Page MenuHomeVyOS Platform
Create Task
Maniphest T4151

IPV6 local PBR Support
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Similar to https://phabricator.vyos.net/T439, I'd like to have local PBR support for IPv6 as well.

I'm currently looking into it and might be able to create a PR soon.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

Mentioned In
1.3.4
rVYOSONEX9fc6dba84177: policy: T4151: remove left over fwmk check
rVYOSONEXcb580de792ca: backport: policy: T4151: Add policy ipv6-local-route
rVYOSONEX00b680a4ac97: backport: policy: T4151: Bugfix policy ipv6-local-route
rVYOSONEX5601e50d3866: backport: policy: T4151: remove all previous rules on edit
rVYOSONEX69ccb1899a47: backport: policy: T4151: bugfix smoketest
rVYOSONEXc3470d902d00: Revert "backport: policy: T4151: Add policy ipv6-local-route"
rVYOSONEXff70406e3ba8: Revert "backport: policy: T4151: Bugfix policy ipv6-local-route"
rVYOSONEXf73362462ea0: Revert "backport: policy: T4151: remove all previous rules on edit"
rVYOSONEX055841e88ea4: Revert "backport: policy: T4151: bugfix smoketest"
rVYOSONEXed7c674da175: backport: policy: T4151: Bugfix policy ipv6-local-route
rVYOSONEXe11a7ff1b281: backport: policy: T4151: Add policy ipv6-local-route
rVYOSONEXb71a04811bd6: backport: policy: T4151: remove all previous rules on edit
rVYOSONEXad26e92a5dcc: backport: policy: T4151: bugfix smoketest
rVYOSONEX5444eeda0fab: policy: T4151: Delete unexpected print added in commit c501ae0f
rVYOSONEX568c33e3773c: Merge pull request #1207 from sever-sever/T4151
rVYOSONEXc501ae0fdc5d: policy: T4151: remove all previous rules on edit
rVYOSONEX87d93efc27d8: policy: T4151: bugfix smoketest
rVYOSONEX0a0d4abc02da: Merge pull request #1195 from hensur/current-ipv6-local-route
rVYOSONEX2e4bceee568d: policy: T4151: Bugfix policy ipv6-local-route
rVYOSONEXf791d3ef4c33: Merge pull request #1183 from hensur/current-ipv6-local-route
rVYOSONEX0d4079ca3a3d: policy: T4151: Add policy ipv6-local-route
rVYOSONEX876d108c5dba: Merge pull request #1144 from hensur/current-ipv6-local-route
Mentioned Here
T439: local PBR support

Event Timeline

hensur created this task.Jan 7 2022, 11:48 PM
hensur claimed this task.
hensur created this object in space S1 VyOS Public.
hensur added a project: VyOS 1.1.x.
hensur changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
hensur changed Issue type from Unspecified (please specify) to Feature (new functionality).
Viacheslav edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.1.x.Jan 8 2022, 10:25 AM
Viacheslav changed the subtype of this task from "Task" to "Feature Request".
Viacheslav subscribed.

It requires option -6
For example:

sudo ip -6 rule add prio 10 from de:de::1 lookup 5

Show v6 rules:

vyos@r11-roll# sudo ip -6 rule show
0:	from all lookup local
10:	from de:de::1 lookup 5
32766:	from all lookup main
[edit]
vyos@r11-roll#
pasik subscribed.Jan 8 2022, 11:36 AM
hensur added a comment.Jan 8 2022, 9:51 PM

PR: https://github.com/vyos/vyos-1x/pull/1144

Viacheslav added a project: VyOS 1.3 Equuleus ( 1.3.1).Jan 11 2022, 11:48 AM
Restricted Repository Identity mentioned this in rVYOSONEX876d108c5dba: Merge pull request #1144 from hensur/current-ipv6-local-route.Jan 20 2022, 2:16 PM
hensur mentioned this in rVYOSONEX0d4079ca3a3d: policy: T4151: Add policy ipv6-local-route.Jan 20 2022, 2:16 PM
Viacheslav changed the task status from Open to Needs testing.Jan 20 2022, 2:24 PM
Viacheslav added a comment.Jan 21 2022, 7:12 AM

@hensur Smoketest failed.

hensur added a comment.Jan 21 2022, 9:44 AM

I'm looking into it. From the logs it seems like for src in (pbr[rule_rm][rule]['source'] or ['']) doesn't work if 'source' doesn't exist.

