Redirecting traffic from PPPoE interface to IFB fails
Resolved (N/A)PublicBUG
Actions

Assigned To

None

Authored By

	Unknown Object (User)
	Jul 12 2020, 4:33 PM

Description

On Equuleus, when redirecting traffic from a PPPoE interface to an Intermediate Functional Block interface, the redirected PPPoE interface is completely deleted from the configuration when VyOS boots.

vyos@vyos# set interfaces input ifb0
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# set interfaces pppoe pppoe0 redirect ifb0
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# run show configuration comm | grep ifb0
set interfaces input ifb0
set interfaces pppoe pppoe0 redirect 'ifb0'
[edit]
vyos@vyos# run show configuration comm | grep pppoe
set interfaces pppoe pppoe0 authentication password 'MYPASSWORD'
set interfaces pppoe pppoe0 authentication user 'MYUSER'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 redirect 'ifb0'
set interfaces pppoe pppoe0 source-interface 'eth2.35'
set interfaces pppoe pppoe0 traffic-policy out 'OUT2'
[edit]
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@vyos# exit
exit
vyos@vyos:~$ reboot
Are you sure you want to reboot this system? [y/N] y

After reboot:

Welcome to VyOS - vyos ttyS0

vyos login: vyos
Password: 
Linux vyos 4.19.128-amd64-vyos #1 SMP Sun Jun 14 16:27:56 UTC 2020 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
vyos@vyos:~$ show configuration comm | grep pppoe
vyos@vyos:~$ show configuration comm | grep ifb0
set interfaces input ifb0
vyos@vyos:~$

On Crux, when redirecting traffic from a PPPoE interface to an Intermediate Functional Block interface, you may get the following message when committing:

vyos@pppoe-client# set interfaces input ifb0
[edit]
vyos@pppoe-client# commit
[edit]
vyos@pppoe-client# set interfaces ethernet eth2 vif 35 pppoe 0 redirect ifb0
[edit]
vyos@pppoe-client# commit
[ interfaces ethernet eth2 vif 35 pppoe 0 redirect ifb0 ]
Exiting subroutine via next at /opt/vyatta/sbin/vyatta-qos.pl line 315.

Then the configuration looks ok, but there must be something wrong, because when an outbound shaping policy is applied to ifb0, shaping does not take place.

Details

Difficulty level: Unknown (require assessment)
Version: 1.2.x ; 1.3
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Event Timeline

Unknown Object (User) created this task.Jul 12 2020, 4:33 PM

Unknown Object (User) updated the task description. (Show Details)Jul 12 2020, 6:17 PM

pasik added a subscriber: pasik.Jul 13 2020, 5:25 PM

mpueschel added a subscriber: mpueschel.Jul 20 2020, 3:44 PM

https://forum.vyos.io/t/limit-download-and-upload-on-wan-for-every-vlan/5608/51

I think I know what's happening here.

I don't have pppoe to test, but from my testbed, I think I know what's happening. The pppoe interface doesn't exist until it comes up. On my system, I can't even commit initially because my pppoe interface isn't coming up.

So on reboot, it's some kind of ordering issue. If you have working pppoe, that means you can commit and it works until reboot, but it won't work afterwards.

The interface isn't up yet, so it can't apply the qos

Yes that's correct. And there is already some sort of check implemented for the node traffic-policy, so it does not fail when the pppoe interface does not exist yet. It just shows a warning: https://github.com/vyos/vyatta-cfg-qos/blob/bbf2b2f06b7a0f883f7134df5e2b3e089015738e/scripts/vyatta-qos.pl#L198

Something similar would probably be needed for the redirect node. But that's only based on my very limited understanding of the code, so take it with a grain of salt

fegauthier added a subscriber: fegauthier.Oct 2 2020, 11:50 AM

francescocarzaniga added a subscriber: francescocarzaniga.Jan 31 2021, 10:43 PM

cprosser added a subscriber: cprosser.Mar 22 2021, 12:54 AM

erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 1:50 PM

erkin removed a subscriber: Active contributors.

syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:24 AM

To reproduce:

set interfaces ethernet eth2 vif 35
set interfaces pppoe pppoe0 authentication password 'MYPASSWORD'
set interfaces pppoe pppoe0 authentication user 'MYUSER'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 redirect 'ifb0'
set interfaces pppoe pppoe0 source-interface 'eth2.35'
set interfaces pppoe pppoe0 traffic-policy out 'OUT2'
set interfaces input ifb0

Commit:

vyos@r11-roll# commit
[ interfaces pppoe pppoe0 redirect ifb0 ]
Cannot find device "pppoe0"
tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.

[[interfaces pppoe pppoe0]] failed
Commit failed
[edit]
vyos@r11-roll#

Manual adding:

vyos@r11-roll# /sbin/tc qdisc add dev pppoe0 handle ffff: ingress
Cannot find device "pppoe0"
[edit]
vyos@r11-roll#

sirsquidness added a subscriber: sirsquidness.Aug 2 2022, 1:37 PM

Hi friends, I'm experiencing what appears to be the same bug. In my case, it's on a redirect on a vif subinterface on a bonding interface. So perhaps bug is not so much about PPPoE interfaces, so much as any interfaces that don't exist before the commit is done.

My minimal reproduction steps are pretty much the same, with a default config system:

set interfaces bonding bond0 member interface 'eth6'
set interfaces bonding bond0 member interface 'eth4'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 vif 666 address '10.6.66.11/24'
set interfaces bonding bond0 vif 667 address '10.6.67.11/24'
set interfaces bonding bond0 vif 668 address '172.29.0.11/24'
set interfaces bonding bond0 vif 668 redirect 'ifb0'
set interfaces input ifb0 
commit

which results in the same error as OP:

vyos@edge-router-1# commit
[ interfaces bonding bond0 vif 668 redirect ifb0 ]
Cannot find device "bond0.668"
tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.

