T7750: VPP: CGNAT commit failure with vpptunX interface

[natali-rs1985]

Change summary

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T7750

Related PR(s)

How to test / Smoketest result

We should use VPP interface for CGNAT (not kernel vpptunX)

set vpp settings interface eth0 driver dpdk
set vpp settings interface eth1 driver dpdk

set vpp interfaces bonding bond0 kernel-interface vpptun10
set vpp interfaces bonding bond0 member interface eth0
set vpp interfaces bonding bond0 member interface eth1
set vpp interfaces bonding bond0 mode 802.3ad

set vpp kernel-interfaces vpptun10 vif 144 address 172.29.49.2/30
set vpp kernel-interfaces vpptun10 vif 145 address 206.0.9.22/30

set vpp nat cgnat interface inside bond0.144
set vpp nat cgnat interface outside  bond0.145
set vpp nat cgnat rule 10 inside-prefix 100.99.0.0/24
set vpp nat cgnat rule 10 outside-prefix 206.0.15.248/29

Before the fix:

vyos@vyos# commit
[ vpp nat cgnat ]
bond0.144 must be a VPP interface for inside CGNAT interface
[[vpp nat cgnat]] failed
Commit failed
[edit]

With the fix:

vyos@vyos# commit
[edit]
vyos@vyos# sudo vppctl show det44 interfaces
DET44 interfaces:
 BondEthernet0.144 in
 BondEthernet0.145 out
[edit]

vyos@vyos#    /usr/libexec/vyos/tests/smoke/cli/test_vpp.py
test_01_vpp_basic (__main__.TestVPP.test_01_vpp_basic) ... ok
test_02_vpp_vxlan (__main__.TestVPP.test_02_vpp_vxlan) ... ok
test_03_vpp_gre (__main__.TestVPP.test_03_vpp_gre) ... ok
test_04_vpp_geneve (__main__.TestVPP.test_04_vpp_geneve) ... skipped 'Skipping this test geneve index always is 0'
test_05_vpp_loopback (__main__.TestVPP.test_05_vpp_loopback) ... ok
test_06_vpp_bonding (__main__.TestVPP.test_06_vpp_bonding) ... skipped 'Skipping temporary bonding, sometimes get recursion'
test_07_vpp_bridge (__main__.TestVPP.test_07_vpp_bridge) ... ok
test_08_vpp_ipip (__main__.TestVPP.test_08_vpp_ipip) ... ok
test_09_vpp_xconnect (__main__.TestVPP.test_09_vpp_xconnect) ... ok
test_10_vpp_driver_options (__main__.TestVPP.test_10_vpp_driver_options) ... ok
test_11_vpp_cpu_settings (__main__.TestVPP.test_11_vpp_cpu_settings) ... ok
test_12_vpp_cpu_corelist_workers (__main__.TestVPP.test_12_vpp_cpu_corelist_workers) ... ok
test_13_1_buffer_page_size (__main__.TestVPP.test_13_1_buffer_page_size) ... ok
test_13_2_statseg_page_size (__main__.TestVPP.test_13_2_statseg_page_size) ... ok
test_13_3_mem_page_size (__main__.TestVPP.test_13_3_mem_page_size) ... ok
test_14_vpp_ipsec_xfrm_nl (__main__.TestVPP.test_14_vpp_ipsec_xfrm_nl) ... ok
test_15_1_vpp_cgnat (__main__.TestVPP.test_15_1_vpp_cgnat) ... ok
test_15_2_vpp_cgnat_bond_with_vifs (__main__.TestVPP.test_15_2_vpp_cgnat_bond_with_vifs) ... ok
test_16_vpp_nat (__main__.TestVPP.test_16_vpp_nat) ... ok
test_17_vpp_sflow (__main__.TestVPP.test_17_vpp_sflow) ... ok
test_18_resource_limits (__main__.TestVPP.test_18_resource_limits) ... ok
test_19_vpp_pppoe_mapping (__main__.TestVPP.test_19_vpp_pppoe_mapping) ... ok

----------------------------------------------------------------------
Ran 22 tests in 664.105s

OK (skipped=2)

