Page MenuHomeVyOS Platform

Ipoe with bond per vlan don't work
Closed, ResolvedPublicBUG

Description

I'm create a bond interface include eth2 and eth3. And listen vlan 55 for dhcp requests.
Dhcp client mac 84:8f:69:f1:2d:11.
Configuration vyos section ipoe-server:

ipoe-server {
    authentication {
        interface bond1 {
            mac-address 84:8f:69:f1:2d:11 {
            }
        }
        mode local
    }
    dns-server {
        server-1 1.1.1.1
        server-2 8.8.8.8
    }
    interface bond1 {
        client-subnet 10.3.0.0/23
        network vlan
        vlan-id 55
    }
}

I don't see any sessions

vyos@vyos# run show ipoe-server sessions 
 ifname | called-sid | calling-sid | ip | ip6 | ip6-dp | rate-limit | state | uptime | sid 
--------+------------+-------------+----+-----+--------+------------+-------+--------+-----
[edit]
vyos@vyos#

I see request's from the client but don't see dhcp response.
Tcpdump on the server side:

root@vyos:/home/vyos# tcpdump -ni bond1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond1, link-type EN10MB (Ethernet), capture size 262144 bytes
10:50:36.762014 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:50:46.845629 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:50:50.009321 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:50:55.543429 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:51:08.227520 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300
10:51:15.664796 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:8f:69:f1:2d:11, length 300

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2-rolling-201909160118
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

@sever Can you please also share your pppoe-server config?

@sever Can you please also share your pppoe-server config?

I don't use pppoe, i try dhcp ipoe
It's full config list

vyos@vyos# show 
 interfaces {
     bonding bond0 {
         address 185.xx.xx.3/27
         description WAN
         member {
             interface eth0
             interface eth1
         }
         mode 802.3ad
         mtu 9000
     }
     bonding bond1 {
         description LAN-DHCP
         member {
             interface eth2
             interface eth3
         }
         mode 802.3ad
         mtu 9000
     }
     ethernet eth0 {
         disable-flow-control
         duplex full
         hw-id 00:30:48:c9:a7:0e
         offload-options {
             generic-receive off
             generic-segmentation off
         }
         smp-affinity auto
         speed 1000
     }
     ethernet eth1 {
         disable-flow-control
         duplex full
         hw-id 00:30:48:c9:a7:0f
         offload-options {
             generic-receive off
             generic-segmentation off
         }
         smp-affinity auto
         speed 1000
     }
     ethernet eth2 {
         duplex auto
         hw-id 00:1b:21:5b:9c:3c
         smp-affinity auto
         speed auto
     }
     ethernet eth3 {
         duplex auto
         hw-id 00:1b:21:5b:9c:3d
         smp-affinity auto
         speed auto
     }
     loopback lo {
     }
 }
 policy {
     prefix-list NET-OUT {
         rule 10 {
             action permit
             prefix 10.3.0.0/23
         }
     }
     route-map NET-OUT {
         rule 10 {
             action permit
             match {
                 ip {
                     address {
                         prefix-list NET-OUT
                     }
                 }
             }
         }
     }
 }
 protocols {
     bgp 65001 {
         neighbor 185.xx.xx.2 {
             address-family {
                 ipv4-unicast {
                     route-map {
                         export NET-OUT
                     }
                 }
             }
             remote-as 4xxx4
         }
     }
     static {
         route 0.0.0.0/0 {
             next-hop 185.xx.xx.2 {
             }
         }
     }
 }
 service {
     ipoe-server {
         authentication {
             interface bond1 {
                 mac-address 84:8f:69:f1:2d:11 {
                 }
             }
             mode local
         }
         dns-server {
             server-1 1.1.1.1
             server-2 8.8.8.8
         }
         interface bond1 {
             client-subnet 10.3.0.0/23
             network vlan
             vlan-id 55
         }
     }
     ssh {
     }
 }
 system {
     config-management {
         commit-revisions 100
     }
     console {
         device ttyS0 {
             speed 115200
         }
     }
     host-name vyos
     login {
         user vyos {
             authentication {
                 encrypted-password ***
                 plaintext-password "***"
             }
             level admin
         }
     }
     ntp {
         server 0.pool.ntp.org {
         }
         server 1.pool.ntp.org {
         }
         server 2.pool.ntp.org {
         }
     }
     syslog {
         global {
             facility all {
                 level info
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone Europe/Kiev
 }
[edit]
vyos@vyos#

