From 38c5e6825dac21553c59ae3703e9397022262fc6 Mon Sep 17 00:00:00 2001 From: mssonicbld <79238446+mssonicbld@users.noreply.github.com> Date: Fri, 5 Jan 2024 00:32:38 +0800 Subject: [PATCH] Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (#17281) (#17676) --- files/image_config/interfaces/interfaces.j2 | 16 ++++++++++++---- .../tests/sample_output/py2/interfaces | 3 +++ .../tests/sample_output/py2/two_mgmt_interfaces | 6 ++++++ .../tests/sample_output/py3/interfaces | 3 +++ .../tests/sample_output/py3/two_mgmt_interfaces | 6 ++++++ 5 files changed, 30 insertions(+), 4 deletions(-) diff --git a/files/image_config/interfaces/interfaces.j2 b/files/image_config/interfaces/interfaces.j2 index b39331f459b7..3702eb1f6798 100644 --- a/files/image_config/interfaces/interfaces.j2 +++ b/files/image_config/interfaces/interfaces.j2 @@ -79,21 +79,29 @@ iface {{ name }} {{ 'inet' if prefix | ipv4 else 'inet6' }} static {% set vrf_table = '5000' %} vrf mgmt {% endif %} +{% set force_mgmt_route_priority = 32764 %} ########## management network policy routing rules # management port up rules up ip {{ '-4' if prefix | ipv4 else '-6' }} route add default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }} metric 201 up ip {{ '-4' if prefix | ipv4 else '-6' }} route add {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }} - up ip {{ '-4' if prefix | ipv4 else '-6' }} rule add pref 32765 from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }} + up ip {{ '-4' if prefix | ipv4 else '-6' }} rule add pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }} {% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %} - up ip rule add pref 32764 to {{ route }} table {{ vrf_table }} + up ip rule add pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }} {% endfor %} +{% if prefix | ipv6 and vrf_table == 'default'%} + # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown + up ip -6 rule add pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }} +{% endif %} # management port down rules pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }} pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }} - pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} rule delete pref 32765 from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }} + pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} rule delete pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }} {% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %} - pre-down ip rule delete pref 32764 to {{ route }} table {{ vrf_table }} + pre-down ip rule delete pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }} {% endfor %} +{% if prefix | ipv6 and vrf_table == 'default'%} + pre-down ip -6 rule delete pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }} +{% endif %} {# TODO: COPP policy type rules #} {% endfor %} {% else %} diff --git a/src/sonic-config-engine/tests/sample_output/py2/interfaces b/src/sonic-config-engine/tests/sample_output/py2/interfaces index 90aadce5f44e..15d5f8426247 100644 --- a/src/sonic-config-engine/tests/sample_output/py2/interfaces +++ b/src/sonic-config-engine/tests/sample_output/py2/interfaces @@ -38,10 +38,13 @@ iface eth0 inet6 static up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201 up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default + # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown + up ip -6 rule add pref 32767 lookup default # management port down rules pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default + pre-down ip -6 rule delete pref 32767 lookup default # source /etc/network/interfaces.d/* # diff --git a/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces b/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces index 319f25c4e91a..1b46be4bc380 100644 --- a/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces +++ b/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces @@ -53,10 +53,13 @@ iface eth1 inet6 static up ip -6 route add default via 2603:10e2:0:abcd::1 dev eth1 table default metric 201 up ip -6 route add 2603:10e2:0:abcd::/64 dev eth1 table default up ip -6 rule add pref 32765 from 2603:10e2:0:abcd::8/128 table default + # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown + up ip -6 rule add pref 32767 lookup default # management port down rules pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default + pre-down ip -6 rule delete pref 32767 lookup default iface eth0 inet6 static address 2603:10e2:0:2902::8 netmask 64 @@ -67,10 +70,13 @@ iface eth0 inet6 static up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201 up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default + # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown + up ip -6 rule add pref 32767 lookup default # management port down rules pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default + pre-down ip -6 rule delete pref 32767 lookup default # source /etc/network/interfaces.d/* # diff --git a/src/sonic-config-engine/tests/sample_output/py3/interfaces b/src/sonic-config-engine/tests/sample_output/py3/interfaces index 90aadce5f44e..15d5f8426247 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/interfaces +++ b/src/sonic-config-engine/tests/sample_output/py3/interfaces @@ -38,10 +38,13 @@ iface eth0 inet6 static up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201 up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default + # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown + up ip -6 rule add pref 32767 lookup default # management port down rules pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default + pre-down ip -6 rule delete pref 32767 lookup default # source /etc/network/interfaces.d/* # diff --git a/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces b/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces index 490a27366fd3..4be6dcd5d801 100644 --- a/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces +++ b/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces @@ -39,10 +39,13 @@ iface eth0 inet6 static up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201 up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default + # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown + up ip -6 rule add pref 32767 lookup default # management port down rules pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default + pre-down ip -6 rule delete pref 32767 lookup default iface eth1 inet static address 10.0.10.100 netmask 255.255.255.0 @@ -67,10 +70,13 @@ iface eth1 inet6 static up ip -6 route add default via 2603:10e2:0:abcd::1 dev eth1 table default metric 201 up ip -6 route add 2603:10e2:0:abcd::/64 dev eth1 table default up ip -6 rule add pref 32765 from 2603:10e2:0:abcd::8/128 table default + # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown + up ip -6 rule add pref 32767 lookup default # management port down rules pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default + pre-down ip -6 rule delete pref 32767 lookup default # source /etc/network/interfaces.d/* #