Page MenuHomeVyOS Platform
Create Task
Maniphest T2788

adding interface with macsec to bridge failded
Closed, ResolvedPublic
Actions

Description

source: https://forum.vyos.io/t/adding-macsec-interface-to-bridge/5788

I tried to get macsec to work on layer2, tried adding macsec interface to bridge and this is the output:

set interfaces macsec macsec1 address ‘192.0.2.1/24’
set interfaces macsec macsec1 security cipher ‘gcm-aes-128’
set interfaces macsec macsec1 security encrypt
set interfaces macsec macsec1 security mka cak ‘232e44b7fda6f8e2d88a07bf78a7aff4’
set interfaces macsec macsec1 security mka ckn ‘40916f4b23e3d548ad27eedd2d10c6f98c2d21684699647d63d41b500dfe8836’
set interfaces macsec macsec1 source-interface ‘eth1’
set interfaces bridge br0 member interface eth1


vyos@vyos13-1# commit
[ interfaces bridge br0 ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):

Make sure you are running the latest version of the code available at
Consult the forum to see how to handle this issue
Join our community on slack where our users exchange help and advice
When reporting problems, please include as much information as possible:

do not obfuscate any data (feel free to contact us privately if your
business policy requires it)
and include all the information presented below
Report Time: 2020-08-10 14:18:45
Image Version: VyOS 1.3-rolling-202008100118
Release Train: equuleus

Built by: [email protected]
Built on: Mon 10 Aug 2020 01:18 UTC
Build UUID: d83021b4-7620-4a8f-9166-f466497ae3dc
Build Commit ID: 9e92985ad38423

Architecture: x86_64
Boot via: installed image
System type: VMware guest

Hardware vendor: VMware, Inc.
Hardware model: VMware Virtual Platform
Hardware S/N: VMware-56 4d 90 d1 ae cf ed 67-55 1c c0 73 dc d6 85 16
Hardware UUID: d1904d56-cfae-67ed-551c-c073dcd68516

Traceback (most recent call last):


File “/usr/libexec/vyos/conf_mode/interfaces-bridge.py”, line 136, in
apply©
File “/usr/libexec/vyos/conf_mode/interfaces-bridge.py”, line 127, in apply
br.update(bridge)
File “/usr/lib/python3/dist-packages/vyos/ifconfig/bridge.py”, line 245, in update
self.add_port(interface)
File “/usr/lib/python3/dist-packages/vyos/ifconfig/bridge.py”, line 180, in add_port
return self.set_interface(‘add_port’, interface)
File “/usr/lib/python3/dist-packages/vyos/ifconfig/control.py”, line 184, in set_interface
return self._set_command(self.config, name, value)
File “/usr/lib/python3/dist-packages/vyos/ifconfig/control.py”, line 109, in _set_command
return self._command_set[name].get(‘format’, lambda _: _)(self._cmd(cmd))
File “/usr/lib/python3/dist-packages/vyos/ifconfig/control.py”, line 51, in _cmd
return cmd(command, self.debug)
File “/usr/lib/python3/dist-packages/vyos/util.py”, line 179, in cmd
raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip link set dev eth1 master br0
returned:
exit code: 2

noteworthy:
cmd ‘ip link set dev eth1 master br0’
returned (out):

returned (err):
RTNETLINK answers: Device or resource busy


[[interfaces bridge br0]] failed
Commit failed
[edit]
vyos@vyos13-1#

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202008100118
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

rob created this task.Aug 11 2020, 5:39 PM
rob created this object in space S1 VyOS Public.
pasik added a subscriber: pasik.Aug 12 2020, 12:57 PM
c-po claimed this task.Sep 21 2020, 3:29 PM
c-po added a comment.Sep 21 2020, 4:21 PM

The problem is that interface eth1 is exclusivly added to macsec1 as its lower interface. Thus you can not add it as a bridge member to br0.

The error message/Exception should not happen, a proper error message should be printed. You can - of course- use macsec1 as your bridge member port.

c-po closed this task as Resolved.Sep 21 2020, 8:25 PM