ifreload -a sets all veth interfaces to DOWN.

zealousGnu commented 1 year ago

I have the debian bullseye repository standard ifupdown2 installed and use lxc containers on a vanilla system and when using ifreload -a, all of my VETH interfaces are set to down.

lxc.container.conf networking configuration

lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = bridge
lxc.net.0.hwaddr = (mac address removed)

bridge configuration:

auto bridge
iface bridge inet static
    address (ipv4_address removed for privacy)
iface bridge inet6 static
    address (ipv6_address removed for privacy)
    bridge-ports none
    bridge-stp off
    bridge-vlan-aware yes
    mtu 9216

It's a rather breaking bug. The version of ifupdown2 is 3.0.0-1

julienfortin commented 1 year ago

Hi,

Can you provide additional logs? i.e. ifreload -ad

Thanks Julien

zealousGnu commented 1 year ago

debug: args = Namespace(all=True, currentlyup=False, CLASS=None, iflist=[],
noact=False, verbose=False, debug=True, withdepends=False, perfmode=False,
nocache=False, excludepats=None, usecurrentconfig=False, syslog=False,
force=False, syn
taxcheck=False, version=None, nldebug=False)
debug: creating ifupdown object ..
info: requesting link dump
info: requesting address dump
info: requesting netconf dump
debug: nlcache: reset errorq
debug: {'use_daemon': 'no', 'template_enable': '1', 'template_engine':
'mako', 'template_lookuppath': '/etc/network/ifupdown2/templates',
'default_interfaces_configfile': '/etc/network/interfaces',
'disable_cli_interfacesfile': '0', 'addo
n_syntax_check': '0', 'addon_scripts_support': '1',
'addon_python_modules_support': '1', 'multiple_vlan_aware_bridge_support':
'1', 'ifquery_check_success_str': 'pass', 'ifquery_check_error_str':
'fail', 'ifquery_check_unknown_str': '', '
ifquery_ifacename_expand_range': '0', 'link_master_slave': '1',
'delay_admin_state_change': '0', 'ifreload_down_changed': '0',
'addr_config_squash': '0', 'ifaceobj_squash': '0',
'adjust_logical_dev_mtu': '1', 'state_dir': '/run/network'}
info: loading builtin modules from ['/usr/share/ifupdown2/addons']
info: module openvswitch not loaded (module init failed: no
/usr/bin/ovs-vsctl found)
info: module openvswitch_port not loaded (module init failed: no
/usr/bin/ovs-vsctl found)
info: module ppp not loaded (module init failed: no /usr/bin/pon found)
info: module batman_adv not loaded (module init failed: no /usr/sbin/batctl
found)
debug: bridge: using reserved vlan range (0, 0)
debug: bridge: init: warn_on_untagged_bridge_absence=False
debug: bridge: init: vxlan_bridge_default_igmp_snooping=None
debug: bridge: init: arp_nd_suppress_only_on_vxlan=False
info: executing /sbin/sysctl net.bridge.bridge-allow-multiple-vlans
debug: bridge: init: multiple vlans allowed True
info: module mstpctl not loaded (module init failed: no /sbin/mstpctl
found)
info: executing /bin/ip rule show
info: executing /bin/ip -6 rule show
info: address: using default mtu 1500
info: address: max_mtu undefined
info: executing /usr/sbin/ip vrf id
info: mgmt vrf_context = False
info: dhclient: dhclient_retry_on_failure set to 0
info: executing /bin/ip addr help
info: address metric support: OK
info: module ppp not loaded (module init failed: no /usr/bin/pon found)
info: module mstpctl not loaded (module init failed: no /sbin/mstpctl
found)
info: module batman_adv not loaded (module init failed: no /usr/sbin/batctl
found)
info: module openvswitch_port not loaded (module init failed: no
/usr/bin/ovs-vsctl found)
info: module openvswitch not loaded (module init failed: no
/usr/bin/ovs-vsctl found)
info: looking for user scripts under /etc/network
info: loading scripts under /etc/network/if-pre-up.d ...
info: loading scripts under /etc/network/if-up.d ...
info: loading scripts under /etc/network/if-post-up.d ...
info: loading scripts under /etc/network/if-pre-down.d ...
info: loading scripts under /etc/network/if-down.d ...
info: loading scripts under /etc/network/if-post-down.d ...
info: 'link_master_slave' is set. slave admin state changes will be delayed
till the masters admin state change.
info: using mgmt iface default prefix eth
debug: reloading interface config ..
info: processing interfaces file /etc/network/interfaces
debug: processing sourced line ..'source /etc/network/interfaces.d/*'
info: processing interfaces file /etc/network/interfaces.d/bridge
info: no interfaces to down ..
info: reload: scheduling up on interfaces: ['bridge', 'lxc-5', 'lxc-12',
'lxc-13', 'lxc-15', 'lo', 'eno1']
debug: scheduling '['pre-up', 'up', 'post-up']' for ['bridge', 'lxc-5',
'lxc-12', 'lxc-13', 'lxc-15', 'lo', 'eno1']
