Bug 2046293 - Configuring pref-src (src) of route not working with dad/ACD
Summary: Configuring pref-src (src) of route not working with dad/ACD
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: NetworkManager
Version: 9.2
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: rc
: ---
Assignee: Thomas Haller
QA Contact: Matej Berezny
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-26 14:23 UTC by Thomas Haller
Modified: 2023-07-13 07:25 UTC (History)
8 users (show)

Fixed In Version: NetworkManager-1.43.4-1.el9
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker NMT-44 0 None None None 2023-01-22 10:50:13 UTC
Red Hat Issue Tracker RHELPLAN-109838 0 None None None 2022-01-26 14:26:16 UTC
freedesktop.org Gitlab NetworkManager NetworkManager-ci merge_requests 1368 0 None merged [th/route-prefsrc] test adding routes with prefsrc/src attribute (@ipv4_prefsrc_route_acd) 2023-04-04 12:09:43 UTC
freedesktop.org Gitlab NetworkManager NetworkManager merge_requests 1550 0 None opened [th/platform-rt-prefsrc] better handle routes with prefsrc 2023-03-15 08:35:13 UTC

Description Thomas Haller 2022-01-26 14:23:43 UTC 
Kernel is very picky about accepting a route with "src" parameter.
The src address must have a corresponding local route, which it usually has when the IP address is added. Otherwise configuring it fails.

Say, you configure this profile:

  nmcli connection add \
      type ethernet \ 
      con-name x \
      autoconnect no \
      ipv6.method disabled \
      ipv4.method manual \
      ipv4.addresses 10.0.0.1/24 \
      ipv4.routes "10.0.0.0/24 src=10.0.0.1 table=5000"
      ipv4.dad-timeout 500


this seems a sensible thing to do, because you want to use policy routing and add the device route to another table. Something similar might happen with

  nmcli connection add \
      type ethernet \ 
      con-name x \
      autoconnect no \
      ipv6.method disabled \
      ipv4.method manual \
      ipv4.addresses 10.0.0.1/24 \
      ipv4.route-table 5000 \
      ipv4.routes "10.0.0.0/24 src=10.0.0.1"
      ipv4.dad-timeout 500

(check both approaches, because they are not exactly the same!)




Anyway. With this, DAD/ACD is delaying the addition of the IPv4 address, and the IPv4 local route does not exist. At this point, the pref-src route cannot be added yet. What must happen, is that NM notices this, and retries later when the circumstances are right.

I guess, something similar could also happen with IPv6. Test that too!!


The underlying problem is because kernel tries to be overly helpful, and requiring that non-trivial relations between addresses/routes are honored. When it should just accept the configuration that the user wants to make. It's not that you couldn't configure wrong routing in kernel, this only captures a very very narrow case.
Comment 1 Thomas Haller 2022-01-26 14:27:36 UTC 
NML3Cfg has a mechanism for that, grep for "routes_temporary_not_available". Apparently, it doesn't work properly for the prefsrc case.
Comment 2 Thomas Haller 2022-01-26 15:23:34 UTC 
note that the pref-src could also be on *another* device/profile!! And that might be activated later (or never). It would seem, we need to keep such a route around, until we can configure it.
Comment 9 Thomas Haller 2023-03-21 15:09:07 UTC 
fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1550
CI test: https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/-/merge_requests/1368
Note You need to log in before you can comment on or make changes to this bug.