Red Hat Bugzilla – Bug 1448987
NM does not use new route when adding host route for DHCP server
Last modified: 2017-08-01 05:28:57 EDT
Description of problem: As per: https://bugzilla.redhat.com/show_bug.cgi?id=983325 NetworkManager will add a host route for the DHCP server. This is usually not a problem provided the customer has only one router per subnet, the default router. But if there are 2 routers on the same subnet and a new route has been defined for the subnet that the DHCP server is on, then this could present a problem depending on the customers external network configuration. Take my LAB system, here we have where 10.7.1.66 is the dhcp server: [root@unused ~]# ip addr 2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:50:56:a5:70:8a brd ff:ff:ff:ff:ff:ff inet 10.7.1.233/24 brd 10.7.1.255 scope global dynamic eno16780032 valid_lft 259138sec preferred_lft 259138sec inet6 fe80::250:56ff:fea5:708a/64 scope link valid_lft forever preferred_lft forever [root@unused ~]# ip route default via 10.7.1.254 dev eno16780032 proto static metric 100 10.7.1.66 via 10.7.1.254 dev eno16780032 proto dhcp metric 100 << added by NM 10.7.1.0/24 dev eno16780032 proto kernel scope link src 10.7.1.233 [root@unused ~]# Now if we add a new route for the 10.0.0.0/8 subnet: # ip route add 10.0.0.0/8 via 10.7.1.2 dev eno16780032 Now see how IP addresses for 10.7.1.x e.g 10.7.1.1 resolves. DHCP server 10.7.1.66 would also resolve the same, if the host route was not there: # ip route get 10.7.1.1 10.7.1.1 via 10.7.1.2 src 10.7.1.233 But if we restart NM then it still adds a route for 10.7.1.66 via 10.7.1.254 instead of the new router 10.7.1.2. This can be a problem for customers that expect the traffic to go trough the new route. Version-Release number of selected component (if applicable): RHEL7 How reproducible: Always see above. Actual results: When the routing table looks like: # ip route default via 10.7.1.254 dev eno16780032 proto static metric 100 10.0.0.0/8 via 10.7.1.2 dev eno16780032 10.7.1.66 via 10.7.1.254 dev eno16780032 proto dhcp metric 100 10.7.1.0/24 dev eno16780032 proto kernel scope link src 10.7.1.233 Then restarting NM still shows that the DCHP server host route is still via 10.7.1.254 instead of 10.7.1.2. # ip route default via 10.7.1.254 dev eno16780032 proto static metric 100 10.0.0.0/8 via 10.7.1.2 dev eno16780032 10.7.1.66 via 10.7.1.254 dev eno16780032 proto dhcp metric 100 10.7.1.0/24 dev eno16780032 proto kernel scope link src 10.7.1.233 Expected results: After restarting, expect NM to find the new route for 10.7.1.66 pointing to gw 10.7.1.2. Just like "ip route get" e.g: # ip route get 10.7.1.1 10.7.1.1 via 10.7.1.2 src 10.7.1.233 default via 10.7.1.254 dev eno16780032 proto static metric 100 10.0.0.0/8 via 10.7.1.2 dev eno16780032 10.7.1.66 via 10.7.1.2 dev eno16780032 proto dhcp metric 100 10.7.1.0/24 dev eno16780032 proto kernel scope link src 10.7.1.233 Additional info: We have a customer that reported this after trying to kickstart RHEL7 through Anaconda and the route added by NM is breaking communications because the new route they defined for the DHCP server network is not being used.
Hi, it's wrong that NM adds such route because the DHCP server is already reachable through the existing routes pushed by the server. Also, the way in which the route gateway is chosen is wrong because it doesn't consider the static routes, but only the default gateway. I think that the fix for bug 983325 was implemented in the wrong way. I wonder if that fix should exist at all, considering that: - dhclient script doesn't implement at all such logic (it has some code to add direct routes to the *gateway* if not directly reachable) - if needed, the server can be configured to push the missing route to be reached by the client in the classless-routes options So, in my opinion that code should be removed or at least fixed to add the route only when strictly necessary.
(In reply to Beniamino Galvani from comment #2) > Hi, > > it's wrong that NM adds such route because the DHCP server is already > reachable through the existing routes pushed by the server. Also, the > way in which the route gateway is chosen is wrong because it doesn't > consider the static routes, but only the default gateway. I think that > the fix for bug 983325 was implemented in the wrong way. > > I wonder if that fix should exist at all, considering that: > > - dhclient script doesn't implement at all such logic (it has some > code to add direct routes to the *gateway* if not directly > reachable) > > - if needed, the server can be configured to push the missing route > to be reached by the client in the classless-routes options > They are using the above to add classless-static routes already. > So, in my opinion that code should be removed or at least fixed to add > the route only when strictly necessary. Hi, Thanks for looking into this. I agree. That makes sense. Otherwise customers with more than one router on a subnet will have problems.
Created attachment 1277653 [details] [PATCH] dhcp: don't add route to DHCP4 server
Created attachment 1277654 [details] Routed DHCP test script For future memory: a simple script to test scenarios like this
(In reply to Beniamino Galvani from comment #4) > Created attachment 1277653 [details] > [PATCH] dhcp: don't add route to DHCP4 server lgtm
I agree on #c2. Route to DHCP server should be managed in DHCP server configuration in classless-routes options. Patch lgtm
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2299