debug: dependency graph {
       bridge : []
       lxc-5 : []
       lxc-12 : []
       lxc-13 : []
       lxc-15 : []
       lo : []
       eno1 : []
}
debug: graph roots (interfaces that dont have dependents): ['bridge',
'lxc-5', 'lxc-12', 'lxc-13', 'lxc-15', 'lo', 'eno1']
info: bridge: running ops ...
debug: bridge: pre-up : running module xfrm
debug: bridge: pre-up : running module link
debug: bridge: pre-up : running module bond
debug: bridge: pre-up : running module vlan
debug: bridge: pre-up : running module vxlan
debug: bridge: pre-up : running module usercmds
debug: bridge: pre-up : running module bridge
info: bridge: bridge already exists
info: bridge: applying bridge settings
info: bridge: reset bridge-hashel to default: 4
info: reading '/sys/class/net/bridge/bridge/stp_state'
info: bridge: netlink: ip link set dev bridge type bridge (with attributes)
debug: attributes: {26: 4}
info: veth98bAyF: netlink: ip link set dev veth98bAyF nomaster
info: veth98bAyF: netlink: ip link set dev veth98bAyF down
info: writing '0' to file /proc/sys/net/ipv6/conf/veth98bAyF/disable_ipv6
info: vethHQX4CO: netlink: ip link set dev vethHQX4CO nomaster
info: vethHQX4CO: netlink: ip link set dev vethHQX4CO down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethHQX4CO/disable_ipv6
info: vethPw5xt4: netlink: ip link set dev vethPw5xt4 nomaster
info: vethPw5xt4: netlink: ip link set dev vethPw5xt4 down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethPw5xt4/disable_ipv6
info: vethkRYfJb: netlink: ip link set dev vethkRYfJb nomaster
info: vethkRYfJb: netlink: ip link set dev vethkRYfJb down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethkRYfJb/disable_ipv6
info: veth4zFaNv: netlink: ip link set dev veth4zFaNv nomaster
info: veth4zFaNv: netlink: ip link set dev veth4zFaNv down
info: writing '0' to file /proc/sys/net/ipv6/conf/veth4zFaNv/disable_ipv6
info: veth179mcU: netlink: ip link set dev veth179mcU nomaster
info: veth179mcU: netlink: ip link set dev veth179mcU down
info: writing '0' to file /proc/sys/net/ipv6/conf/veth179mcU/disable_ipv6
info: vethdLAyOq: netlink: ip link set dev vethdLAyOq nomaster
info: vethdLAyOq: netlink: ip link set dev vethdLAyOq down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethdLAyOq/disable_ipv6
info: vethjOh0Zq: netlink: ip link set dev vethjOh0Zq nomaster
info: vethjOh0Zq: netlink: ip link set dev vethjOh0Zq down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethjOh0Zq/disable_ipv6
info: vethSl0egZ: netlink: ip link set dev vethSl0egZ nomaster
info: vethSl0egZ: netlink: ip link set dev vethSl0egZ down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethSl0egZ/disable_ipv6
info: vethrzlD68: netlink: ip link set dev vethrzlD68 nomaster
info: vethrzlD68: netlink: ip link set dev vethrzlD68 down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethrzlD68/disable_ipv6
info: vethOby8Uv: netlink: ip link set dev vethOby8Uv nomaster
info: vethOby8Uv: netlink: ip link set dev vethOby8Uv down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethOby8Uv/disable_ipv6
info: vethnc8Wm0: netlink: ip link set dev vethnc8Wm0 nomaster
info: vethnc8Wm0: netlink: ip link set dev vethnc8Wm0 down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethnc8Wm0/disable_ipv6
info: vethqC2921: netlink: ip link set dev vethqC2921 nomaster
info: vethqC2921: netlink: ip link set dev vethqC2921 down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethqC2921/disable_ipv6
debug: bridge: pre-up : running module bridgevlan
debug: bridge: pre-up : running module tunnel
debug: bridge: pre-up : running module vrf
debug: bridge: pre-up : running module ethtool
debug: bridge: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.bridge.input=0
info: bridge: bridge inherits mtu from its ports. There is no need to
assign mtu on a bridge
debug: bridge: up : running module dhcp
debug: bridge: up : running module address
debug: bridge: up : running module addressvirtual
debug: bridge: up : running module usercmds
debug: bridge: up : running script /etc/network/if-up.d/chrony
info: executing /etc/network/if-up.d/chrony
debug: bridge: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
debug: bridge: post-up : running module usercmds
debug: bridge: statemanager sync state pre-up
info: lxc-5: running ops ...
debug: lxc-5: pre-up : running module xfrm
debug: lxc-5: pre-up : running module link
debug: lxc-5: pre-up : running module bond
debug: lxc-5: pre-up : running module vlan
debug: lxc-5: pre-up : running module vxlan
debug: lxc-5: pre-up : running module usercmds
