Page MenuHomePhabricator

Ipoe with bond per vlan don't work
Closed, ResolvedPublicBUG

Description

I'm create a bond interface include eth2 and eth3. And listen vlan 55 for dhcp requests.
Dhcp client mac 84:8f:69:f1:2d:11.
Configuration vyos section ipoe-server:

ipoe-server {
    authentication {
        interface bond1 {
            mac-address 84:8f:69:f1:2d:11 {
            }
        }
        mode local
    }
    dns-server {
        server-1 1.1.1.1
        server-2 8.8.8.8
    }
    interface bond1 {
        client-subnet 10.3.0.0/23
        network vlan
        vlan-id 55
    }
}

I don't see any sessions

vyos@vyos# run show ipoe-server sessions 
 ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid 
--------+------------+-------------+----+-----+--------+------------+-------+--------+-----
[edit]
vyos@vyos#

I see request's from the client but don't see dhcp response.
Tcpdump on the server side:

root@vyos:/home/vyos# tcpdump -ni bond1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond1, link-type EN10MB (Ethernet), capture size 262144 bytes
10:50:36.762014 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:50:46.845629 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:50:50.009321 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:50:55.543429 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:51:08.227520 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:51:15.664796 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2-rolling-201909160118
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

sever created this task.Sep 16 2019, 8:03 AM
Dmitry added a subscriber: Dmitry.Sep 16 2019, 9:10 AM
hagbard claimed this task.Sep 16 2019, 3:10 PM

@sever Can you please also share your pppoe-server config?

pasik added a subscriber: pasik.Sep 16 2019, 3:19 PM
sever added a comment.Sep 16 2019, 3:29 PM

@sever Can you please also share your pppoe-server config?

I don't use pppoe, i try dhcp ipoe
It's full config list

vyos@vyos# show 
 interfaces {
     bonding bond0 {
         address 185.xx.xx.3/27
         description WAN
         member {
             interface eth0
             interface eth1
         }
         mode 802.3ad
         mtu 9000
     }
     bonding bond1 {
         description LAN-DHCP
         member {
             interface eth2
             interface eth3
         }
         mode 802.3ad
         mtu 9000
     }
     ethernet eth0 {
         disable-flow-control
         duplex full
         hw-id 00:30:48:c9:a7:0e
         offload-options {
             generic-receive off
             generic-segmentation off
         }
         smp-affinity auto
         speed 1000
     }
     ethernet eth1 {
         disable-flow-control
         duplex full
         hw-id 00:30:48:c9:a7:0f
         offload-options {
             generic-receive off
             generic-segmentation off
         }
         smp-affinity auto
         speed 1000
     }
     ethernet eth2 {
         duplex auto
         hw-id 00:1b:21:5b:9c:3c
         smp-affinity auto
         speed auto
     }
     ethernet eth3 {
         duplex auto
         hw-id 00:1b:21:5b:9c:3d
         smp-affinity auto
         speed auto
     }
     loopback lo {
     }
 }
 policy {
     prefix-list NET-OUT {
         rule 10 {
             action permit
             prefix 10.3.0.0/23
         }
     }
     route-map NET-OUT {
         rule 10 {
             action permit
             match {
                 ip {
                     address {
                         prefix-list NET-OUT
                     }
                 }
             }
         }
     }
 }
 protocols {
     bgp 65001 {
         neighbor 185.xx.xx.2 {
             address-family {
                 ipv4-unicast {
                     route-map {
                         export NET-OUT
                     }
                 }
             }
             remote-as 4xxx4
         }
     }
     static {
         route 0.0.0.0/0 {
             next-hop 185.xx.xx.2 {
             }
         }
     }
 }
 service {
     ipoe-server {
         authentication {
             interface bond1 {
                 mac-address 84:8f:69:f1:2d:11 {
                 }
             }
             mode local
         }
         dns-server {
             server-1 1.1.1.1
             server-2 8.8.8.8
         }
         interface bond1 {
             client-subnet 10.3.0.0/23
             network vlan
             vlan-id 55
         }
     }
     ssh {
     }
 }
 system {
     config-management {
         commit-revisions 100
     }
     console {
         device ttyS0 {
             speed 115200
         }
     }
     host-name vyos
     login {
         user vyos {
             authentication {
                 encrypted-password ***
                 plaintext-password "***"
             }
             level admin
         }
     }
     ntp {
         server 0.pool.ntp.org {
         }
         server 1.pool.ntp.org {
         }
         server 2.pool.ntp.org {
         }
     }
     syslog {
         global {
             facility all {
                 level info
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone Europe/Kiev
 }
[edit]
vyos@vyos#
hagbard added a comment.EditedSep 16 2019, 3:43 PM

