Changing VRF on interface fails
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	Viacheslav
	Jul 18 2024, 9:09 AM

Description

Add 2 VRF and change it on the interface

set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit

Raise ConfigError

vyos@r4# commit
[ interfaces ethernet eth2 ]
VyOS had an issue completing a command.

Report time:      2024-07-18 12:06:09
Image version:    VyOS 1.5-rolling-202407171706
Release train:    current

Built by:         autobuild@vyos.net
Built on:         Wed 17 Jul 2024 17:49 UTC
Build UUID:       5f886798-85fc-4c20-ac53-8629ec6c8f5c
Build commit ID:  31684479b205ca

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    166cfd25-7d3a-4eca-9ef6-0b655c9acf0f

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces_ethernet.py", line 433, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces_ethernet.py", line 410, in apply
    e.update(ethernet)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/ethernet.py", line 454, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1601, in update
    self.set_vrf(config.get('vrf', ''))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 605, in set_vrf
    self._set_vrf_ct_zone(vrf)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 420, in _set_vrf_ct_zone
    self._cmd(f'nft add element inet vrf_zones ct_iface_map {{ "{self.ifname}" : {vrf_table_id} }}')
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 64, in _cmd
    return cmd(command, self.debug)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
returned: 
exit code: 1

noteworthy:
cmd 'ethtool --json --show-pause eth2'
returned (out):
[ ]
returned (err):
netlink error: Operation not supported
cmd 'ethtool --json --show-pause eth2'
returned (out):
[ ]
returned (err):
netlink error: Operation not supported
cmd 'ethtool --json --show-pause eth2'
returned (out):
[ ]
returned (err):
netlink error: Operation not supported
cmd 'nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }'
returned (out):

returned (err):
Error: Could not process rule: File exists
add element inet vrf_zones ct_iface_map { eth2 : 151 }
                                          ^^^^

[[interfaces ethernet eth2]] failed
Commit failed
[edit]
vyos@r4# run show conf com | match vrf
set interfaces ethernet eth2 vrf 'mgmt'
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
[edit]
vyos@r4#

Details

Version: VyOS 1.5-rolling-202407171706
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned In: 1.4.1
rVYOSONEXe61a175838f2: Merge pull request #3914 from vyos/mergify/bp/sagitta/pr-3874
rVYOSONEX19faa3129a59: smoketest: T6592: remove unused "import os"
rVYOSONEX9b99a01653e3: pbr: T6430: refactor to use vyos.utils.network.get_vrf_tableid()
rVYOSONEXe90fd5cf9add: Merge pull request #3894 from vyos/mergify/bp/circinus/pr-3874
rVYOSONEX3873e8807a06: smoketest: T6592: remove unused "import os"
rVYOSONEX4717139174a8: smoketest: T6592: remove unused "import os"
rVYOSONEX358aaa1e29b1: Merge pull request #3874 from c-po/unused-import
rVYOSONEX35a675e21a4b: Merge pull request #3872 from vyos/mergify/bp/sagitta/pr-3857
rVYOSONEX33f998926fbb: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on…
rVYOSONEX6d60f88fef6e: interface: T6592: remove interface from conntrack ct_iface_map on deletion
T6608: configd should report exceptions uncaught by conf_mode scripts as commit error
rVYOSONEXa9b8d2e7e844: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on…
rVYOSONEX9d9455ccc7e3: interface: T6592: remove interface from conntrack ct_iface_map on deletion
rVYOSONEX8e4d0d268506: Merge pull request #3871 from vyos/mergify/bp/circinus/pr-3857
rVYOSONEX28fedd4e76bb: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on…
rVYOSONEX2c1e8c9eaeff: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on…
rVYOSONEX92740091d793: interface: T6592: remove interface from conntrack ct_iface_map on deletion
rVYOSONEX2f35cf4d389f: interface: T6592: remove interface from conntrack ct_iface_map on deletion
rVYOSONEX1c42ee9d16dd: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on…
rVYOSONEX17c12bde5c6f: interface: T6592: remove interface from conntrack ct_iface_map on deletion
rVYOSONEX87741c1a7b18: Merge pull request #3857 from c-po/vrf-interface-part-2
rVYOSONEX405ae90fd9cb: Merge pull request #3837 from vyos/mergify/bp/sagitta/pr-3834
rVYOSONEXb551f542c5c9: vrf: T6592: remove unused import get_interface_config
rVYOSONEX7bc7c9e75e3b: Merge pull request #3839 from c-po/unused-imports
rVYOSONEXa3d76254f4d4: Merge pull request #3836 from vyos/mergify/bp/circinus/pr-3834
rVYOSONEXac8dc93755b8: vrf: T6592: remove unused import get_interface_config
rVYOSONEX2b35ea816272: vrf: T6592: remove unused import get_interface_config
rVYOSONEX0df7599464f5: utils: migrate to new get_vrf_tableid() helper
rVYOSONEX031eebc1ee47: interfaces: T6592: moving an interface between VRF instances failed
rVYOSONEXf2cd8507419f: interfaces: T6592: moving an interface between VRF instances failed
rVYOSONEXe6a2a579c834: utils: migrate to new get_vrf_tableid() helper
rVYOSONEX1b3350788cee: interfaces: T6592: moving an interface between VRF instances failed
rVYOSONEX44e5a11979fd: utils: migrate to new get_vrf_tableid() helper
rVYOSONEX465a77183e1d: utils: migrate to new get_vrf_tableid() helper
rVYOSONEX85fa5507a295: interfaces: T6592: moving an interface between VRF instances failed
rVYOSONEX452068ce7858: interfaces: T6592: moving an interface between VRF instances failed
rVYOSONEX36f3791e0c15: utils: migrate to new get_vrf_tableid() helper
rVYOSONEXda3d9415542d: Merge pull request #3834 from c-po/interface-vrf-move

