search

ipspace / netlab

Making virtual networking labs suck less
https://netlab.tools
Other
409 stars 58 forks source link

[BUG] OS10 VRF BGP network origination configuration error #1154

Closed ipspace closed 2 months ago

ipspace commented 2 months ago

It looks like the BGP network command is applied in the wrong place during OS10 VRF configuration.

See:

ssasso commented 2 months ago

This is definitely related to this:

https://github.com/ipspace/netlab/commit/7d6f506d798ee1b230b3103ca7bbb34615ba2163

As you can see from the test error, ansible tries to configure the network inside the "template" stanza.

The "exit" after the template worked fine on my env, but will do more investigation.

ssasso commented 2 months ago

@ipspace I confirm that, on my env, the bgp config is working fine (with the above fix, of course).

Example with test vrf/12-multi-vrf-bgp.yml:

# netlab up -d dellos10 -p libvirt

┌──────────────────────────────────────────────────────────────────────────────────┐
│ CREATING configuration files                                                     │
└──────────────────────────────────────────────────────────────────────────────────┘
[CREATED] provider configuration file: Vagrantfile
[INFO]    Creating configuration file for secondary provider clab
[CREATED] provider configuration file: clab-augment.yml
[MAPPED]  clab_files/r1/daemons to r1:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r1/hosts to r1:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
[MAPPED]  clab_files/r2/daemons to r2:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r2/hosts to r2:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
[MAPPED]  clab_files/r3/daemons to r3:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r3/hosts to r3:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
[MAPPED]  clab_files/r4/daemons to r4:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r4/hosts to r4:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
[CREATED] transformed topology dump in YAML format in netlab.snapshot.yml
[GROUPS]  group_vars for all
[GROUPS]  group_vars for modules
[GROUPS]  group_vars for frr
[HOSTS]   host_vars for r1
[HOSTS]   host_vars for r2
[HOSTS]   host_vars for r3
[HOSTS]   host_vars for r4
[GROUPS]  group_vars for dellos10
[HOSTS]   host_vars for dut
[CREATED] minimized Ansible inventory hosts.yml
[CREATED] Ansible configuration file: ansible.cfg

┌──────────────────────────────────────────────────────────────────────────────────┐
│ CHECKING virtualization provider installation                                    │
└──────────────────────────────────────────────────────────────────────────────────┘
[SUCCESS] libvirt installed and working correctly
[SUCCESS] clab installed and working correctly

┌──────────────────────────────────────────────────────────────────────────────────┐
│ STARTING libvirt nodes                                                           │
└──────────────────────────────────────────────────────────────────────────────────┘
[CREATED] creating libvirt management network vagrant-libvirt
provider libvirt: executing vagrant up --provider libvirt
Bringing machine 'dut' up with 'libvirt' provider...
==> dut: Creating image (snapshot of base box volume).
==> dut: Creating domain with the following settings...
==> dut:  -- Name:              vrf12_dut
==> dut:  -- Description:       Source: /root/TOPOLOGIES/bugs/vrf12/Vagrantfile
==> dut:  -- Domain type:       kvm
==> dut:  -- Cpus:              2
==> dut:  -- Feature:           acpi
==> dut:  -- Feature:           apic
==> dut:  -- Feature:           pae
==> dut:  -- Clock offset:      utc
==> dut:  -- Memory:            2048M
==> dut:  -- Management MAC:    08:4f:a9:00:00:01
==> dut:  -- Base box:          dell/os10
==> dut:  -- Storage pool:      default
==> dut:  -- Image(vda):        /var/lib/libvirt/images/vrf12_dut.img, ide, 50G
==> dut:  -- Disk driver opts:  cache='default'
==> dut:  -- Graphics Type:     vnc
==> dut:  -- Video Type:        cirrus
==> dut:  -- Video VRAM:        16384
==> dut:  -- Video 3D accel:    false
==> dut:  -- Keymap:            en-us
==> dut:  -- TPM Backend:       passthrough
==> dut:  -- INPUT:             type=mouse, bus=ps2
==> dut: Creating shared folders metadata...
==> dut: Starting domain.
==> dut: Domain launching with graphics connection settings...
==> dut:  -- Graphics Port:      5900
==> dut:  -- Graphics IP:        127.0.0.1
==> dut:  -- Graphics Password:  Not defined
==> dut:  -- Graphics Websocket: 5700
==> dut: Waiting for domain to get an IP address...
==> dut: Waiting for machine to boot. This may take a few minutes...
    dut: SSH address: 192.168.121.101:22
    dut: SSH username: vagrant
    dut: SSH auth method: private key
    dut: Warning: Connection refused. Retrying...
==> dut: Machine booted and ready!

