Changing VRF on interface fails
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	Viacheslav
	Jul 18 2024, 9:09 AM

Description

Add 2 VRF and change it on the interface

set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit

Raise ConfigError

vyos@r4# commit
[ interfaces ethernet eth2 ]
VyOS had an issue completing a command.

Report time:      2024-07-18 12:06:09
Image version:    VyOS 1.5-rolling-202407171706
Release train:    current

Built by:         [email protected]
Built on:         Wed 17 Jul 2024 17:49 UTC
Build UUID:       5f886798-85fc-4c20-ac53-8629ec6c8f5c
Build commit ID:  31684479b205ca

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    166cfd25-7d3a-4eca-9ef6-0b655c9acf0f

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces_ethernet.py", line 433, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces_ethernet.py", line 410, in apply
    e.update(ethernet)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/ethernet.py", line 454, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1601, in update
    self.set_vrf(config.get('vrf', ''))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 605, in set_vrf
    self._set_vrf_ct_zone(vrf)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 420, in _set_vrf_ct_zone
    self._cmd(f'nft add element inet vrf_zones ct_iface_map {{ "{self.ifname}" : {vrf_table_id} }}')
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 64, in _cmd
    return cmd(command, self.debug)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
returned: 
exit code: 1

noteworthy:
cmd 'ethtool --json --show-pause eth2'
returned (out):
[ ]
returned (err):
netlink error: Operation not supported
cmd 'ethtool --json --show-pause eth2'
returned (out):
[ ]
returned (err):
netlink error: Operation not supported
cmd 'ethtool --json --show-pause eth2'
returned (out):
[ ]
returned (err):
netlink error: Operation not supported
cmd 'nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }'
returned (out):

returned (err):
Error: Could not process rule: File exists
add element inet vrf_zones ct_iface_map { eth2 : 151 }
                                          ^^^^

[[interfaces ethernet eth2]] failed
Commit failed
[edit]
vyos@r4# run show conf com | match vrf
set interfaces ethernet eth2 vrf 'mgmt'
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
[edit]
vyos@r4#

Details

Difficulty level: Normal (likely a few hours)
Version: VyOS 1.5-rolling-202407171706
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Unspecified (please specify)

Related Objects

Mentioned In: T6608: configd should report exceptions uncaught by conf_mode scripts as commit error

Event Timeline

Viacheslav created this task.Jul 18 2024, 9:09 AM

Viacheslav triaged this task as Normal priority.Jul 18 2024, 9:11 AM

Viacheslav added a project: Restricted Project.

c-po changed the task status from Open to In progress.Jul 18 2024, 9:44 AM

c-po claimed this task.

pasik subscribed.Jul 18 2024, 10:39 AM

https://github.com/vyos/vyos-1x/pull/3834

c-po added a project: VyOS 1.4 Sagitta (1.4.1).Jul 20 2024, 8:52 AM

This uncovered another issue, once an interface is removed from the system,

set interfaces vxlan vxlan1 vni 1000
set interfaces vxlan vxlan1 remote 1.2.3.4
set interfaces vxlan vxlan1 vrf red
commit
del interface vxlan vxlan1
commit

It will still live in the conntrack VRF interface map

table inet vrf_zones {
        map ct_iface_map {
                typeof iifname : ct zone
                elements = { "vxlan1" : 5424,
                             "red" : 5424,
                             "blue" : 7412 }
        }

        chain vrf_zones_ct_in {
                type filter hook prerouting priority raw; policy accept;
        }

        chain vrf_zones_ct_out {
                type filter hook output priority raw; policy accept;
        }
}

c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.Jul 25 2024, 11:56 AM

jestabro mentioned this in T6608: configd should report exceptions uncaught by conf_mode scripts as commit error.Jul 25 2024, 1:21 PM

c-po closed this task as Resolved.Jul 25 2024, 6:33 PM

c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.1) board.

Changing VRF on interface failsClosed, ResolvedPublicBUGActions

Description

Details

Related Objects

Event Timeline

Changing VRF on interface fails
Closed, ResolvedPublicBUG
Actions