1183420 – Adding bond device to bridge with "bridge-slave" type doesn't work.

Bug 1183420 - Adding bond device to bridge with "bridge-slave" type doesn't work.

Summary: Adding bond device to bridge with "bridge-slave" type doesn't work.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	NetworkManager
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	7.3
Assignee:	Lubomir Rintel
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1301628 1313485 1321288
TreeView+	depends on / blocked

Reported:	2015-01-19 01:50 UTC by Etsuji Nakai
Modified:	2016-11-03 19:13 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1321288 (view as bug list)
Environment:
Last Closed:	2016-11-03 19:13:07 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2581	0	normal	SHIPPED_LIVE	Low: NetworkManager security, bug fix, and enhancement update	2016-11-03 12:08:07 UTC

Description Etsuji Nakai 2015-01-19 01:50:44 UTC

Description of problem:

I tried to add bond device bond0 with "nmcli c add type bridge-slave" but failed. Instead, I needed to configure connection.master and connection.slave-type properties directly. I'd like to know if this is an intended behavior or a defect.


Version-Release number of selected component (if applicable):

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.0 (Maipo)

# rpm -qa | grep NetworkManager
NetworkManager-glib-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64
NetworkManager-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64
NetworkManager-config-server-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64
NetworkManager-tui-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64

# uname -a
Linux rhel7 3.10.0-123.13.2.el7.x86_64 #1 SMP Fri Dec 12 19:51:03 EST 2014 x86_64 x86_64 x86_64 GNU/Linux


Steps to Reproduce:

1. Intended configuration

ens6 -|
      |--bond0--br0 (192.168.1.11/24)
ens7 -|


2. Create bridge br0

# nmcli c add type bridge ifname br0 con-name bridge-br0
# nmcli c mod bridge-br0 bridge.stp no
# nmcli c mod bridge-br0 ipv4.method manual ipv4.addresses "192.168.1.11/24 192.168.1.1"
# nmcli c mod bridge-br0 ipv4.dns 8.8.8.8 ipv4.dns-search redhat.com
# nmcli c down bridge-br0
# nmcli c up bridge-br0


3. Create bonding device bond0

# nmcli c add type bond ifname bond0 con-name bond-bond0 mode active-backup
# nmcli c add type bond-slave ifname ens6 con-name bond-slave-ens6 master bond0
# nmcli c add type bond-slave ifname ens7 con-name bond-slave-ens7 master bond0


4. Create bridge-slave with bond0

# nmcli c add type bridge-slave ifname bond0 con-name bridge-slave-bond0 master bridge-br0

# nmcli c
NAME                UUID                                  TYPE            DEVICE 
bridge-slave-bond0  2d89f01d-d005-4a5d-8d27-f04b697d7ac5  802-3-ethernet  --     
bond-slave-ens7     ecc99c0e-19b7-4d55-ad4b-5d0f7c9d3864  802-3-ethernet  ens7   
bond-slave-ens6     a5b42f25-b231-4115-8167-5ecfa47cf80c  802-3-ethernet  ens6   
bond-bond0          348c9233-8b37-467d-95c1-296ddf425fd9  bond            bond0  
bridge-br0          0d5772ac-bf53-48e5-9b51-c4c3e6d7db7e  bridge          br0    
eth0                bc302e8f-f5f3-478d-bf87-e77d3288dac7  802-3-ethernet  eth0  

As seen above, DEVICE is not assigned to bridge-slave-bond0 and fails to activate it as below.

# nmcli c up bridge-slave-bond0
Error: no device found for connection 'bridge-slave-bond0'.

Even after rebooting the sysmtem, the situation remains the same.