┌──────────────────────────────────────────────────────────────────────────────────┐
│ STARTING clab nodes                                                              │
└──────────────────────────────────────────────────────────────────────────────────┘
Recreating clab-augment.yml configuration file for clab provider
[CREATED] provider configuration file: clab-augment.yml
[MAPPED]  clab_files/r1/daemons to r1:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r1/hosts to r1:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
[MAPPED]  clab_files/r2/daemons to r2:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r2/hosts to r2:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
[MAPPED]  clab_files/r3/daemons to r3:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r3/hosts to r3:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
[MAPPED]  clab_files/r4/daemons to r4:/etc/frr/daemons (from templates/provider/clab/frr/daemons.j2)
[MAPPED]  clab_files/r4/hosts to r4:/etc/hosts (from templates/provider/clab/frr/hosts.j2)
provider clab: executing sudo -E containerlab deploy -t clab-augment.yml
INFO[0000] Containerlab v0.52.0 started
INFO[0000] Parsing & checking topology file: clab-augment.yml
INFO[0000] Creating docker network: Name="netlab_mgmt", IPv4Subnet="192.168.121.0/24", IPv6Subnet="", MTU=1500
INFO[0000] Creating lab directory: /root/TOPOLOGIES/bugs/vrf12/clab-vrf12
INFO[0000] Creating container: "r2"
INFO[0000] Creating container: "r1"
INFO[0000] Creating container: "r4"
INFO[0000] Creating container: "r3"
INFO[0001] Created link: r3:eth1 <--> virbr14:r3_eth1
INFO[0001] Created link: r4:eth1 <--> virbr15:r4_eth1
INFO[0001] Created link: r1:eth1 <--> virbr12:r1_eth1
INFO[0001] Created link: r2:eth1 <--> virbr13:r2_eth1
INFO[0001] Adding containerlab host entries to /etc/hosts file
INFO[0001] Adding ssh config for containerlab nodes
INFO[0001] 🎉 New containerlab version 0.54.2 is available! Release notes: https://containerlab.dev/rn/0.54/#0542
Run 'containerlab version upgrade' to upgrade or go check other installation options at https://containerlab.dev/install/
+---+---------------+--------------+-----------------------------+-------+---------+--------------------+--------------+
| # |     Name      | Container ID |            Image            | Kind  |  State  |    IPv4 Address    | IPv6 Address |
+---+---------------+--------------+-----------------------------+-------+---------+--------------------+--------------+
| 1 | clab-vrf12-r1 | daf222dcbd4e | quay.io/frrouting/frr:9.1.0 | linux | running | 192.168.121.111/24 | N/A          |
| 2 | clab-vrf12-r2 | db17328cbc32 | quay.io/frrouting/frr:9.1.0 | linux | running | 192.168.121.112/24 | N/A          |
| 3 | clab-vrf12-r3 | 583d4a63f150 | quay.io/frrouting/frr:9.1.0 | linux | running | 192.168.121.123/24 | N/A          |
| 4 | clab-vrf12-r4 | bfe8c60ab7d9 | quay.io/frrouting/frr:9.1.0 | linux | running | 192.168.121.124/24 | N/A          |
+---+---------------+--------------+-----------------------------+-------+---------+--------------------+--------------+

┌──────────────────────────────────────────────────────────────────────────────────┐
│ DEPLOYING initial device configurations                                          │
└──────────────────────────────────────────────────────────────────────────────────┘
[WARNING]: Could not match supplied host pattern, ignoring: unprovisioned

PLAY [Deploy initial device configuration] ***************************************************************************************************************************************************************************************