@sever Can you please try: set service pppoe-server interface bond0 vlan-id 55. And have a look into /var/log/messages what accel is reporting there once the dhcp reply arrives. I'm going to lab up your config and test as well.
Also you need to define an IP pool a client can get an IP address from.
https://vyos.readthedocs.io/en/latest/services/ipoe-server.html
(btw: show config comands gives you a nicer config overview)

@hagbard bond0 - is WAN interface without vlans/tags. For DHCP listening I use bond1 interface, not PPP.
A try man https://vyos.readthedocs.io/en/latest/services/ipoe-server.html

@sever Yeah, sorry about the typo. You need to define an IP pool and an authentication method if you are not using a RADIUS server for that.
(I have bond0 in my lab so you need to change that to bond1 if you copy).

set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae
set service ipoe-server authentication mode 'local'
set service ipoe-server interface bond0 client-subnet '192.168.0.0/24'

Also vlan per client doesn't make sense if you only serve 1 vlan (vlan 55).

ifname | called-sid |    calling-sid    |     ip      | ip6 | ip6-dp | rate-limit | state  |  uptime  |        sid       
--------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------
 bond0  | bond0      | 08:00:27:82:43:ae | 192.168.0.2 |     |        |            | active | 00:00:16 | d060220ce771f084

everything works without issue as far a I see.

@hagbard in first my message actual config for bond1 with client-subnet 10.3.0.0/23 and authentication mode "local".
I plan to use several vlan's for several services.
You use it without vlans.

hagbard changed the task status from Open to Confirmed.Sep 16 2019, 5:33 PM
hagbard changed the task status from Confirmed to In progress.Sep 16 2019, 9:28 PM

@sever Issue found and working on a patch.

ifname  | called-sid |    calling-sid    |     ip      | ip6 | ip6-dp | rate-limit | state  |  uptime  |        sid       
----------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------
 bond0.51 | bond0.51   | 08:00:27:82:43:ae | 192.168.0.2 |     |        |            | active | 00:01:03 | d060220ce77252a9

Auto creation of vlans failed.

https://github.com/vyos/vyos-1x/commit/f23d1f10721260872a5b231dcc51e7d05d324e39

Tomorrows rolling ISO will have the patch applied.
Please test and let me know how it goes.

example config:

set interfaces bonding bond0 address '192.168.0.1/24'
set interfaces bonding bond0 member interface 'eth2'
set interfaces bonding bond0 member interface 'eth3'
set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae vlan-id '51'
set service ipoe-server authentication mode 'local'
set service ipoe-server interface bond0 client-subnet '192.168.0.0/24'
set service ipoe-server interface bond0 network 'vlan'
set service ipoe-server interface bond0 vlan-id '55'
set service ipoe-server interface bond0 vlan-id '51'

set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae vlan-id '51' vlan-id is a new command to tell the underlying accel from where the requests for client 08:00:27:82:43:ae can come from.

hagbard changed the task status from In progress to Needs testing.Sep 16 2019, 9:41 PM

@hagbard

In release VyOS 1.2-rolling-201909180118 I dont see this command

set service ipoe-server authentication interface bond0 mac-address 08:00:27:82:43:ae vlan-id '51'

Only rate-limit

[edit]
vyos@vyos# set service ipoe-server authentication interface bond1 mac-address 84:8f:69:f1:2d:11 
Possible completions:
 > rate-limit   Upload/Download speed limits

      
[edit]
vyos@vyos# set service ipoe-server authentication interface bond1 mac-address 84:8f:69:f1:2d:11 vlan-id '55'

  Configuration path: service ipoe-server authentication interface bond1 mac-address 84:8f:69:f1:2d:11 [vlan-id] is not valid
  Set failed

@sever I see that the new package hasn't been autobuild in our CI, I see to get that fixed. If you are in urgent need of the change, please build and install vyos-1x manually.

@hagbard
In VyOS 1.2-rolling-201909190545 all work. Fixed. Thank's.

hagbard moved this task from Need Triage to Finished on the VyOS 1.2 Crux board.

Thanks for testing.

hagbard added a project: VyOS 1.3 Equuleus.
hagbard moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer reopened this task as Backport candidate.Jan 1 2020, 2:02 PM
syncer reassigned this task from hagbard to jestabro.
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.5); removed VyOS 1.2 Crux.
syncer added a subscriber: hagbard.

This is not a backport candidate until the 'T989: accel-ppp: IPoE implementation' has been backported.

erkin set Issue type to Bug (incorrect behavior).Aug 31 2021, 6:48 PM