[[interfaces bonding bond0]] failed
Commit failed

I can make the commit successful by removing the redirect statement, commiting, adding it back, committing

vyos@edge-router-1# delete interfaces bonding bond0 vif 668 redirect ifb0
[edit]
vyos@edge-router-1# commit
[edit]
vyos@edge-router-1# set interfaces bonding bond0 vif 668 redirect ifb0
[edit]
vyos@edge-router-1# commit
[edit]

Like OP, rebooting causes my interface config to disappear, and other impacts on my full config like the DHCP server refuses to start without its interfaces present.

@mpueschel suggested above that maybe a similar interface_exists check might be needed for the redirect node. So I tried adding at line 322 of the linked script this:

unless (interface_exists($dev)) {
    warn "$dev not present yet, traffic-policy will be applied later\n";
    return;
}

and while commit was able to succeed, it did display the warning (implying the interface did not eventually exist during the wait period), and the tc output was not what I think is expected (I set a second input interface to show that forcing another apply will successfully update the tc correctly)

vyos@edge-router-1# commit
[ interfaces bonding bond0 vif 668 redirect ifb0 ]
bond0.668 not present yet, traffic-policy will be applied later

[edit]
vyos@edge-router-1# commit
No configuration changes to commit
[edit]
vyos@edge-router-1# sudo /sbin/tc qdisc show dev bond0.668
qdisc noqueue 0: root refcnt 2
vyos@edge-router-1# set interfaces input ifb1
[edit]
vyos@edge-router-1# set interfaces bonding bond0 vif 668 redirect ifb1
[edit]
vyos@edge-router-1# commit
[edit]
vyos@edge-router-1# sudo /sbin/tc qdisc show dev bond0.668
qdisc noqueue 0: root refcnt 2
qdisc ingress ffff: parent ffff:fff1 ----------------

This exact config worked on 1.2 just fine. I note the vyatta-cfg-qos repo has barely had any commits to it since then, so it feels like something is calling this script too early.

Last, but not least:

vyos@edge-router-1:~$ show version

Version:          VyOS 1.3.1-S1
Release train:    equuleus

Built by:         Sentrium S.L.
Built on:         Mon 28 Mar 2022 17:02 UTC
Build UUID:       b89ffc4c-3c7e-4d89-91de-bd89e584c532
Build commit ID:  bfd58ad202462f

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Dell Inc.
Hardware model:   PowerEdge R620
Hardware S/N:     [redacted]
Hardware UUID:    [redacted]

Copyright:        VyOS maintainers and contributors

syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:41 PM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:30 PM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:37 PM

dmbaturin triaged this task as High priority.Jan 9 2024, 4:58 PM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:17 AM

dmbaturin edited projects, added Restricted Project; removed VyOS 1.2 Crux.Feb 15 2024, 11:31 AM

dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.0-epa1); removed VyOS 1.4 Sagitta.Feb 15 2024, 3:04 PM

Fixed for 1.4

set interfaces bonding bond0 member interface 'eth1'
set interfaces bonding bond0 member interface 'eth2'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 vif 667 address '10.6.67.11/24'
set interfaces bonding bond0 vif 668 address '172.29.0.11/24'
set interfaces bonding bond0 vif 668 redirect 'ifb0'
set interfaces input ifb0 
commit

vyos@r11# commit
[edit]
vyos@r11# run show ver
Version:          VyOS 1.4-rolling-202402160309
Release train:    sagitta

Fixed for 1.3.6

vyos@r15# set interfaces bonding bond0 member interface 'eth1'
[edit]
vyos@r15# set interfaces bonding bond0 mode '802.3ad'
[edit]
vyos@r15# set interfaces bonding bond0 vif 667 address '10.6.67.11/24'
[edit]
vyos@r15# set interfaces bonding bond0 vif 668 address '172.29.0.11/24'
[edit]
vyos@r15# set interfaces bonding bond0 vif 668 redirect 'ifb0'
[edit]
vyos@r15# set interfaces input ifb0 
[edit]
vyos@r15# commit
[edit]
vyos@r15# run show ver

Version:          VyOS 1.3.6
Release train:    equuleus


vyos@r15# run show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
bond0            -                                 u/u  
bond0.667        10.6.67.11/24                     u/u  
bond0.668        172.29.0.11/24                    u/u  
eth0             192.168.122.15/24                 u/u  
eth1             -                                 u/u  
ifb0             -                                 u/u  
lo               127.0.0.1/8                       u/u  
                 ::1/128                                
[edit]
vyos@r15#

PPPoE wontfix for 1.3.x due to the old backend

set interfaces ethernet eth1 vif 35
set interfaces pppoe pppoe0 authentication password 'MYPASSWORD'
set interfaces pppoe pppoe0 authentication user 'MYUSER'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 redirect 'ifb0'
set interfaces pppoe pppoe0 source-interface 'eth1.35'
set interfaces input ifb0

vyos@r15# commit
[ interfaces pppoe pppoe0 redirect ifb0 ]
Cannot find device "pppoe0"
tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.

[[interfaces pppoe pppoe0 redirect]] failed
Commit failed
[edit]
vyos@r15#

Feel free to reopen the task or create a new one if all tests are not done!

Redirecting traffic from PPPoE interface to IFB failsResolved (N/A)PublicBUGActions

Description

Details

Event Timeline

Redirecting traffic from PPPoE interface to IFB fails
Resolved (N/A)PublicBUG
Actions