Web lists-archives.com

Re: Questions about VRF function in /etc/network/interfaces




	Hi.

On Sat, Dec 29, 2018 at 01:31:02PM +0800, Simon Jones wrote:
> Hi all,
> 
> This is my OS:
> 
> > # uname -a
> > Linux dut211 4.9.0-7-amd64 #1 SMP Debian 4.9.110-3+deb9u2 (2015-12-19)
> > x86_64 GNU/Linux

That's not a kernel 4.3, for starters. And it's outdated, consider
upgrading. Does not affect your problem though.


> Now I have to rewrite /etc/network/interfaces to implement this function,
> but I got errors, so I want to know if there is demo about how to define
> VRF interface and implement VRF function in /etc/network/interfaces.
> 
> As I follow your man file, I don't know how to do, and gots errors.

Usual debugging of interfaces(5) involves 'ifup -v' and 'ifdown -v'.


> This is my try on this feature, rewrite /etc/network/interfaces like this
> 
> iface eth0 inet static
> >     address 172.18.8.211
> >     netmask 255.255.255.0
> >     ########## management network policy routing rules
> >     # management port up rules
> >     up ip -4 link add mgmtvrf type vrf table 10
> >     up ip -4 link set dev mgmtvrf up
> >     up ip -4 link set dev eth0 master mgmtvrf
> >     up ip -4 route add default via 172.18.8.1 dev eth0 table 10
> >     up ip -4 route add 172.18.8.0/24 dev eth0 table 10
> >     up ip -4 rule add from 172.18.8.211/32 table 10
> >     post-up sysctl -w net.ipv4.tcp_l3mdev_accept=1
> >     # management port down rules
> >     down ip -4 route delete default via 172.18.8.1 dev eth0 table 10
> >     down ip -4 route delete 172.18.8.0/24 dev eth0 table 10
> >     down ip -4 rule delete from 172.18.8.211/32 table 10
> >     down ip -4 link set dev eth0 nomaster

'-4' is redundant here (you either modify L2 entities or it can be
guessed from the context), you might remove it as well.

> This is errors I got
> 
> Dec 29 02:38:48 dut211 ifup[8690]: RTNETLINK answers: File exists

This. Everything else in your log is useless.
A simple test shows that:

$ ifup -v eth0

ifup: configuring interface eth0=eth0 (inet)
/bin/run-parts --exit-on-error --verbose /etc/network/if-pre-up.d
/bin/ip addr add 172.18.8.211/255.255.255.0 broadcast 172.18.8.255
dev eth0 label eth0
/bin/ip link set dev eth0   up

ip -4 link add mgmtvrf type vrf table 10
ip -4 link set dev mgmtvrf up
ip -4 link set dev eth0 master mgmtvrf
ip -4 route add default via 172.18.8.1 dev eth0 table 10
ip -4 route add 172.18.8.0/24 dev eth0 table 10
RTNETLINK answers: File exists
ifup: failed to bring up eth0

So, it's all good until you try to add an additional route to
172.18.8.0/24, because this route is there already:

$ ip ro l table 10
broadcast 172.18.8.0 dev eth0 proto kernel scope link src 172.18.8.211
172.18.8.0/24 dev eth0 proto kernel scope link src 172.18.8.211
local 172.18.8.211 dev eth0 proto kernel scope host src 172.18.8.211
broadcast 172.18.8.255 dev eth0 proto kernel scope link src 172.18.8.211

And you've got your 'down' rules wrong, you should delete your custom
'mgmtvrf' interface:

# ifdown eth0
# ip a l dev mgmtvrf
5: mgmtvrf: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP
group default qlen 1000
    link/ether 4a:dc:f1:71:c7:00 brd ff:ff:ff:ff:ff:ff

And, of course, there's a leftover kernel knob:

# /sbin/sysctl net.ipv4.tcp_l3mdev_accept
net.ipv4.tcp_l3mdev_accept = 1

Summing all this up:

iface eth0 inet static
     address 172.18.8.211
     netmask 255.255.255.0
     ########## management network policy routing rules
     # management port up rules
     up ip link add mgmtvrf type vrf table 10
     up ip link set dev mgmtvrf up
     up ip link set dev eth0 master mgmtvrf
     up ip route add default via 172.18.8.1 dev eth0 table 10
     up ip rule add from 172.18.8.211/32 table 10
     post-up sysctl -qw net.ipv4.tcp_l3mdev_accept=1
     # management port down rules
     down ip -4 route delete default via 172.18.8.1 dev eth0 table 10
     down ip -4 route delete 172.18.8.0/24 dev eth0 table 10
     down ip -4 rule delete from 172.18.8.211/32 table 10
     down ip -4 link set dev eth0 nomaster
     down ip -4 link del mgmtvrf
     post-down sysctl -qw net.ipv4.tcp_l3mdev_accept=0

Reco