mgmt_vrf_namespace: management vrf using namespace solution #2405
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
||
| ip netns exec $VRFNAME iptables -t nat -D $IF_MGMT_VRF_CHAIN -p tcp --dport 80 -j DNAT --to-destination ${IF_IF2_IP} | ||
|
|
||
| ip netns exec $VRFNAME iptables -t nat -D $IF_MGMT_VRF_CHAIN -p tcp --dport 443 -j DNAT --to-destination ${IF_IF2_IP} |
There was a problem hiding this comment.
why do we need nat rules?
why do you create rules for dports 20,21,69.80.443?
|
I am not sure we should use namespace to address management vrf problem in sonic. |
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
* fix set lpmode failure issue * fix review comments
* [docker-engine]: upgrade docker engine to 18.09
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
This was referenced Jan 8, 2019
mgmt_vrf_namespace_tacacs: Tacacs enhancement on top of namespace sol…
sonic-net/sonic-utilities#428
Closed
…ange_event() (#2422) * Use default timeout value which will block the select function * Submodule update for argument type issue in Select class Submodule update sonic-swss-common: e8caaea - Align the argument type with epoll_wait() (#255) 3ea133d - [selectable]: Update throw message (#253) Signed-off-by: Kevin Wang <kevinw@mellanox.com>
This commit has the forward porting of changes from 20180330 to master. Unit tested by checking the broadcom registers for the values. The values in hardware reflect the correct values except for TC to PFC priority group map values. Master branch values for TC to PFC priority group map for both z9100 and s6100 in incorrect, I have a build of Oct 12 master and the values are correct in that build. Signed-off-by: Harish Venkatraman <Harish_Venkatraman@Dell.com>
* Updating Z9264f for A01 board * Adding platform_reboot plugin to Z9264f * Change execute mode for platform_reboot * Indenting python files * Adding missed service file * Addressing code review comments * Modified the polling logic in transceiver change event
… solution for management vrf
…ic-buildimage into mgmt_vrf_namespace
This reverts commit 363951f.
This reverts commit b84dbd8.
This reverts commit b57a376.
This reverts commit 584842d.
…)" This reverts commit 65f6253.
This reverts commit 1ffb34b.
For 'config vrf add mgmt', is this PR 'sonic-net/sonic-utilities#422' ? |
|
Added this patch, why I could not ssh onto SONiC, after restart network.
|
|
And after reboot, could not work.
|
|
Since we faced some issues in raising pull requests on top of this pull request, we shall cancel this PR. New PR #2431 is raised. Once if it is decided to use namespace solution for management VRF, all the comments given in this PR will be addressed as part of PR#2431. This PR#2405 is cancelled. Similarly the related sonic-utilities PR PR 'sonic-net/sonic-utilities#422' is also cancelled. |
I read #2431 , I found it's maybe same code on vrf implementation. My kernel is 3.16, which I use 201807 branch. Do your patch only work on kernel 4.x or above? refer this. |
|
Closing the namespace PR. |
vivekrnv
added a commit
to vivekrnv/sonic-buildimage
that referenced
this pull request
Oct 20, 2022
aedc05ecf [QoS] Support dynamic headroom calculation for Barefoot platforms (sonic-net#2306) 7f4da26f2 [app_ext] [auto-ts] Add available_mem_threshold option (sonic-net#2423) b25070176 YANG Validation for ConfigDB Updates: Fix Decorator Bug (sonic-net#2405) f62d1e596 [watermarkstat] Add new warning message for the 'q_shared_multi' counters (sonic-net#2408) 25fda264e [chassis]Add fabric counter cli commands (sonic-net#1860) ae97e597e Update sonic command doc to add CLIs relative to SONiC fips (sonic-net#2377) abd5eba49 [generate_dump]: Enhance show techsupport for cisco-8000 platform (sonic-net#2403) ee15b74a2 Include configuring laser frequency and tx power (sonic-net#2437) 70be50cdc Add a subcommand to display a hexdump of transceiver EEPROM page (sonic-net#2379) c246801ba Filter port invalid MTU configuration (sonic-net#2378) 362ec9bd7 [show] vnet advertised-route command (sonic-net#2390) 2372e2983 [show priority-group drop counters] Remove backup with cached PG drop counters after 'config reload' (sonic-net#2386) Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
liat-grozovik
pushed a commit
that referenced
this pull request
Oct 23, 2022
aedc05ecf [QoS] Support dynamic headroom calculation for Barefoot platforms (#2306) 7f4da26f2 [app_ext] [auto-ts] Add available_mem_threshold option (#2423) b25070176 YANG Validation for ConfigDB Updates: Fix Decorator Bug (#2405) f62d1e596 [watermarkstat] Add new warning message for the 'q_shared_multi' counters (#2408) 25fda264e [chassis]Add fabric counter cli commands (#1860) ae97e597e Update sonic command doc to add CLIs relative to SONiC fips (#2377) abd5eba49 [generate_dump]: Enhance show techsupport for cisco-8000 platform (#2403) ee15b74a2 Include configuring laser frequency and tx power (#2437) 70be50cdc Add a subcommand to display a hexdump of transceiver EEPROM page (#2379) c246801ba Filter port invalid MTU configuration (#2378) 362ec9bd7 [show] vnet advertised-route command (#2390) 2372e2983 [show priority-group drop counters] Remove backup with cached PG drop counters after 'config reload' (#2386) Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com> Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
7 tasks
mihirpat1
pushed a commit
to mihirpat1/sonic-buildimage
that referenced
this pull request
Jun 14, 2023
* [orchagent, SRv6]: mysid support to set default vrf
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
Added support for management VRF using namespace solution.
Requirements that are covered are explained in the design document.
- How I did it
Added commands to enable/disable the management VRF. On enabling, it creates the management namespace, attached eth0 to management namespace, creates the required iptables rules and restarts the networking service.
Detailed design is explained in the design document.
- How to verify it
Use the following commands to enable/disable mgmt vrf and test the features.
config vrf add mgmt
config vrf del mgmt
config interface eth0 ip add ip/mask gatewayIP
Ex: config interface eth0 ip add 10.16.206.11/24 10.16.206.1
- Description for the changelog