debug: lxc-5: pre-up : running module bridge
info: lxc-5: bridge already exists
info: lxc-5: applying bridge settings
info: lxc-5: reset bridge-hashel to default: 4
info: reading '/sys/class/net/lxc-5/bridge/stp_state'
info: lxc-5: netlink: ip link set dev lxc-5 type bridge (with attributes)
debug: attributes: {26: 4}
info: veth7A1zt7: netlink: ip link set dev veth7A1zt7 nomaster
info: veth7A1zt7: netlink: ip link set dev veth7A1zt7 down
info: writing '0' to file /proc/sys/net/ipv6/conf/veth7A1zt7/disable_ipv6
debug: lxc-5: pre-up : running module bridgevlan
debug: lxc-5: pre-up : running module tunnel
debug: lxc-5: pre-up : running module vrf
debug: lxc-5: pre-up : running module ethtool
debug: lxc-5: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.lxc-5.input=0
info: lxc-5: bridge inherits mtu from its ports. There is no need to assign
mtu on a bridge
info: writing '0' to file /proc/sys/net/ipv4/conf/lxc-5/arp_accept
debug: lxc-5: up : running module dhcp
debug: lxc-5: up : running module address
debug: lxc-5: up : running module addressvirtual
debug: lxc-5: up : running module usercmds
debug: lxc-5: up : running script /etc/network/if-up.d/chrony
info: executing /etc/network/if-up.d/chrony
debug: lxc-5: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
debug: lxc-5: post-up : running module usercmds
debug: lxc-5: statemanager sync state pre-up
info: lxc-12: running ops ...
debug: lxc-12: pre-up : running module xfrm
debug: lxc-12: pre-up : running module link
debug: lxc-12: pre-up : running module bond
debug: lxc-12: pre-up : running module vlan
debug: lxc-12: pre-up : running module vxlan
debug: lxc-12: pre-up : running module usercmds
debug: lxc-12: pre-up : running module bridge
info: lxc-12: bridge already exists
info: lxc-12: applying bridge settings
info: lxc-12: reset bridge-hashel to default: 4
info: lxc-12: reset bridge-hashmax to default: 512
info: reading '/sys/class/net/lxc-12/bridge/stp_state'
info: lxc-12: netlink: ip link set dev lxc-12 type bridge (with attributes)
debug: attributes: {26: 4, 27: 512}
info: vethYroCjt: netlink: ip link set dev vethYroCjt nomaster
info: vethYroCjt: netlink: ip link set dev vethYroCjt down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethYroCjt/disable_ipv6
debug: lxc-12: pre-up : running module bridgevlan
debug: lxc-12: pre-up : running module tunnel
debug: lxc-12: pre-up : running module vrf
debug: lxc-12: pre-up : running module ethtool
debug: lxc-12: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.lxc-12.input=0
info: lxc-12: bridge inherits mtu from its ports. There is no need to
assign mtu on a bridge
info: lxc-12: netlink: ip addr add 168.119.69.128/32 dev lxc-12
info: lxc-12: netlink: ip addr add 2a01:4f8:242:1797::2/128 dev lxc-12
info: writing '0' to file /proc/sys/net/ipv4/conf/lxc-12/arp_accept
debug: lxc-12: up : running module dhcp
debug: lxc-12: up : running module address
debug: lxc-12: up : running module addressvirtual
debug: lxc-12: up : running module usercmds
debug: lxc-12: up : running script /etc/network/if-up.d/chrony
info: executing /etc/network/if-up.d/chrony
debug: lxc-12: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
debug: lxc-12: post-up : running module usercmds
debug: lxc-12: statemanager sync state pre-up
info: lxc-13: running ops ...
debug: lxc-13: pre-up : running module xfrm
debug: lxc-13: pre-up : running module link
debug: lxc-13: pre-up : running module bond
debug: lxc-13: pre-up : running module vlan
debug: lxc-13: pre-up : running module vxlan
debug: lxc-13: pre-up : running module usercmds
debug: lxc-13: pre-up : running module bridge
info: lxc-13: bridge already exists
info: lxc-13: applying bridge settings
info: lxc-13: reset bridge-hashel to default: 4
info: lxc-13: reset bridge-hashmax to default: 512
info: reading '/sys/class/net/lxc-13/bridge/stp_state'
info: lxc-13: netlink: ip link set dev lxc-13 type bridge (with attributes)
debug: attributes: {26: 4, 27: 512}
info: vethepq8Ob: netlink: ip link set dev vethepq8Ob nomaster
info: vethepq8Ob: netlink: ip link set dev vethepq8Ob down
info: writing '0' to file /proc/sys/net/ipv6/conf/vethepq8Ob/disable_ipv6
debug: lxc-13: pre-up : running module bridgevlan
debug: lxc-13: pre-up : running module tunnel
debug: lxc-13: pre-up : running module vrf
debug: lxc-13: pre-up : running module ethtool
debug: lxc-13: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.lxc-13.input=0
info: lxc-13: bridge inherits mtu from its ports. There is no need to
assign mtu on a bridge
info: writing "9166" to file /sys/class/net/lxc-13/mtu
info: lxc-13: netlink: ip addr add 168.119.69.128/32 dev lxc-13
