Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing validation for "config interface ip add" command in case of assigning an ip-address on a trunk port. #6426

Closed
Hedgehog-Guru opened this issue Jan 12, 2021 · 3 comments
Closed

Missing validation for "config interface ip add" command in case of assigning an ip-address on a trunk port. #6426

Hedgehog-Guru opened this issue Jan 12, 2021 · 3 comments
Labels
Enhancement ➕ Help Wanted 🆘 Triaged this issue has been triaged

Comments

@Hedgehog-Guru
Copy link

Description
There should be verification for config interface ip add command in case of assigning an ip-address on a trunk port.

Steps to reproduce the issue

Add a vlan

    # config vlan add 2

Add interfaces to vlan

    # config vlan member add 2 -u Ethernet44
    # config vlan member add 2 -u Ethernet48

Assign IP addresses on trunks ports

    # config interface ip add Ethernet44 192.168.1.1/24
    # config interface ip add Ethernet48 192.168.2.1/24

Describe the results you received

Having assigned an ip-address on a trunk port neither L2 not L3 traffic (with and without 802.1Q header) can't flow via such port.
L2 traffic is not being processed because it's a L3 port (dst mac differs from this port's mac)
But this L3 port treats all untagged traffic as tagged (see this bug [https://github.com//issues/3943])

Describe the results you expected
There are two options:

  1. system should prevent from assigning an ip-address on vlan member port.
  2. having assigned ip address on trunk port, such port should stop being a trunk port (vlan member) and start to process traffic as router port.

Output of show version

SONiC Software Version: SONiC.201911.51-dea38d15
Distribution: Debian 9.13
Kernel: 4.9.0-11-2-amd64
Build commit: dea38d15
Build date: Mon Jan  4 13:38:57 UTC 2021
Built by: sw-r2d2-bot@r-build-sonic-ci02

Platform: x86_64-mlnx_msn3700c-r0
HwSKU: ACS-MSN3700C
ASIC: mellanox
Serial Number: MT1935X01905
Uptime: 13:38:33 up 1 day,  5:17,  2 users,  load average: 2.41, 1.52, 1.28

Docker images:
REPOSITORY                    TAG                  IMAGE ID            SIZE
docker-syncd-mlnx             201911.51-dea38d15   aaaa6191ae77        399MB
docker-syncd-mlnx             latest               aaaa6191ae77        399MB
docker-sonic-telemetry        201911.51-dea38d15   677d64c827c7        353MB
docker-sonic-telemetry        latest               677d64c827c7        353MB
docker-router-advertiser      201911.51-dea38d15   569ab41a4654        290MB
docker-router-advertiser      latest               569ab41a4654        290MB
docker-platform-monitor       201911.51-dea38d15   a5bc7ebc9b2c        666MB
docker-platform-monitor       latest               a5bc7ebc9b2c        666MB
docker-fpm-frr                201911.51-dea38d15   1ad8a005128e        335MB
docker-fpm-frr                latest               1ad8a005128e        335MB
docker-teamd                  201911.51-dea38d15   3779578c25cd        315MB
docker-teamd                  latest               3779578c25cd        315MB
docker-lldp-sv2               201911.51-dea38d15   52a8ee60c1c5        312MB
docker-lldp-sv2               latest               52a8ee60c1c5        312MB
docker-dhcp-relay             201911.51-dea38d15   b752e2e86795        300MB
docker-dhcp-relay             latest               b752e2e86795        300MB
docker-database               201911.51-dea38d15   873fd83afd69        290MB
docker-database               latest               873fd83afd69        290MB
docker-snmp-sv2               201911.51-dea38d15   5379eb90ea3e        348MB
docker-snmp-sv2               latest               5379eb90ea3e        348MB
docker-orchagent              201911.51-dea38d15   1437f5b610dd        333MB
docker-orchagent              latest               1437f5b610dd        333MB
docker-sflow                  201911.51-dea38d15   8abc08609485        315MB
docker-sflow                  latest               8abc08609485        315MB
docker-nat                    201911.51-dea38d15   f0ac3672d083        316MB
docker-nat                    latest               f0ac3672d083        316MB
docker-sonic-mgmt-framework   201911.51-dea38d15   be78292b43d4        429MB
docker-sonic-mgmt-framework   latest               be78292b43d4        429MB
@Hedgehog-Guru Hedgehog-Guru mentioned this issue Jan 12, 2021
Open
@Hedgehog-Guru
Copy link
Author

Moved from sonic-net/sonic-utilities#807 and edited.

@anshuv-mfst
Copy link

Though this is invalid config, CLI check can be enhanced to return warning for such scenario.

@deran1980 deran1980 mentioned this issue Jan 21, 2021
Merged
liat-grozovik pushed a commit to sonic-net/sonic-utilities that referenced this issue Jan 25, 2021
@deran1980
Prevent configuring IP interface on a port which is a member of VLAN (#…
ff226d0 
…1374)

**- What I did**
Fixed bug sonic-net/sonic-buildimage#6426
Added a validation in config/main.py to prevent configuring IP interface on a port which is a member of VLAN

**- How I did it**
Change config/main.py

**- How to verify it**
Add interface as member in vlan
Try to configure IP address on same interface

**- Previous command output (if the output of a command-line utility has changed)**
Success in the above scenario. 

**- New command output (if the output of a command-line utility has changed)**
prevent configuration:
"Interface Ethernet0 is a member of vlan
Aborting!"
@Hedgehog-Guru
Copy link
Author

Bug has been fixed.
Verified on:

SONiC Software Version: SONiC.SONIC.202012.10-d26a4af_Internal
Distribution: Debian 10.7
Kernel: 4.19.0-9-2-amd64
Build commit: d26a4aff
Build date: Thu Feb  4 15:28:36 UTC 2021
Built by: sw-r2d2-bot@r-build-sonic-ci02

anand-kumar-subramanian pushed a commit to anand-kumar-subramanian/sonic-utilities that referenced this issue Mar 2, 2021
@deran1980 @anand-kumar-subramanian
Prevent configuring IP interface on a port which is a member of VLAN (s…
07ee8a2 
…onic-net#1374)

**- What I did**
Fixed bug sonic-net/sonic-buildimage#6426
Added a validation in config/main.py to prevent configuring IP interface on a port which is a member of VLAN

**- How I did it**
Change config/main.py

**- How to verify it**
Add interface as member in vlan
Try to configure IP address on same interface

**- Previous command output (if the output of a command-line utility has changed)**
Success in the above scenario. 

**- New command output (if the output of a command-line utility has changed)**
prevent configuration:
"Interface Ethernet0 is a member of vlan
Aborting!"
malletvapid23 added a commit to malletvapid23/Sonic-Utility that referenced this issue Aug 3, 2023
@malletvapid23
Prevent configuring IP interface on a port which is a member of VLAN …
b9111b3 
…(#1374)

**- What I did**
Fixed bug sonic-net/sonic-buildimage#6426
Added a validation in config/main.py to prevent configuring IP interface on a port which is a member of VLAN

**- How I did it**
Change config/main.py

**- How to verify it**
Add interface as member in vlan
Try to configure IP address on same interface

**- Previous command output (if the output of a command-line utility has changed)**
Success in the above scenario. 

**- New command output (if the output of a command-line utility has changed)**
prevent configuration:
"Interface Ethernet0 is a member of vlan
Aborting!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement ➕ Help Wanted 🆘 Triaged this issue has been triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anshuv-mfst @Hedgehog-Guru