Page MenuHomeVyOS Platform
Create Task
Maniphest T1980

Setting "ip enable-arp-ignore" on a vif breaks the interface on reboot
Closed, InvalidPublicBUG
Actions

Description

Setting ip enable-arp-ignore on a physical interface (e.g. "set interfaces ethernet eth0 ip enable-arp-ignore") works as expected. When committing the config, a 1 will be set in /proc/sys/net/ipv4/conf/eth0/arp_ignore. After reboot, this is still the case, and everything's great.

Setting the same thing on a vif (e.g. "set interfaces ethernet eth0 vif 50 ip enable-arp-ignore") and committing the config LOOKS LIKE it's working as expected. The config gets committed successfully, and a 1 will be set in /proc/sys/net/ipv4/conf/eth0.50/arp_ignore. However, after a reboot, the entire physical interface (along with all vifs on it) will be left unconfigured, and won't show up at all in the running config. Only way to fix it is to manually edit /config/config.boot and removing the enable-arp-ignore setting from the vif.

Details

Difficulty level
Normal (likely a few hours)
Version
vyos-1.3-rolling-201912290217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

freelancer created this task.Jan 22 2020, 4:39 AM
c-po claimed this task.Jan 22 2020, 4:58 AM
c-po triaged this task as Normal priority.
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po added a comment.Jan 24 2020, 1:02 PM

Unfortunately I can not reproduce this.

Can you share your full configuration please?

freelancer added a comment.EditedJan 25 2020, 1:35 AM

I just tried it on a different device with a more clean config, and it's reproducable with this config:

interfaces {
    ethernet eth0 {
        hw-id 40:62:31:09:c3:bf
        ip {
            enable-arp-ignore
        }
        vif 50 {
            ip {
                enable-arp-ignore
            }
        }
    }
    ethernet eth1 {
        hw-id 40:62:31:09:c3:c0
    }
    ethernet eth2 {
        hw-id 40:62:31:09:c3:c1
    }
    ethernet eth3 {
        address 172.26.0.1/24
        description LocalManagement
        hw-id 40:62:31:09:c3:c2
    }
    loopback lo {
    }
}
service {
    dhcp-server {
        shared-network-name LocalManagement {
            subnet 172.26.0.0/24 {
                range 0 {
                    start 172.26.0.100
                    stop 172.26.0.200
                }
            }
        }
    }
    ssh {
        listen-address 172.26.0.1
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password [REDACTED]
                plaintext-password ""
            }
            level admin
        }
    }
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}

When configuring the device though I noticed that if I tried to do everything in one commit, it failed with this error:

vyos@vyos# commit
[ interfaces ethernet eth0 vif 50 ip enable-arp-ignore ]
sh: /proc/sys/net/ipv4/conf/eth0.50/arp_ignore: No such file or directory

[[interfaces ethernet eth0]] failed
Commit failed

But if I added the vif without any settings, committed, then added the arp_ignore setting and did another commit, it worked.

Maybe that's the thing that breaks it on reboot? It's trying to set the arp_ignore setting before the virtual interface has been created?

*edit* Removed my temporary password in the posted config so nobody panics :P

c-po added a comment.Jan 25 2020, 7:58 AM

Exactly, there is a race condition which I try to reproduce, but can not as ow now with VMware.

c-po added a comment.Jan 25 2020, 9:12 AM

Ah, your version is a bit old that could have been prior to the migration of the ip enable-arp-ignore script to XML/Python. Could you please retest with a newer rolling release?

pasik added a subscriber: pasik.Jan 25 2020, 9:28 AM
freelancer added a comment.Jan 25 2020, 9:46 AM

Sure, I can probably do that in a day or two, will report back! Didn't even think to try that on my test device, my mind was just stuck at not wanting to upgrade my production devices at the moment.

freelancer added a comment.Jan 26 2020, 7:04 AM

Working fine on 1.3-rolling-202001260217.

Thanks for looking into it, I'll make sure to check any issues on the latest release before submitting anything in the future.

c-po added a comment.Jan 26 2020, 11:06 AM

Welcome, thanks for testing!

c-po closed this task as Invalid.Jan 26 2020, 11:06 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po edited projects, added Invalid; removed VyOS 1.3 Equuleus.