Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add vlan validation in config interface ip add command #3155

Conversation

matiAlfaro
Copy link
Contributor

~

What I did

Fix for sonic-net/sonic-buildimage#16975
Prevent configuration of illegal Vlan name in "config interface ip add" command

How I did it

Added Vlan name validation

How to verify it

Positive tests

config interface ip add Vlan100 1.1.1.1/24
config interface ip add Vlan4093 1.1.1.1/24

Negative tests

config interface ip add Vlan000000000000003 1.1.1.1/24
config interface ip add Vlan01 1.1.1.1/24
config interface ip add Vlan1.2 1.1.1.1/24

Previous command output (if the output of a command-line utility has changed)

On illegal Vlan name command succeeded with no error

New command output (if the output of a command-line utility has changed)

config interface ip add Vlan030 1.1.1.1/24
Error: Vlan030 is not a valid Vlan name

prsunny
prsunny previously approved these changes Feb 6, 2024
@prsunny prsunny requested a review from dgsudharsan February 6, 2024 17:40
config/main.py Outdated
@@ -4576,6 +4579,12 @@ def add(ctx, interface_name, ip_addr, gw):
table_name = get_interface_table_name(interface_name)
if table_name == "":
ctx.fail("'interface_name' is not valid. Valid names [Ethernet/PortChannel/Vlan/Loopback]")

if table_name == "VLAN_INTERFACE":
if not validate_vlan_format(interface_name):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we be checking the presence of Vlan rather than validating the format? My recommendation is to query the VLAN_TABLE and confirm if Vlan is present before assigning an IP address

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my POV, you should be allowed to configure IP interface on a Vlan before creating it.
Once Vlan is created, configuration will apply.
This kind of behavior is also common on other switch devices (for example, Catalyst)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tend to agree with @dgsudharsan here. Just creating VLAN interface is not handled in backend (swss etc) until a VLAN table is present. So, why not check VLAN table entry and return an error log? But @dgsudharsan , do you think we can add this check to Vlan creation?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added query of VLAN_TABLE as you suggest,
Also added option to ignore/skip this query, please let me know if you'd like this option removed.

Test that vlan exists
Added an optional param (option) --ignore-vlan which will test only
format

~

Signed-off-by: matiAlfaro <[email protected]>
config/main.py Outdated
@@ -4524,8 +4529,9 @@ def validate_vlan_format(text):
@click.argument('interface_name', metavar='<interface_name>', required=True)
@click.argument("ip_addr", metavar="<ip_addr>", required=True)
@click.argument('gw', metavar='<default gateway IP address>', required=False)
@click.option('-i','--ignore-vlan',is_flag=True, required=False, help="Allow configuration on not created Vlan")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this must be handled in this way. Lets simply throw an error if vlan does not exist asking user to create Vlan first?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@matiAlfaro matiAlfaro requested a review from prsunny February 22, 2024 07:15
Copy link
Contributor

@isabelmsft isabelmsft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validation requirement is not reflected in the VLAN yang model: https://github.com/sonic-net/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-vlan.yang. Would you please improve the yang model so that it aligns with this requirement?

@matiAlfaro
Copy link
Contributor Author

@isabelmsft - Please see sonic-net/sonic-buildimage#18207

@isabelmsft
Copy link
Contributor

@isabelmsft - Please see sonic-net/sonic-buildimage#18207

Thanks @matiAlfaro, the requirement that vlan exists before IP address is configured is supported in yang model here: https://github.com/sonic-net/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-vlan.yang#L125

So this PR LGTM

@isabelmsft isabelmsft merged commit bf35596 into sonic-net:master Feb 29, 2024
5 checks passed
@dgsudharsan
Copy link
Collaborator

@yxieca Can you please cherry-pick this fix to 202311?

@mssonicbld
Copy link
Collaborator

Cherry-pick PR to 202311: #3320

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants