On 2/26/18 11:05 AM, Mike Manning wrote: > On 2/26/18 9:48 AM, Mike Manning wrote: > >> Setting an interface into a vrf fails with 'RTNETLINK answers: File >> exists' if one of its vifs is already in the same vrf. As the vrf is an >> upper device of the vif, it is also showing up as an upper device of >> the interface itself. The solution is to restrict this check to devices >> other than master. As only one master device can be linked to a device, >> in this case the check is for the upper device (vrf) to be linked to as >> being the master device rather than any other upper device. > > I'm not understanding what you mean by vif in this context. Can you > elaborate and show an example set of commands? > > > Here is an example of a vrf (green), a physical if (ens12) and a virtual if > (vif) on vlan 10 (ens12.10):
ok, so by vif you mean a vlan subinterface. > > # ip link show dev vrfgreen > 14: vrfgreen: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP > mode DEFAULT group default qlen 1000 > link/ether b2:9a:92:88:a8:fe brd ff:ff:ff:ff:ff:ff > # ip link show dev ens12 > 3: ens12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP > mode DEFAULT group default qlen 1000 > link/ether 52:54:00:4c:a0:45 brd ff:ff:ff:ff:ff:ff > # ip link add link ens12 ens12.10 type vlan id 10 > # ip link add link ens12 ens12.20 type vlan id 20 > > This works fine: > > # ip link set dev ens12 master vrfgreen > # ip link show dev ens12 > 3: ens12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master > vrfgreen state UP mode DEFAULT group default qlen 1000 > link/ether 52:54:00:4c:a0:45 brd ff:ff:ff:ff:ff:ff > # ip link set dev ens12 nomaster > > But if one of the vifs is first set into the same vrf, then subsequently > setting the parent into the vrf fails: > > # ip link set dev ens12.10 master vrfgreen > # ip link show dev ens12.10 > 39: ens12.10@ens12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > master vrfgreen state UP mode DEFAULT group default qlen 1000 > link/ether 52:54:00:4c:a0:45 brd ff:ff:ff:ff:ff:ff > # ip link set dev ens12 master vrfgreen > RTNETLINK answers: File exists > # > > The workaround is to move the vif back into the default VRF beforehand, but > for this one first has to shut the vif so as to avoid the risk of traffic > leaking from the VRF. > > This fix is proposed to avoid that messy workaround. Ok, I get the problem now. I would like to see the above comments and series of commands added to the commit message. I need to think about the change with respect to other stacking options. Somewhere I have commands that cover a lot of permutations.