TASK [Set variables that cannot be set with VARS] ********************************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Find device readiness script] **********************************************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Wait for device to become ready] *******************************************************************************************************************************************************************************************
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]
included: /root/GIT_H/netlab/netsim/ansible/tasks/readiness-check/dellos10.yml for dut

TASK [Wait for at least 3 minutes for OS10 inside CLAB...] ***********************************************************************************************************************************************************************
skipping: [dut]

TASK [Execute local ssh command to check OS10 readiness] *************************************************************************************************************************************************************************
skipping: [dut]

TASK [Deploy initial configuration] **********************************************************************************************************************************************************************************************
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-module.yml for dut, r1, r2, r3, r4

TASK [Figure out whether to deploy the module initial on current device] *********************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Find configuration template for initial] ***********************************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Print deployed configuration when running in verbose mode] *****************************************************************************************************************************************************************
skipping: [dut]
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]

TASK [Find configuration deployment deploy_script for initial] *******************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Deploy initial configuration] **********************************************************************************************************************************************************************************************
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-config/dellos10.yml for dut
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-config/frr.yml for r1, r2, r3, r4

TASK [wait_for_connection] *******************************************************************************************************************************************************************************************************
skipping: [dut]

TASK [dellos10_config: deploying initial from /root/GIT_H/netlab/netsim/ansible/templates/initial/dellos10.j2] *******************************************************************************************************************
changed: [dut]

TASK [template] ******************************************************************************************************************************************************************************************************************
changed: [r2]
changed: [r4]
changed: [r1]
changed: [r3]

TASK [set_fact] ******************************************************************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]

TASK [run /tmp/config.sh to deploy initial config from /root/GIT_H/netlab/netsim/ansible/templates/initial/frr.j2] ***************************************************************************************************************
changed: [r1]
changed: [r2]
changed: [r3]
changed: [r4]

TASK [run vtysh to import initial config from /root/GIT_H/netlab/netsim/ansible/templates/initial/frr.j2] ************************************************************************************************************************
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]

PLAY [Deploy module-specific configurations] *************************************************************************************************************************************************************************************

TASK [Set variables that cannot be set with VARS] ********************************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Deploy individual configuration modules] ***********************************************************************************************************************************************************************************
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-module.yml for dut, r1, r2, r3, r4 => (item=bgp)
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-module.yml for dut, r1, r2, r3, r4 => (item=vrf)

TASK [Figure out whether to deploy the module bgp on current device] *************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Find configuration template for bgp] ***************************************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Print deployed configuration when running in verbose mode] *****************************************************************************************************************************************************************
skipping: [dut]
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]

TASK [Find configuration deployment deploy_script for bgp] ***********************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Deploy bgp configuration] **************************************************************************************************************************************************************************************************
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-config/dellos10.yml for dut
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-config/frr.yml for r1, r2, r3, r4

TASK [wait_for_connection] *******************************************************************************************************************************************************************************************************
skipping: [dut]

TASK [dellos10_config: deploying bgp from /root/GIT_H/netlab/netsim/ansible/templates/bgp/dellos10.j2] ***************************************************************************************************************************
changed: [dut]

TASK [template] ******************************************************************************************************************************************************************************************************************
changed: [r1]
changed: [r3]
changed: [r4]
changed: [r2]

TASK [set_fact] ******************************************************************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]

TASK [run /tmp/config.sh to deploy bgp config from /root/GIT_H/netlab/netsim/ansible/templates/bgp/frr.j2] ***********************************************************************************************************************
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]

TASK [run vtysh to import bgp config from /root/GIT_H/netlab/netsim/ansible/templates/bgp/frr.j2] ********************************************************************************************************************************
changed: [r1]
changed: [r2]
changed: [r3]
changed: [r4]

TASK [Figure out whether to deploy the module vrf on current device] *************************************************************************************************************************************************************
ok: [r1]
ok: [r2]
ok: [r3]
ok: [r4]
ok: [dut]

TASK [Find configuration template for vrf] ***************************************************************************************************************************************************************************************
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]
ok: [dut]

TASK [Print deployed configuration when running in verbose mode] *****************************************************************************************************************************************************************
skipping: [dut]
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]

TASK [Find configuration deployment deploy_script for vrf] ***********************************************************************************************************************************************************************
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]
ok: [dut]

