matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (#17281)

Browse Source 
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
This commit is contained in:
Hua Liu 2023-12-06 03:51:56 +08:00 committed by GitHub
parent 26bf38b610
commit 164916681a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
files/image_config/interfaces/interfaces.j2
View File

@ -79,21 +79,29 @@ iface {{ name }} {{ 'inet' if prefix | ipv4 else 'inet6' }} static
{% set vrf_table = '5000' %}
vrf mgmt
{% endif %}
{% set force_mgmt_route_priority = 32764 %}
########## management network policy routing rules
# management port up rules
up ip {{ '-4' if prefix | ipv4 else '-6' }} route add default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }} metric 201
up ip {{ '-4' if prefix | ipv4 else '-6' }} route add {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }}
up ip {{ '-4' if prefix | ipv4 else '-6' }} rule add pref 32765 from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
up ip {{ '-4' if prefix | ipv4 else '-6' }} rule add pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
{% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %}
up ip rule add pref 32764 to {{ route }} table {{ vrf_table }}
up ip rule add pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }}
{% endfor %}
{% if prefix | ipv6 and vrf_table == 'default'%}
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }}
{% endif %}
# management port down rules
pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }}
pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }}
pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} rule delete pref 32765 from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} rule delete pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
{% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %}
pre-down ip rule delete pref 32764 to {{ route }} table {{ vrf_table }}
pre-down ip rule delete pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }}
{% endfor %}
{% if prefix | ipv6 and vrf_table == 'default'%}
pre-down ip -6 rule delete pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }}
{% endif %}
{# TODO: COPP policy type rules #}
{% endfor %}
{% else %}

3
src/sonic-config-engine/tests/sample_output/py2/interfaces
View File

@ -38,10 +38,13 @@ iface eth0 inet6 static
up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
# management port down rules
pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
pre-down ip -6 rule delete pref 32767 lookup default
#
source /etc/network/interfaces.d/*
#

6
src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces
View File

@ -53,10 +53,13 @@ iface eth1 inet6 static
up ip -6 route add default via 2603:10e2:0:abcd::1 dev eth1 table default metric 201
up ip -6 route add 2603:10e2:0:abcd::/64 dev eth1 table default
up ip -6 rule add pref 32765 from 2603:10e2:0:abcd::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
# management port down rules
pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default
pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default
pre-down ip -6 rule delete pref 32767 lookup default
iface eth0 inet6 static
address 2603:10e2:0:2902::8
netmask 64
@ -67,10 +70,13 @@ iface eth0 inet6 static
up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
# management port down rules
pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
pre-down ip -6 rule delete pref 32767 lookup default
#
source /etc/network/interfaces.d/*
#

3
src/sonic-config-engine/tests/sample_output/py3/interfaces
View File

@ -38,10 +38,13 @@ iface eth0 inet6 static
up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
# management port down rules
pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
pre-down ip -6 rule delete pref 32767 lookup default
#
source /etc/network/interfaces.d/*
#

6
src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces
View File

@ -39,10 +39,13 @@ iface eth0 inet6 static
up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
# management port down rules
pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
pre-down ip -6 rule delete pref 32767 lookup default
iface eth1 inet static
address 10.0.10.100
netmask 255.255.255.0
@ -67,10 +70,13 @@ iface eth1 inet6 static
up ip -6 route add default via 2603:10e2:0:abcd::1 dev eth1 table default metric 201
up ip -6 route add 2603:10e2:0:abcd::/64 dev eth1 table default
up ip -6 rule add pref 32765 from 2603:10e2:0:abcd::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
# management port down rules
pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default
pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default
pre-down ip -6 rule delete pref 32767 lookup default
#
source /etc/network/interfaces.d/*
#