Prevent uncleaned external interface IP to cause firmware race condition #113
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
swagner-de
commented
Aug 13, 2024
swagner-de
commented
- Remove ordering code for external interface IPs
- [WIP] Prevent uncleaned external interface IP to cause firmware race condition
`external_fixed_ips` was ordered to become a stable primary IP address for the interface. This code is not necessary anymore, as if there are more than 1 fixed IPs on the external interface, `ASR1KPluginBase._update_router_gw_info()` will record these IPs in the NAT pool RouterAtts. `GatewayInterface._ip_address()` will then again use this information and determine the stable primary IP of the GatwayInterface. Consequently an ordering is not needed at this place anymore. This code was also making sure that each supplied fixed IP got a prefixlen. I am unsure how it would even get at this place, without a prefixlen, as everything needs to have a subnet which determines the prefixlen.
…condition The current firmware mal-allocates an external interfaces NAT pool (the pointer to the hash-table, I presume) if there is an external interface with the same IP in another VRF. We believe this is erroneous behavior as VRFs are supposed to carry overlapping IP spaces, yet _the vendor_ argues otherwise. Generally we would like to maintain the support of overlapping NAT overload IPs at least from a driver perspective as theoretically this would be valid in OpenStack with multiple adress scopes, never the less it is unlikely to be seen in our infra. This commit implements a preflight check, checking if any other outside interface is present that carries the same IP as our to be programmed interface. If that is, we must check if that is an uncleaned residue from a VRF that is still to be cleaned or if it is a valid interface. If it is not, we delete that interface and program the new interface with the matching IP, thereby preventing the mal-allocation of the internal NAT pool.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.