Bug 1695124

Summary: RFE: Support linux route rules for policy-based routing
Product: Red Hat Enterprise Linux 8 Reporter: Gris Ge <fge>
Component: nmstateAssignee: Gris Ge <fge>
Status: CLOSED ERRATA QA Contact: Mingyu Shi <mshi>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.2CC: atragler, danken, dholler, edwardh, mburman, phoracek, rkhan, william.caban
Target Milestone: rcKeywords: FutureFeature, RFE
Target Release: 8.2Flags: fge: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nmstate-0.1.1-4.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:00:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1107803, 1688872, 1755139    

Description Gris Ge 2019-04-02 14:21:40 UTC 
Description of problem:

Support of routes rules for matching IP source address.

Version-Release number of selected component (if applicable):
nmstate-0.0.5-2.el8

How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:

Not supported.

Expected results:

Supported.

Additional info:
Current libnm does not provide support of route rules yet.
Comment 1 Gris Ge 2019-06-03 14:36:59 UTC 
The libnm 1.18 supports `NM.SettingIPConfig.add_routing_rule()` now.
Comment 3 Mingyu Shi 2019-12-19 09:26:43 UTC 
RHEL-8.2.0-20191206.3
nmstate-0.2.0-2.el8.noarch

Run following commands:
ip link add eth1 type veth peer name eth1.ep
ip link add eth2 type veth peer name eth2.ep
ip link set eth1 up
ip link set eth1.ep up
ip link set eth2 up
ip link set eth2.ep up
nmcli device set eth1 managed yes
nmcli device set eth2 managed yes

cat > route_rules.yaml << EOF
---
interfaces:
  - name: eth1
    type: ethernet
    state: up
    ipv4:
      address:
      - ip: 192.0.2.251
        prefix-length: 24
      dhcp: false
      enabled: true
  - name: eth2
    type: ethernet
    state: up
    ipv4:
      address:
      - ip: 198.51.100.251
        prefix-length: 24
      dhcp: false
      enabled: true
route-rules:
  config:
  - ip-to: 192.0.2.0/24
    priority: 1000
    route-table: 50
  - ip-from: 192.0.2.0/24
    priority: 1000
    route-table: 50
  - ip-to: 198.51.100.0/24
    priority: 1000
    route-table: 51
  - ip-from: 198.51.100.0/24
    priority: 1000
    route-table: 51
routes:
  config:
  - destination: 0.0.0.0/0
    metric: 150
    next-hop-address: 192.0.2.1
    next-hop-interface: eth1
    table-id: 50
  - destination: 0.0.0.0/0
    metric: 150
    next-hop-address: 198.51.100.1
    next-hop-interface: eth2
    table-id: 51
EOF

nmstatectl set route_rules.yaml
#...omitted...

nmstatectl show
# route-rules in nmstate:
---
dns-resolver:
  config:
    search: []
    server: []
  running:
    search:
    - rhts.eng.pek2.redhat.com
    server:
    - 10.73.2.107
    - 10.73.2.108
    - 10.66.127.10
route-rules:
  config:
  - ip-to: 192.0.2.0/24
    priority: 1000
    route-table: 50
  - ip-from: 192.0.2.0/24
    priority: 1000
    route-table: 50
  - ip-to: 198.51.100.0/24
    priority: 1000
    route-table: 51
  - ip-from: 198.51.100.0/24
    priority: 1000
    route-table: 51
routes:
...omitted...

Run "ip rule" to check:
0:	from all lookup local
1000:	from all to 198.51.100.0/24 lookup 51
1000:	from 198.51.100.0/24 lookup 51
1000:	from all to 192.0.2.0/24 lookup 50
1000:	from 192.0.2.0/24 lookup 50
32766:	from all lookup main
32767:	from all lookup default
Comment 5 Gris Ge 2020-04-07 03:05:36 UTC 
Open to public
Comment 8 errata-xmlrpc 2020-04-28 16:00:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1696