Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Missing validation for "config interface ip add" command in case of assigning an ip-address on a trunk port. #6426

Closed
Hedgehog-Guru opened this issue Jan 12, 2021 · 3 comments
Closed

Missing validation for "config interface ip add" command in case of assigning an ip-address on a trunk port. #6426

Hedgehog-Guru opened this issue Jan 12, 2021 · 3 comments
Labels
Enhancement ➕ Help Wanted 🆘 Triaged this issue has been triaged

Comments

@Hedgehog-Guru
Copy link

Description
There should be verification for config interface ip add command in case of assigning an ip-address on a trunk port.

Steps to reproduce the issue

Add a vlan

    # config vlan add 2

Add interfaces to vlan

    # config vlan member add 2 -u Ethernet44
    # config vlan member add 2 -u Ethernet48

Assign IP addresses on trunks ports

    # config interface ip add Ethernet44 192.168.1.1/24
    # config interface ip add Ethernet48 192.168.2.1/24

Describe the results you received

Having assigned an ip-address on a trunk port neither L2 not L3 traffic (with and without 802.1Q header) can't flow via such port.
L2 traffic is not being processed because it's a L3 port (dst mac differs from this port's mac)
But this L3 port treats all untagged traffic as tagged (see this bug [https://github.com//issues/3943])

Describe the results you expected
There are two options:

  1. system should prevent from assigning an ip-address on vlan member port.
  2. having assigned ip address on trunk port, such port should stop being a trunk port (vlan member) and start to process traffic as router port.

Output of show version

SONiC Software Version: SONiC.201911.51-dea38d15
Distribution: Debian 9.13
Kernel: 4.9.0-11-2-amd64
Build commit: dea38d15
Build date: Mon Jan  4 13:38:57 UTC 2021
Built by: sw-r2d2-bot@r-build-sonic-ci02

Platform: x86_64-mlnx_msn3700c-r0
HwSKU: ACS-MSN3700C
ASIC: mellanox
Serial Number: MT1935X01905
Uptime: 13:38:33 up 1 day,  5:17,  2 users,  load average: 2.41, 1.52, 1.28

Docker images:
REPOSITORY                    TAG                  IMAGE ID            SIZE
docker-syncd-mlnx             201911.51-dea38d15   aaaa6191ae77        399MB
docker-syncd-mlnx             latest               aaaa6191ae77        399MB
docker-sonic-telemetry        201911.51-dea38d15   677d64c827c7        353MB
docker-sonic-telemetry        latest               677d64c827c7        353MB
docker-router-advertiser      201911.51-dea38d15   569ab41a4654        290MB
docker-router-advertiser      latest               569ab41a4654        290MB
docker-platform-monitor       201911.51-dea38d15   a5bc7ebc9b2c        666MB
docker-platform-monitor       latest               a5bc7ebc9b2c        666MB
docker-fpm-frr                201911.51-dea38d15   1ad8a005128e        335MB
docker-fpm-frr                latest               1ad8a005128e        335MB
docker-teamd                  201911.51-dea38d15   3779578c25cd        315MB
docker-teamd                  latest               3779578c25cd        315MB
docker-lldp-sv2               201911.51-dea38d15   52a8ee60c1c5        312MB
docker-lldp-sv2               latest               52a8ee60c1c5        312MB
docker-dhcp-relay             201911.51-dea38d15   b752e2e86795        300MB
docker-dhcp-relay             latest               b752e2e86795        300MB
docker-database               201911.51-dea38d15   873fd83afd69        290MB
docker-database               latest               873fd83afd69        290MB
docker-snmp-sv2               201911.51-dea38d15   5379eb90ea3e        348MB
docker-snmp-sv2               latest               5379eb90ea3e        348MB
docker-orchagent              201911.51-dea38d15   1437f5b610dd        333MB
docker-orchagent              latest               1437f5b610dd        333MB
docker-sflow                  201911.51-dea38d15   8abc08609485        315MB
docker-sflow                  latest               8abc08609485        315MB
docker-nat                    201911.51-dea38d15   f0ac3672d083        316MB
docker-nat                    latest               f0ac3672d083        316MB
docker-sonic-mgmt-framework   201911.51-dea38d15   be78292b43d4        429MB
docker-sonic-mgmt-framework   latest               be78292b43d4        429MB
@Hedgehog-Guru Hedgehog-Guru mentioned this issue Jan 12, 2021
Open
@Hedgehog-Guru
Copy link
Author

Moved from sonic-net/sonic-utilities#807 and edited.

@anshuv-mfst
Copy link

Though this is invalid config, CLI check can be enhanced to return warning for such scenario.

@deran1980 deran1980 mentioned this issue Jan 21, 2021
Merged
liat-grozovik pushed a commit to sonic-net/sonic-utilities that referenced this issue Jan 25, 2021
@deran1980
Prevent configuring IP interface on a port which is a member of VLAN (#…
ff226d0 
…1374)

**- What I did**
Fixed bug sonic-net/sonic-buildimage#6426
Added a validation in config/main.py to prevent configuring IP interface on a port which is a member of VLAN

**- How I did it**
Change config/main.py

**- How to verify it**
Add interface as member in vlan
Try to configure IP address on same interface

**- Previous command output (if the output of a command-line utility has changed)**
Success in the above scenario. 

**- New command output (if the output of a command-line utility has changed)**
prevent configuration:
"Interface Ethernet0 is a member of vlan
Aborting!"
@Hedgehog-Guru
Copy link
Author

Bug has been fixed.
Verified on:

SONiC Software Version: SONiC.SONIC.202012.10-d26a4af_Internal
Distribution: Debian 10.7
Kernel: 4.19.0-9-2-amd64
Build commit: d26a4aff
Build date: Thu Feb  4 15:28:36 UTC 2021
Built by: sw-r2d2-bot@r-build-sonic-ci02

anand-kumar-subramanian pushed a commit to anand-kumar-subramanian/sonic-utilities that referenced this issue Mar 2, 2021
@deran1980 @anand-kumar-subramanian
Prevent configuring IP interface on a port which is a member of VLAN (s…
07ee8a2 
…onic-net#1374)

**- What I did**
Fixed bug sonic-net/sonic-buildimage#6426
Added a validation in config/main.py to prevent configuring IP interface on a port which is a member of VLAN

**- How I did it**
Change config/main.py

**- How to verify it**
Add interface as member in vlan
Try to configure IP address on same interface

**- Previous command output (if the output of a command-line utility has changed)**
Success in the above scenario. 

**- New command output (if the output of a command-line utility has changed)**
prevent configuration:
"Interface Ethernet0 is a member of vlan
Aborting!"
malletvapid23 added a commit to malletvapid23/Sonic-Utility that referenced this issue Aug 3, 2023
@malletvapid23
Prevent configuring IP interface on a port which is a member of VLAN …
b9111b3 
…(#1374)

**- What I did**
Fixed bug sonic-net/sonic-buildimage#6426
Added a validation in config/main.py to prevent configuring IP interface on a port which is a member of VLAN

**- How I did it**
Change config/main.py

**- How to verify it**
Add interface as member in vlan
Try to configure IP address on same interface

**- Previous command output (if the output of a command-line utility has changed)**
Success in the above scenario. 

**- New command output (if the output of a command-line utility has changed)**
prevent configuration:
"Interface Ethernet0 is a member of vlan
Aborting!"
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Enhancement ➕ Help Wanted 🆘 Triaged this issue has been triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anshuv-mfst @Hedgehog-Guru