I didn't test the new adjustments locally again... I probably should have done that.

hensur added a comment.Jan 21 2022, 12:29 PM

Should be fixed with https://github.com/vyos/vyos-1x/pull/1183

Restricted Repository Identity mentioned this in rVYOSONEXf791d3ef4c33: Merge pull request #1183 from hensur/current-ipv6-local-route.Jan 21 2022, 1:51 PM
hensur mentioned this in rVYOSONEX2e4bceee568d: policy: T4151: Bugfix policy ipv6-local-route.Jan 21 2022, 1:51 PM
Viacheslav added a comment.Jan 26 2022, 5:41 PM

Incorrect behavior with multiple commits
Configuration:

set policy local-route rule 10 set table '101'
set policy local-route rule 10 source '192.0.2.1'
set policy local-route rule 10 source '192.0.2.2'
commit
set policy local-route rule 10 destination '203.0.113.25'
commit

Expected rules:

10:	from 192.0.2.1 to 203.0.113.25 lookup 101
10:	from 192.0.2.2 to 203.0.113.25 lookup 101

Getting rules:

10:	from 192.0.2.2 lookup 101
10:	from 192.0.2.1 to 203.0.113.25 lookup 101
10:	from 192.0.2.2 to 203.0.113.25 lookup 101
hensur added a comment.Jan 27 2022, 4:13 PM

I'm looking into it. I'm going to add a test with multiple commits. Good catch, I didn't test this. :)

hensur added a comment.Jan 29 2022, 12:33 PM

PR: https://github.com/vyos/vyos-1x/pull/1195

Restricted Repository Identity mentioned this in rVYOSONEX0a0d4abc02da: Merge pull request #1195 from hensur/current-ipv6-local-route.Jan 29 2022, 6:41 PM
hensur mentioned this in rVYOSONEX87d93efc27d8: policy: T4151: bugfix smoketest.Jan 29 2022, 6:41 PM
hensur mentioned this in rVYOSONEXc501ae0fdc5d: policy: T4151: remove all previous rules on edit.
hensur added a comment.Feb 1 2022, 12:45 PM

docs: https://github.com/vyos/vyos-documentation/pull/707

Viacheslav added a comment.Feb 4 2022, 8:50 AM

PR https://github.com/vyos/vyos-1x/pull/1207

Restricted Repository Identity mentioned this in rVYOSONEX568c33e3773c: Merge pull request #1207 from sever-sever/T4151.Feb 5 2022, 6:58 PM
Viacheslav mentioned this in rVYOSONEX5444eeda0fab: policy: T4151: Delete unexpected print added in commit c501ae0f.Feb 5 2022, 6:58 PM
Viacheslav added a comment.Feb 11 2022, 1:34 PM

@hensur Could you create a PR for 1.3?

hensur added a comment.Feb 14 2022, 6:57 PM

@Viacheslav Working on it, should be ready soon.

hensur added a comment.Feb 14 2022, 9:17 PM

PR: https://github.com/vyos/vyos-1x/pull/1219

hensur mentioned this in rVYOSONEXad26e92a5dcc: backport: policy: T4151: bugfix smoketest.Feb 19 2022, 5:07 PM
hensur mentioned this in rVYOSONEXb71a04811bd6: backport: policy: T4151: remove all previous rules on edit.
hensur mentioned this in rVYOSONEXed7c674da175: backport: policy: T4151: Bugfix policy ipv6-local-route.
hensur mentioned this in rVYOSONEXe11a7ff1b281: backport: policy: T4151: Add policy ipv6-local-route.
Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.Feb 20 2022, 4:56 PM
c-po mentioned this in rVYOSONEX055841e88ea4: Revert "backport: policy: T4151: bugfix smoketest".Feb 22 2022, 6:54 AM
c-po mentioned this in rVYOSONEXf73362462ea0: Revert "backport: policy: T4151: remove all previous rules on edit".
c-po mentioned this in rVYOSONEXff70406e3ba8: Revert "backport: policy: T4151: Bugfix policy ipv6-local-route".
c-po mentioned this in rVYOSONEXc3470d902d00: Revert "backport: policy: T4151: Add policy ipv6-local-route".
c-po subscribed.Feb 22 2022, 6:55 AM

1.3 / equuleus backport reverted.

