Page MenuHomeVyOS Platform
Create Task
Maniphest T2700

Redirecting traffic from PPPoE interface to IFB fails
Open, Requires assessmentPublicBUG
Actions

Description

  • On Equuleus, when redirecting traffic from a PPPoE interface to an Intermediate Functional Block interface, the redirected PPPoE interface is completely deleted from the configuration when VyOS boots.
[email protected]# set interfaces input ifb0
[edit]
[email protected]# commit
[edit]
[email protected]# set interfaces pppoe pppoe0 redirect ifb0
[edit]
[email protected]# commit
[edit]
[email protected]# run show configuration comm | grep ifb0
set interfaces input ifb0
set interfaces pppoe pppoe0 redirect 'ifb0'
[edit]
[email protected]# run show configuration comm | grep pppoe
set interfaces pppoe pppoe0 authentication password 'MYPASSWORD'
set interfaces pppoe pppoe0 authentication user 'MYUSER'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 redirect 'ifb0'
set interfaces pppoe pppoe0 source-interface 'eth2.35'
set interfaces pppoe pppoe0 traffic-policy out 'OUT2'
[edit]
[email protected]# save
Saving configuration to '/config/config.boot'...
Done
[edit]
[email protected]# exit
exit
[email protected]:~$ reboot
Are you sure you want to reboot this system? [y/N] y

After reboot:

Welcome to VyOS - vyos ttyS0

vyos login: vyos
Password: 
Linux vyos 4.19.128-amd64-vyos #1 SMP Sun Jun 14 16:27:56 UTC 2020 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
[email protected]:~$ show configuration comm | grep pppoe
[email protected]:~$ show configuration comm | grep ifb0
set interfaces input ifb0
[email protected]:~$
  • On Crux, when redirecting traffic from a PPPoE interface to an Intermediate Functional Block interface, you may get the following message when committing:
[email protected]# set interfaces input ifb0
[edit]
[email protected]# commit
[edit]
[email protected]# set interfaces ethernet eth2 vif 35 pppoe 0 redirect ifb0
[edit]
[email protected]# commit
[ interfaces ethernet eth2 vif 35 pppoe 0 redirect ifb0 ]
Exiting subroutine via next at /opt/vyatta/sbin/vyatta-qos.pl line 315.

Then the configuration looks ok, but there must be something wrong, because when an outbound shaping policy is applied to ifb0, shaping does not take place.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.x ; 1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

s.lorente created this task.Jul 12 2020, 4:33 PM
s.lorente updated the task description. (Show Details)Jul 12 2020, 6:17 PM
pasik added a subscriber: pasik.Jul 13 2020, 5:25 PM
mpueschel added a subscriber: mpueschel.Jul 20 2020, 3:44 PM
s.lorente added a comment.Sep 22 2020, 4:58 PM

https://forum.vyos.io/t/limit-download-and-upload-on-wan-for-every-vlan/5608/51

kroy added a subscriber: kroy.Sep 25 2020, 2:58 PM

I think I know what's happening here.

I don't have pppoe to test, but from my testbed, I think I know what's happening. The pppoe interface doesn't exist until it comes up. On my system, I can't even commit initially because my pppoe interface isn't coming up.

So on reboot, it's some kind of ordering issue. If you have working pppoe, that means you can commit and it works until reboot, but it won't work afterwards.

The interface isn't up yet, so it can't apply the qos

mpueschel added a comment.Sep 25 2020, 3:17 PM

Yes that's correct. And there is already some sort of check implemented for the node traffic-policy, so it does not fail when the pppoe interface does not exist yet. It just shows a warning: https://github.com/vyos/vyatta-cfg-qos/blob/bbf2b2f06b7a0f883f7134df5e2b3e089015738e/scripts/vyatta-qos.pl#L198

Something similar would probably be needed for the redirect node. But that's only based on my very limited understanding of the code, so take it with a grain of salt

fegauthier added a subscriber: fegauthier.Oct 2 2020, 11:50 AM
francescocarzaniga added a subscriber: francescocarzaniga.Jan 31 2021, 10:43 PM
cprosser added a subscriber: cprosser.Mar 22 2021, 12:54 AM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 1:50 PM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:24 AM
Viacheslav added a project: VyOS 1.4 Sagitta.EditedDec 29 2021, 4:05 PM
Viacheslav added a subscriber: Viacheslav.