Event Timeline

Viacheslav created this task.Jul 18 2024, 9:09 AM

Viacheslav triaged this task as Normal priority.Jul 18 2024, 9:11 AM

Viacheslav added a project: VyOS Rolling.

c-po changed the task status from Open to In progress.Jul 18 2024, 9:44 AM

c-po claimed this task.

pasik subscribed.Jul 18 2024, 10:39 AM

https://github.com/vyos/vyos-1x/pull/3834

c-po added a project: VyOS 1.4 Sagitta (1.4.1).Jul 20 2024, 8:52 AM

Restricted Repository Identity mentioned this in rVYOSONEXda3d9415542d: Merge pull request #3834 from c-po/interface-vrf-move.Jul 20 2024, 2:17 PM

c-po mentioned this in rVYOSONEX36f3791e0c15: utils: migrate to new get_vrf_tableid() helper.Jul 20 2024, 2:17 PM

c-po mentioned this in rVYOSONEX452068ce7858: interfaces: T6592: moving an interface between VRF instances failed.

Restricted Repository Identity mentioned this in rVYOSONEX85fa5507a295: interfaces: T6592: moving an interface between VRF instances failed.Jul 20 2024, 2:18 PM

Restricted Repository Identity mentioned this in rVYOSONEX465a77183e1d: utils: migrate to new get_vrf_tableid() helper.

Restricted Repository Identity mentioned this in rVYOSONEX1b3350788cee: interfaces: T6592: moving an interface between VRF instances failed.Jul 20 2024, 2:21 PM

Restricted Repository Identity mentioned this in rVYOSONEX44e5a11979fd: utils: migrate to new get_vrf_tableid() helper.

Restricted Repository Identity mentioned this in rVYOSONEXf2cd8507419f: interfaces: T6592: moving an interface between VRF instances failed.

Restricted Repository Identity mentioned this in rVYOSONEXe6a2a579c834: utils: migrate to new get_vrf_tableid() helper.

c-po mentioned this in rVYOSONEX031eebc1ee47: interfaces: T6592: moving an interface between VRF instances failed.Jul 20 2024, 6:21 PM

c-po mentioned this in rVYOSONEX0df7599464f5: utils: migrate to new get_vrf_tableid() helper.

c-po mentioned this in rVYOSONEX2b35ea816272: vrf: T6592: remove unused import get_interface_config.Jul 21 2024, 7:35 AM

c-po mentioned this in rVYOSONEXac8dc93755b8: vrf: T6592: remove unused import get_interface_config.

Restricted Repository Identity mentioned this in rVYOSONEXa3d76254f4d4: Merge pull request #3836 from vyos/mergify/bp/circinus/pr-3834.Jul 22 2024, 8:49 AM

Restricted Repository Identity mentioned this in rVYOSONEX7bc7c9e75e3b: Merge pull request #3839 from c-po/unused-imports.Jul 22 2024, 4:06 PM

c-po mentioned this in rVYOSONEXb551f542c5c9: vrf: T6592: remove unused import get_interface_config.Jul 22 2024, 4:06 PM

Restricted Repository Identity mentioned this in rVYOSONEX405ae90fd9cb: Merge pull request #3837 from vyos/mergify/bp/sagitta/pr-3834.Jul 22 2024, 4:06 PM

This uncovered another issue, once an interface is removed from the system,

set interfaces vxlan vxlan1 vni 1000
set interfaces vxlan vxlan1 remote 1.2.3.4
set interfaces vxlan vxlan1 vrf red
commit
del interface vxlan vxlan1
commit

It will still live in the conntrack VRF interface map

table inet vrf_zones {
        map ct_iface_map {
                typeof iifname : ct zone
                elements = { "vxlan1" : 5424,
                             "red" : 5424,
                             "blue" : 7412 }
        }

        chain vrf_zones_ct_in {
                type filter hook prerouting priority raw; policy accept;
        }

        chain vrf_zones_ct_out {
                type filter hook output priority raw; policy accept;
        }
}

Restricted Repository Identity mentioned this in rVYOSONEX87741c1a7b18: Merge pull request #3857 from c-po/vrf-interface-part-2.Jul 24 2024, 11:51 PM

c-po mentioned this in rVYOSONEX1c42ee9d16dd: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on….Jul 24 2024, 11:51 PM

c-po mentioned this in rVYOSONEX17c12bde5c6f: interface: T6592: remove interface from conntrack ct_iface_map on deletion.

Restricted Repository Identity mentioned this in rVYOSONEX2f35cf4d389f: interface: T6592: remove interface from conntrack ct_iface_map on deletion.Jul 24 2024, 11:52 PM

Restricted Repository Identity mentioned this in rVYOSONEX2c1e8c9eaeff: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on….

Restricted Repository Identity mentioned this in rVYOSONEX92740091d793: interface: T6592: remove interface from conntrack ct_iface_map on deletion.

Restricted Repository Identity mentioned this in rVYOSONEX28fedd4e76bb: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on….

Restricted Repository Identity mentioned this in rVYOSONEX8e4d0d268506: Merge pull request #3871 from vyos/mergify/bp/circinus/pr-3857.Jul 25 2024, 6:09 AM

c-po mentioned this in rVYOSONEX9d9455ccc7e3: interface: T6592: remove interface from conntrack ct_iface_map on deletion.Jul 25 2024, 11:35 AM

c-po mentioned this in rVYOSONEXa9b8d2e7e844: smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on….

c-po moved this task from Open to Finished on the VyOS 1.5 Circinus board.Jul 25 2024, 11:56 AM

jestabro mentioned this in T6608: configd should report exceptions uncaught by conf_mode scripts as commit error.Jul 25 2024, 1:21 PM