Smoketests failed big time as non existing CLI options got referenced.

06:37:05  DEBUG - Running Testcase: /usr/libexec/vyos/tests/smoke/cli/test_policy.py
06:37:17  DEBUG - test_access_list (__main__.TestPolicy) ... ok
06:37:24  DEBUG - test_access_list6 (__main__.TestPolicy) ... ok
06:37:32  DEBUG - test_as_path_list (__main__.TestPolicy) ... ok
06:37:37  DEBUG - test_community_list (__main__.TestPolicy) ... ok
06:37:38  DEBUG - test_delete_ipv4_ipv6_table_id (__main__.TestPolicy) ... ERROR
06:37:42  DEBUG - test_destination_ipv6_table_id (__main__.TestPolicy) ... ok
06:37:46  DEBUG - test_destination_table_id (__main__.TestPolicy) ... ok
06:37:54  DEBUG - test_extended_community_list (__main__.TestPolicy) ... ok
06:37:56  DEBUG - test_fwmark_ipv6_table_id (__main__.TestPolicy) ... ok
06:38:00  DEBUG - test_fwmark_sources_destination_ipv6_table_id (__main__.TestPolicy) ... ok
06:38:01  DEBUG - test_fwmark_sources_destination_table_id (__main__.TestPolicy) ... ERROR
06:38:05  DEBUG - test_fwmark_sources_ipv6_table_id (__main__.TestPolicy) ... ok
06:38:05  DEBUG - test_fwmark_sources_table_id (__main__.TestPolicy) ... ERROR
06:38:05  DEBUG - test_fwmark_table_id (__main__.TestPolicy) ... ERROR
06:38:10  DEBUG - test_iif_sources_ipv6_table_id (__main__.TestPolicy) ... ok
06:38:13  DEBUG - test_iif_sources_table_id (__main__.TestPolicy) ... ok
06:38:16  DEBUG - test_ipv6_table_id (__main__.TestPolicy) ... ok
06:38:23  DEBUG - test_large_community_list (__main__.TestPolicy) ... ok
06:38:28  DEBUG - test_multiple_commit_ipv4_table_id (__main__.TestPolicy) ... ok
06:38:35  DEBUG - test_prefix_list (__main__.TestPolicy) ... ok
06:38:41  DEBUG - test_prefix_list6 (__main__.TestPolicy) ... ok
06:38:46  DEBUG - test_table_id (__main__.TestPolicy) ... ok
06:38:46  DEBUG - 
06:38:46  DEBUG - ======================================================================
06:38:46  DEBUG - ERROR: test_delete_ipv4_ipv6_table_id (__main__.TestPolicy)
06:38:46  DEBUG - ----------------------------------------------------------------------
06:38:46  DEBUG - Traceback (most recent call last):
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_policy.py", line 960, in test_delete_ipv4_ipv6_table_id
06:38:46  DEBUG -     self.cli_set(path + ['rule', rule, 'fwmark', fwmk])
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 66, in cli_set
06:38:46  DEBUG -     self._session.set(config)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 147, in set
06:38:46  DEBUG -     self.__run_command([SET] + path + value)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 136, in __run_command
06:38:46  DEBUG -     raise ConfigSessionError(output)
06:38:46  DEBUG - vyos.configsession.ConfigSessionError: Configuration path: [policy local-route rule 103 fwmark 23] is not valid
06:38:46  DEBUG - 
06:38:46  DEBUG - Set failed
06:38:46  DEBUG - 
06:38:46  DEBUG - 
06:38:46  DEBUG - ======================================================================
06:38:46  DEBUG - ERROR: test_fwmark_sources_destination_table_id (__main__.TestPolicy)
06:38:46  DEBUG - ----------------------------------------------------------------------
06:38:46  DEBUG - Traceback (most recent call last):
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_policy.py", line 792, in test_fwmark_sources_destination_table_id
06:38:46  DEBUG -     self.cli_set(path + ['rule', rule, 'fwmark', fwmk])
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 66, in cli_set
06:38:46  DEBUG -     self._session.set(config)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 147, in set
06:38:46  DEBUG -     self.__run_command([SET] + path + value)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 136, in __run_command
06:38:46  DEBUG -     raise ConfigSessionError(output)
