond0 [pass]
bond-slaves swp1 [pass]
auto bond1
iface bond1 [pass]
bond-ports swp2 [pass]
root@cel-redxp-06:~# ifquery -a -r
auto bond0
iface bond0
bond-lacp-bypass-allow 0
bond-slaves swp1
bond-mode 802.3ad
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-miimon 100
bond-xmit-hash-policy layer3+4
auto bond1
iface bond1
bond-lacp-bypass-allow 0
bond-slaves swp2
bond-mode 802.3ad
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-miimon 100
bond-xmit-hash-policy layer3+4
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-13434
Reviewed by: julien, nikhil, daniel
Testing Done: ifreload and multiple down [yes|no] sequences under
physical and logical interfaces (ifupdown2-tests test case is pending)
This also moves the fix done for CM-4125 (inet manual handling for
logical devices) into a single place under ifupdownmain.
attribute 'link-down [yes|no]' will not work in all cases when 'inet manual'
is used. This is only to preserve the semantics of 'inet manual'.
Best use of 'link-down [yes|no]' is to use it without 'inet manual'..
they are conflicting features anyways.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-13434
Reviewed by: julien, nikhil, daniel
Testing Done: ifreload and multiple down [yes|no] sequences under
physical and logical interfaces (ifupdown2-tests test case is
pending)
This also moves the fix done for CM-4125 (inet manual handling for
logical devices) into a single place under ifupdownmain.
attribute 'link-down [yes|no]' will not work in all cases when 'inet
manual' is used. This is only to preserve the semantics of 'inet manual'.
Best use of 'link-down [yes|no]' is to use it without 'inet manual'..
they are conflicting features anyways.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This reverts commit a21c63b65c.
Moving this to link-down in link.py addon module..due to conflict
with usercmds.py
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This reverts commit 02e00f54bb.
reverting this commit to move it to link.py addon module.
down conflicts with usercmds.py 'down'
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