5. Instead of using bridge-slave type, I configured connection.master and connection.slave-type properties. It worked.

# nmcli c delete bridge-slave-bond0
# nmcli c mod bond-bond0 connection.master br0
# nmcli c mod bond-bond0 connection.slave-type bridge

# nmcli c up bond-bond0
# nmcli c up bond-slave-ens6
# nmcli c up bond-slave-ens7

# nmcli c
NAME             UUID                                  TYPE            DEVICE 
bond-bond0       348c9233-8b37-467d-95c1-296ddf425fd9  bond            bond0  
bridge-br0       0d5772ac-bf53-48e5-9b51-c4c3e6d7db7e  bridge          br0    
bond-slave-ens7  ecc99c0e-19b7-4d55-ad4b-5d0f7c9d3864  802-3-ethernet  ens7   
eth0             bc302e8f-f5f3-478d-bf87-e77d3288dac7  802-3-ethernet  eth0   
bond-slave-ens6  a5b42f25-b231-4115-8167-5ecfa47cf80c  802-3-ethernet  ens6   

# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: ens6
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: ens6
MII Status: up
Speed: 100 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 52:54:00:eb:91:9c
Slave queue ID: 0

Slave Interface: ens7
MII Status: up
Speed: 100 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 52:54:00:aa:a4:66
Slave queue ID: 0

# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.525400eb919c	no		bond0

Comment 2 Jirka Klimes 2015-01-19 09:12:04 UTC

(In reply to Etsuji Nakai from comment #0)
> Description of problem:
> 
> I tried to add bond device bond0 with "nmcli c add type bridge-slave" but
> failed. Instead, I needed to configure connection.master and
> connection.slave-type properties directly. I'd like to know if this is an
> intended behavior or a defect.

Yes, nmcli has limitations in creating slave profiles directly. 'bridge-slave', 'bond-slave' and 'team-slave' just offer ethernet type at the moment. We will work on this in the future to improve it.
As you figured out, you need to create all the profiles separately as ordinary 
types, and then make them as slaves later by modifying master and slave-type properties.
For example, for creating bond over VLANs, you will create all connections:
$ nmcli con add type ethernet con-name myeth1 ifname eth1
$ nmcli con add type ethernet con-name myeth2 ifname eth2
$ nmcli con add type vlan con-name vlan111 dev eth1 id 111
$ nmcli con add type vlan con-name vlan222 dev eth2 id 222
$ nmcli con add type bond con-name jamesbond ifname bond007 mode 802.3ad

And then you edit the VLANs to became slaves of the bond:
$ nmcli con edit vlan111
nmcli> remove ipv4
nmcli> remove ipv6
nmcli> set connection.slave-type bond
nmcli> set connection.master bond007
nmcli> save
nmcli> quit
and the same for vlan222

It is also possible to create/edit ifcfg files directly as before, because 
NetworkManager reads them. You just have to let NetworkManager know when you 
are done with the changes. Call 'nmcli con reload' as root to do that. (See 
also monitor-connection-files option in man Networkmanager.conf).

Also, there is the GUI nm-connection-editor that allows stacking connections 
while creating them (will offer other types than ethernet for slave types).

Comment 3 Etsuji Nakai 2015-01-19 10:09:17 UTC

Ok. I understand that this is a known limitation. Please close this ticket.
Hope it will be imporved soon ;)

Comment 4 Simone Caronni 2015-02-04 14:39:01 UTC

Damn, I spent almost a day in our datacenter trying to understand why my bond0/team0 device could not be added to the bridge, and then I stepped onto this bug.

These limitations should find their way inside the official Red Hat manuals, as this configuration is not described as not supported in RHEL 7.

Comment 5 Jirka Klimes 2015-02-10 16:09:40 UTC

We plan to improve the nmcli editing for RHEL 7.2, so I am leaving this open as an RFE.

Comment 10 Lubomir Rintel 2016-03-29 14:03:07 UTC

With the version of NetworkManager that will be shipped with RHEL-7.3 the desired configuration is done like this:

# nmcli c add type bridge ifname br0 con-name bridge-br0
# nmcli c add type bond ifname bond0 con-name bridge-slave-bond0 master bridge-br0
# nmcli c add type ethernet ifname ens6 con-name bond-slave-ens6 master bond0
# nmcli c add type ethernet ifname ens7 con-name bond-slave-ens7 master bond0

Note the absence of "*-slave" types and presence of "master" option to denote a slave.

Comment 12 Vladimir Benes 2016-06-02 14:06:23 UTC

This is working well according to reproducer from comment 10

Comment 14 errata-xmlrpc 2016-11-03 19:13:07 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2581.html

Note You need to log in before you can comment on or make changes to this bug.