06:38:46  DEBUG - vyos.configsession.ConfigSessionError: Configuration path: [policy local-route rule 103 fwmark 23] is not valid
06:38:46  DEBUG - 
06:38:46  DEBUG - Set failed
06:38:46  DEBUG - 
06:38:46  DEBUG - 
06:38:46  DEBUG - ======================================================================
06:38:46  DEBUG - ERROR: test_fwmark_sources_table_id (__main__.TestPolicy)
06:38:46  DEBUG - ----------------------------------------------------------------------
06:38:46  DEBUG - Traceback (most recent call last):
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_policy.py", line 740, in test_fwmark_sources_table_id
06:38:46  DEBUG -     self.cli_set(path + ['rule', rule, 'fwmark', fwmk])
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 66, in cli_set
06:38:46  DEBUG -     self._session.set(config)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 147, in set
06:38:46  DEBUG -     self.__run_command([SET] + path + value)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 136, in __run_command
06:38:46  DEBUG -     raise ConfigSessionError(output)
06:38:46  DEBUG - vyos.configsession.ConfigSessionError: Configuration path: [policy local-route rule 100 fwmark 23] is not valid
06:38:46  DEBUG - 
06:38:46  DEBUG - Set failed
06:38:46  DEBUG - 
06:38:46  DEBUG - 
06:38:46  DEBUG - ======================================================================
06:38:46  DEBUG - ERROR: test_fwmark_table_id (__main__.TestPolicy)
06:38:46  DEBUG - ----------------------------------------------------------------------
06:38:46  DEBUG - Traceback (most recent call last):
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_policy.py", line 698, in test_fwmark_table_id
06:38:46  DEBUG -     self.cli_set(path + ['rule', rule, 'fwmark', fwmk])
06:38:46  DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 66, in cli_set
06:38:46  DEBUG -     self._session.set(config)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 147, in set
06:38:46  DEBUG -     self.__run_command([SET] + path + value)
06:38:46  DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 136, in __run_command
06:38:46  DEBUG -     raise ConfigSessionError(output)
06:38:46  DEBUG - vyos.configsession.ConfigSessionError: Configuration path: [policy local-route rule 101 fwmark 24] is not valid
06:38:46  DEBUG - 
06:38:46  DEBUG - Set failed
06:38:46  DEBUG -
c-po moved this task from Need Triage to Backlog on the VyOS 1.3 Equuleus ( 1.3.1) board.Feb 23 2022, 6:09 PM
hensur mentioned this in rVYOSONEX69ccb1899a47: backport: policy: T4151: bugfix smoketest.Mar 23 2022, 9:18 AM
hensur mentioned this in rVYOSONEX5601e50d3866: backport: policy: T4151: remove all previous rules on edit.
hensur mentioned this in rVYOSONEX00b680a4ac97: backport: policy: T4151: Bugfix policy ipv6-local-route.
hensur mentioned this in rVYOSONEXcb580de792ca: backport: policy: T4151: Add policy ipv6-local-route.
syncer triaged this task as Normal priority.Aug 29 2022, 12:13 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus ( 1.3.1).
hensur mentioned this in rVYOSONEX9fc6dba84177: policy: T4151: remove left over fwmk check.Dec 17 2022, 10:00 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:39 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:29 PM
Viacheslav closed this task as Resolved.Aug 30 2023, 11:41 AM
Viacheslav edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.5).

Implemented, checked in VyOS 1.3-stable-202308240442

vyos@r1# set policy local-route
Possible completions:
 > local-route  IPv4 policy route of local traffic
 > local-route6 IPv6 policy route of local traffic
dmbaturin mentioned this in 1.3.4.Sep 14 2023, 1:07 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.Dec 17 2023, 11:35 PM