matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
1672ce81fc
sonic-buildimage/files/image_config/interfaces/interfaces.j2
Hua Liu b84e3f9e8a Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (#17281) 
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
2024-02-02 14:32:50 +08:00

123 lines
4.8 KiB
Django/Jinja
Raw Blame History

#
{% block banner %}
# =============== Managed by SONiC Config Engine DO NOT EDIT! ===============
# generated from /usr/share/sonic/templates/interfaces.j2 using sonic-cfggen
# file: /etc/network/interfaces
#
{% endblock banner %}
{% block mgmt_vrf %}
{% if (MGMT_VRF_CONFIG) and (MGMT_VRF_CONFIG['vrf_global']['mgmtVrfEnabled'] == "true") %}
auto mgmt
iface mgmt
vrf-table 5000
# The loopback network interface for mgmt VRF that is required for applications like NTP
up ip link add lo-m type dummy
up ip link set dev lo-m master mgmt
up ip addr add 127.0.0.1/16 dev lo-m
up ip link set lo-m up
down ip link delete dev lo-m
{% endif %}
{% endblock mgmt_vrf %}
{% block loopback %}
# The loopback network interface
auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.255.0.0
scope host
post-up ip addr del 127.0.0.1/8 dev lo
pre-down ip addr add 127.0.0.1/8 dev lo
{% endblock loopback %}
{% block mgmt_interface %}
# The management network interface
{% if (ZTP_DHCP_DISABLED is not defined) and (ZTP is defined) and (ZTP['mode'] is defined and ZTP['mode']['profile'] == 'active') %}
auto eth0
# ZTP out-of-band interface
allow-hotplug eth0
{% if ZTP['mode']['ipv4'] == 'true' %}
iface eth0 inet dhcp
{% endif %}
{% if ZTP['mode']['ipv6'] == 'true' %}
iface eth0 inet6 dhcp
up sysctl net.ipv6.conf.eth0.accept_ra=1
down sysctl net.ipv6.conf.eth0.accept_ra=0
{% endif %}
{% if ZTP['mode']['inband'] == 'true' %}
{% for port in PORT %}
# ZTP in-band interface {{ port }}
auto {{ port }}
allow-hotplug {{ port }}
{% if PORT_DATA['PORT_TABLE:'+port] is defined and PORT_DATA['PORT_TABLE:'+port]['value']['oper_status'] == 'up' %}
{% if ZTP['mode']['ipv4'] == 'true' %}
iface {{ port }} inet dhcp
{% endif %}
{% if ZTP['mode']['ipv6'] == 'true' %}
iface {{ port }} inet6 dhcp
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% else %}
{% if MGMT_INTERFACE %}
{% for (name, prefix) in MGMT_INTERFACE|pfx_filter|unique(attribute=0) %}
auto {{ name }}
{% endfor %}
{% for (name, prefix) in MGMT_INTERFACE|pfx_filter %}
iface {{ name }} {{ 'inet' if prefix | ipv4 else 'inet6' }} static
address {{ prefix | ip }}
netmask {{ prefix | netmask if prefix | ipv4 else prefix | prefixlen }}
network {{ prefix | network }}
broadcast {{ prefix | broadcast }}
{% set vrf_table = 'default' %}
{% if (MGMT_VRF_CONFIG) and (MGMT_VRF_CONFIG['vrf_global']['mgmtVrfEnabled'] == "true") %}
{% set vrf_table = '5000' %}
vrf mgmt
{% endif %}
{% set force_mgmt_route_priority = 32764 %}
########## management network policy routing rules
# management port up rules
up ip {{ '-4' if prefix | ipv4 else '-6' }} route add default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }} metric 201
up ip {{ '-4' if prefix | ipv4 else '-6' }} route add {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }}
up ip {{ '-4' if prefix | ipv4 else '-6' }} rule add pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
{% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %}
up ip rule add pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }}
{% endfor %}
{% if prefix | ipv6 and vrf_table == 'default'%}
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }}
{% endif %}
# management port down rules
pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }}
pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }}
pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} rule delete pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
{% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %}
pre-down ip rule delete pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }}
{% endfor %}
{% if prefix | ipv6 and vrf_table == 'default'%}
pre-down ip -6 rule delete pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }}
{% endif %}
{# TODO: COPP policy type rules #}
{% endfor %}
{% else %}
auto eth0
iface eth0 inet dhcp
metric 202
{% if (MGMT_VRF_CONFIG) and (MGMT_VRF_CONFIG['vrf_global']['mgmtVrfEnabled'] == "true") %}
vrf mgmt
{% endif %}
iface eth0 inet6 dhcp
up sysctl net.ipv6.conf.eth0.accept_ra=1
down sysctl net.ipv6.conf.eth0.accept_ra=0
{% endif %}
{% endif %}
#
source /etc/network/interfaces.d/*
#
{% endblock mgmt_interface %}
Reference in New Issue View Git Blame Copy Permalink