info: lxc-13: netlink: ip addr add 2a01:4f8:242:1797::2/128 dev lxc-13
info: writing '0' to file /proc/sys/net/ipv4/conf/lxc-13/arp_accept
debug: lxc-13: up : running module dhcp
debug: lxc-13: up : running module address
debug: lxc-13: up : running module addressvirtual
debug: lxc-13: up : running module usercmds
debug: lxc-13: up : running script /etc/network/if-up.d/chrony
info: executing /etc/network/if-up.d/chrony
debug: lxc-13: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
debug: lxc-13: post-up : running module usercmds
debug: lxc-13: statemanager sync state pre-up
info: lxc-15: running ops ...
debug: lxc-15: pre-up : running module xfrm
debug: lxc-15: pre-up : running module link
debug: lxc-15: pre-up : running module bond
debug: lxc-15: pre-up : running module vlan
debug: lxc-15: pre-up : running module vxlan
debug: lxc-15: pre-up : running module usercmds
debug: lxc-15: pre-up : running module bridge
info: lxc-15: bridge already exists
info: lxc-15: applying bridge settings
info: lxc-15: reset bridge-hashel to default: 4
info: lxc-15: reset bridge-hashmax to default: 512
info: reading '/sys/class/net/lxc-15/bridge/stp_state'
info: lxc-15: netlink: ip link set dev lxc-15 type bridge (with attributes)
debug: attributes: {26: 4, 27: 512}
debug: lxc-15: pre-up : running module bridgevlan
debug: lxc-15: pre-up : running module tunnel
debug: lxc-15: pre-up : running module vrf
debug: lxc-15: pre-up : running module ethtool
debug: lxc-15: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.lxc-15.input=0
info: lxc-15: bridge inherits mtu from its ports. There is no need to
assign mtu on a bridge
info: lxc-15: netlink: ip addr add 168.119.69.128/32 dev lxc-15
info: lxc-15: netlink: ip addr add 2a01:4f8:242:1797::2/128 dev lxc-15
info: writing '0' to file /proc/sys/net/ipv4/conf/lxc-15/arp_accept
debug: lxc-15: up : running module dhcp
debug: lxc-15: up : running module address
debug: lxc-15: up : running module addressvirtual
debug: lxc-15: up : running module usercmds
debug: lxc-15: up : running script /etc/network/if-up.d/chrony
info: executing /etc/network/if-up.d/chrony
debug: lxc-15: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
debug: lxc-15: post-up : running module usercmds
debug: lxc-15: statemanager sync state pre-up
info: lo: running ops ...
debug: lo: pre-up : running module xfrm
debug: lo: pre-up : running module link
debug: lo: pre-up : running module bond
debug: lo: pre-up : running module vlan
debug: lo: pre-up : running module vxlan
debug: lo: pre-up : running module usercmds
debug: lo: pre-up : running module bridge
debug: lo: pre-up : running module bridgevlan
debug: lo: pre-up : running module tunnel
debug: lo: pre-up : running module vrf
debug: lo: pre-up : running module ethtool
debug: lo: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.lo.input=0
debug: lo: up : running module dhcp
debug: lo: up : running module address
debug: lo: up : running module addressvirtual
debug: lo: up : running module usercmds
debug: lo: up : running script /etc/network/if-up.d/chrony
info: executing /etc/network/if-up.d/chrony
debug: lo: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
debug: lo: post-up : running module usercmds
debug: lo: statemanager sync state pre-up
info: eno1: running ops ...
debug: eno1: pre-up : running module xfrm
debug: eno1: pre-up : running module link
debug: eno1: pre-up : running module bond
debug: eno1: pre-up : running module vlan
debug: eno1: pre-up : running module vxlan
debug: eno1: pre-up : running module usercmds
debug: eno1: pre-up : running module bridge
debug: eno1: pre-up : running module bridgevlan
debug: eno1: pre-up : running module tunnel
debug: eno1: pre-up : running module vrf
debug: eno1: pre-up : running module ethtool
debug: eno1: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.eno1.input=0
debug: eno1: up : running module dhcp
debug: eno1: up : running module address
info: executing /bin/ip route add default via 168.119.69.129 proto kernel
dev eno1 onlink
info: executing /bin/ip route add default via fe80::1 proto kernel dev eno1
onlink
debug: eno1: up : running module addressvirtual
debug: eno1: up : running module usercmds
info: executing ip r add 168.119.69.129 dev eno1
debug: eno1: up : running script /etc/network/if-up.d/chrony
info: executing /etc/network/if-up.d/chrony
debug: eno1: up : running script /etc/network/if-up.d/postfix
info: executing /etc/network/if-up.d/postfix
debug: eno1: post-up : running module usercmds
debug: eno1: statemanager sync state pre-up
debug: saving state ..
info: exit status 0