TASK [Deploy vrf configuration] **************************************************************************************************************************************************************************************************
skipping: [r1]
skipping: [r2]
skipping: [r3]
skipping: [r4]
included: /root/GIT_H/netlab/netsim/ansible/tasks/deploy-config/dellos10.yml for dut

TASK [wait_for_connection] *******************************************************************************************************************************************************************************************************
skipping: [dut]

TASK [dellos10_config: deploying vrf from /root/GIT_H/netlab/netsim/ansible/templates/vrf/dellos10.j2] ***************************************************************************************************************************
changed: [dut]

PLAY [Deploy custom deployment templates] ****************************************************************************************************************************************************************************************
skipping: no hosts matched

PLAY RECAP ***********************************************************************************************************************************************************************************************************************
dut                        : ok=22   changed=3    unreachable=0    failed=0    skipped=8    rescued=0    ignored=0
r1                         : ok=21   changed=4    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0
r2                         : ok=21   changed=4    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0
r3                         : ok=21   changed=4    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0
r4                         : ok=21   changed=4    unreachable=0    failed=0    skipped=9    rescued=0    ignored=0

[SUCCESS] Lab devices configured

The device under test has two VRFs with two interfaces in each VRF.
Routers are attached to those interfaces and run BGP with device under test.
Assuming the multi-vrf test case succeeded, this one adds BGP routing with
CE routers.

* r1 and r2 should be able to ping each other
* r3 and r4 should be able to ping each other
* r1 should not be able to reach r3

and 

# netlab validate
[WARNING] Initial wait time extended by 30 seconds required by dellos10
[session]   Check EBGP sessions with DUT (wait up to 10 seconds) [ node(s): r1,r2,r3,r4 ]
[PASS]      r1: Neighbor 172.16.0.1 (dut) is in state Established
[PASS]      r2: Neighbor 172.16.1.1 (dut) is in state Established
[PASS]      r3: Neighbor 172.16.2.1 (dut) is in state Established
[PASS]      r4: Neighbor 172.16.3.1 (dut) is in state Established
[PASS]      Test succeeded

[pfx_red]   Check BGP prefix on R1 [ node(s): r1 ]
[PASS]      r1: The prefix 10.0.0.12/32 is in the BGP table
[PASS]      Test succeeded

[pfx_blue]  Check BGP prefix on R3 [ node(s): r3 ]
[PASS]      r3: The prefix 10.0.0.24/32 is in the BGP table
[PASS]      Test succeeded

[red]       Ping-based reachability test in VRF red [ node(s): r1 ]
[PASS]      r1: Ping to r2 succeeded
[PASS]      Test succeeded

[blue]      Ping-based reachability test in VRF blue [ node(s): r3 ]
[PASS]      r3: Ping to r4 succeeded
[PASS]      Test succeeded

[inter_vrf] Ping-based isolation test between blue and red VRF [ node(s): r1 ]
[PASS]      r1: Ping to r4 failed as expected
[PASS]      Test succeeded

[SUCCESS]   Tests passed: 9

ENV INFO:

# ansible-galaxy collection list | grep os10
dellemc.os10        1.2.4

# ansible --version
ansible [core 2.13.13]
  config file = /root/TOPOLOGIES/bugs/vrf12/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, Nov 22 2023, 10:22:35) [GCC 9.4.0]
  jinja version = 3.1.3
  libyaml = True

File config/dut.bgp.cfg generated with netlab initial -o (so you can compare with your one and be 100% sure of the content):

!
router bgp 65000
  log-neighbor-changes

! define a generic unnumbered template to be used for eBGP unnumbered...
! WTF Dell...
  template unnumbered_ebgp
  exit

  router-id 10.0.0.1
!
!
 address-family ipv4 unicast
!
  network 10.0.0.1/32
!
!
!
!

Could it be that you ran the test before that fix entered the repo?

ipspace commented 2 months ago

@ssasso Yeah, it looks like the fix didn't make it to my test server :(( I apologize for the extra work.

However, (in principle) I would suggest you indent "exit" in the template to look like it's part of the "template" object, otherwise Ansible might do something crazy saying "oh, we already did the 'exit' command, no need to do it again" when it would encounter the second "exit"

ssasso commented 2 months ago

Will try it immediately