To reproduce:

set interfaces ethernet eth2 vif 35
set interfaces pppoe pppoe0 authentication password 'MYPASSWORD'
set interfaces pppoe pppoe0 authentication user 'MYUSER'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 redirect 'ifb0'
set interfaces pppoe pppoe0 source-interface 'eth2.35'
set interfaces pppoe pppoe0 traffic-policy out 'OUT2'
set interfaces input ifb0

Commit:

[email protected]# commit
[ interfaces pppoe pppoe0 redirect ifb0 ]
Cannot find device "pppoe0"
tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.

[[interfaces pppoe pppoe0]] failed
Commit failed
[edit]
[email protected]#

Manual adding:

[email protected]# /sbin/tc qdisc add dev pppoe0 handle ffff: ingress
Cannot find device "pppoe0"
[edit]
[email protected]#
sirsquidness added a subscriber: sirsquidness.Tue, Aug 2, 1:37 PM
sirsquidness added a comment.Tue, Aug 2, 1:56 PM

Hi friends, I'm experiencing what appears to be the same bug. In my case, it's on a redirect on a vif subinterface on a bonding interface. So perhaps bug is not so much about PPPoE interfaces, so much as any interfaces that don't exist before the commit is done.

My minimal reproduction steps are pretty much the same, with a default config system:

set interfaces bonding bond0 member interface 'eth6'
set interfaces bonding bond0 member interface 'eth4'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 vif 666 address '10.6.66.11/24'
set interfaces bonding bond0 vif 667 address '10.6.67.11/24'
set interfaces bonding bond0 vif 668 address '172.29.0.11/24'
set interfaces bonding bond0 vif 668 redirect 'ifb0'
set interfaces input ifb0 
commit

which results in the same error as OP:

[email protected]# commit
[ interfaces bonding bond0 vif 668 redirect ifb0 ]
Cannot find device "bond0.668"
tc qdisc ingress failed at /opt/vyatta/sbin/vyatta-qos.pl line 334.

[[interfaces bonding bond0]] failed
Commit failed

I can make the commit successful by removing the redirect statement, commiting, adding it back, committing

[email protected]# delete interfaces bonding bond0 vif 668 redirect ifb0
[edit]
[email protected]# commit
[edit]
[email protected]# set interfaces bonding bond0 vif 668 redirect ifb0
[edit]
[email protected]# commit
[edit]

Like OP, rebooting causes my interface config to disappear, and other impacts on my full config like the DHCP server refuses to start without its interfaces present.

@mpueschel suggested above that maybe a similar interface_exists check might be needed for the redirect node. So I tried adding at line 322 of the linked script this:

unless (interface_exists($dev)) {
    warn "$dev not present yet, traffic-policy will be applied later\n";
    return;
}

and while commit was able to succeed, it did display the warning (implying the interface did not eventually exist during the wait period), and the tc output was not what I think is expected (I set a second input interface to show that forcing another apply will successfully update the tc correctly)

[email protected]# commit
[ interfaces bonding bond0 vif 668 redirect ifb0 ]
bond0.668 not present yet, traffic-policy will be applied later

[edit]
[email protected]# commit
No configuration changes to commit
[edit]
[email protected]# sudo /sbin/tc qdisc show dev bond0.668
qdisc noqueue 0: root refcnt 2
[email protected]# set interfaces input ifb1
[edit]
[email protected]# set interfaces bonding bond0 vif 668 redirect ifb1
[edit]
[email protected]# commit
[edit]
[email protected]# sudo /sbin/tc qdisc show dev bond0.668
qdisc noqueue 0: root refcnt 2
qdisc ingress ffff: parent ffff:fff1 ----------------

This exact config worked on 1.2 just fine. I note the vyatta-cfg-qos repo has barely had any commits to it since then, so it feels like something is calling this script too early.

Last, but not least:

[email protected]:~$ show version

Version:          VyOS 1.3.1-S1
Release train:    equuleus

Built by:         Sentrium S.L.
Built on:         Mon 28 Mar 2022 17:02 UTC
Build UUID:       b89ffc4c-3c7e-4d89-91de-bd89e584c532
Build commit ID:  bfd58ad202462f

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Dell Inc.
Hardware model:   PowerEdge R620
Hardware S/N:     [redacted]
Hardware UUID:    [redacted]

Copyright:        VyOS maintainers and contributors