julienfortin commented 1 year ago

Can you also share the content of /e/n/i? and what changes are triggering the down on the veth

zealousGnu commented 1 year ago

/etc/network/interfaces: source /etc/network/interfaces.d/*

auto lo iface lo inet loopback iface lo inet6 loopback

auto eno1 iface eno1 inet static address (ip address) up ip r add (gateway address) dev $IFACE gateway (gateway address)

iface eno1 inet6 static address (ipv6 address) gateway (ipv6 gateway)

/etc/network/interfaces.d/: auto bridge iface bridge inet static address (ipv4 address removed) iface bridge inet6 static address (ipv6 address removed) bridge-ports none bridge-stp off bridge-vlan-aware yes mtu 9216 bridge-fd 0 auto lxc-5 iface lxc-5 inet static address (ipv4 address removed) iface lxc-5 inet6 static address (ipv6 address removed) bridge-ports none bridge-stp off bridge-vlan-aware no bridge-fd 0 mtu 9166 auto lxc-12 iface lxc-12 inet static address (ipv4 address removed) iface lxc-12 inet6 static address (ipv6 address removed) bridge-ports none bridge-stp off bridge-vlan-aware no mtu 9166 auto lxc-13 iface lxc-13 inet static address (ipv4 address removed) iface lxc-13 inet6 static address (ipv6 address removed) bridge-ports none bridge-stp off bridge-vlan-aware no mtu 9166 auto lxc-15 iface lxc-15 inet static address (ipv4 address removed) iface lxc-15 inet6 static address (ipv6 address removed) bridge-ports none bridge-stp off bridge-vlan-aware no mtu 9166

It triggers even if no changes are made.

julienfortin commented 1 year ago

All network device need to be added to /e/n/i, i'm not seeing the veth in your config, is this normal?

zealousGnu commented 1 year ago

Definitely normal usage of veth interfaces. They're administered over lxc. Proxmox uses a similar design (with ifupdown2 installed by default), but doesn't have this problem. It uses a patched ifupdown2, but what I'm doing is definitely a standard use case.

On Wed, Jan 11, 2023, 00:22 Julien Fortin @.***> wrote:

All network device need to be added to /e/n/i, i'm not seeing the veth in your config, is this normal?

— Reply to this email directly, view it on GitHub https://github.com/CumulusNetworks/ifupdown2/issues/250#issuecomment-1378025598, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3VUA537BSPKD4WU53H4JZLWRXVMTANCNFSM6AAAAAATWSXGNI . You are receiving this because you authored the thread.Message ID: @.***>

svenauhagen commented 1 year ago

Hi,

Proxmox is using the following parameter on the bridge which will fix the problem if you add it to your config:

bridge-ports-condone-regex ^(tap|veth|fwpr)

Best

CumulusNetworks / ifupdown2

ifreload -a sets all veth interfaces to DOWN. #250