@sever Can you please try: set service pppoe-server interface bond0 vlan-id 55. And have a look into /var/log/messages what accel is reporting there once the dhcp reply arrives. I'm going to lab up your config and test as well.
Also you need to define an IP pool a client can get an IP address from.
https://vyos.readthedocs.io/en/latest/services/ipoe-server.html
(btw: show config comands gives you a nicer config overview)

sever added a comment.Sep 16 2019, 3:53 PM

@hagbard bond0 - is WAN interface without vlans/tags. For DHCP listening I use bond1 interface, not PPP.
A try man https://vyos.readthedocs.io/en/latest/services/ipoe-server.html

hagbard added a comment.EditedSep 16 2019, 4:09 PM

@sever Yeah, sorry about the typo. You need to define an IP pool and an authentication method if you are not using a RADIUS server for that.
(I have bond0 in my lab so you need to change that to bond1 if you copy).

set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae
set service ipoe-server authentication mode 'local'
set service ipoe-server interface bond0 client-subnet '192.168.0.0/24'

Also vlan per client doesn't make sense if you only serve 1 vlan (vlan 55).

ifname | called-sid |    calling-sid    |     ip      | ip6 | ip6-dp | rate-limit | state  |  uptime  |        sid       
--------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------
 bond0  | bond0      | 08:00:27:82:43:ae | 192.168.0.2 |     |        |            | active | 00:00:16 | d060220ce771f084

everything works without issue as far a I see.

sever added a comment.EditedSep 16 2019, 4:19 PM

@hagbard in first my message actual config for bond1 with client-subnet 10.3.0.0/23 and authentication mode "local".
I plan to use several vlan's for several services.
You use it without vlans.

hagbard changed the task status from Open to Confirmed.Sep 16 2019, 5:33 PM
hagbard changed the task status from Confirmed to In progress.Sep 16 2019, 9:28 PM

@sever Issue found and working on a patch.

ifname  | called-sid |    calling-sid    |     ip      | ip6 | ip6-dp | rate-limit | state  |  uptime  |        sid       
----------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------
 bond0.51 | bond0.51   | 08:00:27:82:43:ae | 192.168.0.2 |     |        |            | active | 00:01:03 | d060220ce77252a9

Auto creation of vlans failed.

hagbard added a comment.EditedSep 16 2019, 9:36 PM

https://github.com/vyos/vyos-1x/commit/f23d1f10721260872a5b231dcc51e7d05d324e39

Tomorrows rolling ISO will have the patch applied.
Please test and let me know how it goes.

example config:

set interfaces bonding bond0 address '192.168.0.1/24'
set interfaces bonding bond0 member interface 'eth2'
set interfaces bonding bond0 member interface 'eth3'
set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae vlan-id '51'
set service ipoe-server authentication mode 'local'
set service ipoe-server interface bond0 client-subnet '192.168.0.0/24'
set service ipoe-server interface bond0 network 'vlan'
set service ipoe-server interface bond0 vlan-id '55'
set service ipoe-server interface bond0 vlan-id '51'

set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae vlan-id '51' vlan-id is a new command to tell the underlying accel from where the requests for client 08:00:27:82:43:ae can come from.

hagbard changed the task status from In progress to Needs testing.Sep 16 2019, 9:41 PM
sever added a comment.Sep 18 2019, 2:10 PM

@hagbard

In release VyOS 1.2-rolling-201909180118 I dont see this command

set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae vlan-id '51'

Only rate-limit

[edit]
vyos@vyos# set service ipoe-server authentication interface bond1 mac-address 84:8f:69:f1:2d:11 
Possible completions:
 > rate-limit   Upload/Download speed limits

      
[edit]
vyos@vyos# set service ipoe-server authentication interface bond1 mac-address 84:8f:69:f1:2d:11 vlan-id '55'

  Configuration path: service ipoe-server authentication interface bond1 mac-address 84:8f:69:f1:2d:11 [vlan-id] is not valid
  Set failed

@sever I see that the new package hasn't been autobuild in our CI, I see to get that fixed. If you are in urgent need of the change, please build and install vyos-1x manually.

sever added a comment.Thu, Sep 19, 8:52 AM

@hagbard
In VyOS 1.2-rolling-201909190545 all work. Fixed. Thank's.

hagbard closed this task as Resolved.Thu, Sep 19, 3:18 PM
hagbard moved this task from Need Triage to Finished on the VyOS 1.2 Crux board.

Thanks for testing.

hagbard moved this task from Finished to Backlog on the VyOS 1.2 Crux board.Thu, Sep 19, 3:18 PM
hagbard added a project: VyOS 1.3 Equuleus.
hagbard moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.