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[sever-sever]

set vpp interfaces bonding bond0 kernel-interface 'vpptun0'
set vpp interfaces bonding bond0 member interface 'eth1'
set vpp kernel-interfaces vpptun0 vif 23 address '192.0.2.23/32'
set vpp kernel-interfaces vpptun0 vif 223 address '100.64.23.1/24'
set vpp settings interface eth1 driver 'dpdk'
set vpp settings interface eth2 driver 'dpdk'
set vpp settings unix poll-sleep-usec '222'
commit

set vpp nat cgnat interface inside 'vpptun0.223'
set vpp nat cgnat interface outside 'vpptun0.23'
commit

commit:

vyos@r14# commit
[ vpp ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 156, in run_script
    script.apply(c)
  File "/usr/libexec/vyos/conf_mode/vpp.py", line 789, in apply
    call_dependents()
  File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 172, in call_dependents
    f()
  File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 141, in func_impl
    run_conditionally(target, tag_value, config)
  File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 132, in run_conditionally
    run_config_mode_script(target, config)
  File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 111, in run_config_mode_script
    mod.apply(c)
  File "/usr/libexec/vyos/conf_mode/vpp_interfaces_bonding.py", line 199, in apply
    i.kernel_delete()
  File "/usr/lib/python3/dist-packages/vyos/vpp/interface/bond.py", line 118, in kernel_delete
    self.vpp.lcp_pair_del(self.ifname, self.kernel_interface)
  File "/usr/lib/python3/dist-packages/vyos/vpp/control_vpp.py", line 80, in check_retval_wrapper
    if not return_value.retval == 0:
           ^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'retval'

[[vpp]] failed
[[vpp nat cgnat]] failed
Commit failed
Traceback (most recent call last):
  File "/usr/libexec/vyos/reset_section.py", line 97, in <module>
    os.unlink(hint_name)
PermissionError: [Errno 1] Operation not permitted: '/tmp/apply_4691'
[edit]
vyos@r14# 

[sever-sever]

1. Unexpected tap4098 interface in the CGNAT

set vpp interfaces bonding bond0 kernel-interface 'vpptun0'
set vpp interfaces bonding bond0 member interface 'eth1'
set vpp kernel-interfaces vpptun0 vif 23 address '192.0.2.23/32'
set vpp kernel-interfaces vpptun0 vif 223 address '100.64.23.1/24'
set vpp nat cgnat interface inside 'vpptun0.223'
set vpp nat cgnat interface outside 'vpptun0.23'
set vpp nat cgnat rule 10 inside-prefix '100.64.23.0/24'
set vpp nat cgnat rule 10 outside-prefix '192.0.2.23/32'
set vpp settings interface eth1 driver 'dpdk'
set vpp settings interface eth2 driver 'dpdk'
set vpp settings unix poll-sleep-usec '222'
commit

run show vpp nat cgnat interfaces

set vpp interfaces bonding bond0 mode 802.3ad
commit

run show vpp nat cgnat interfaces

Output after first and second commits:

vyos@r14# run show vpp nat cgnat interfaces 
CGNAT interfaces:
  BondEthernet0.223 in
  BondEthernet0.23 out
[edit]
vyos@r14# 
[edit]
vyos@r14# set vpp interfaces bonding bond0 mode 802.3ad
[edit]
vyos@r14# commit
[edit]
vyos@r14# 
[edit]
vyos@r14# run show vpp nat cgnat interfaces 
CGNAT interfaces:
  tap4098 in
  BondEthernet0.23 out
  BondEthernet0.223 in
[edit]
vyos@r14# 

show interfaces:

vyos@r14# run show vpp interfaces 
Kernel       Dataplane          Type    IP Address      MAC                  MTU  State
-----------  -----------------  ------  --------------  -----------------  -----  -------
             BondEthernet0      bond                    be:34:0b:48:52:c6   9000  up
             BondEthernet0.223  bond    100.64.23.1/24  00:00:00:00:00:00   9000  up
             BondEthernet0.23   bond    192.0.2.23/32   00:00:00:00:00:00   9000  up
             eth1               dpdk                    52:54:00:28:23:f1   1500  up
             eth2               dpdk                    52:54:00:d9:5e:73   1500  up
             local0             local                   00:00:00:00:00:00      0  down
eth1         tap4096            virtio                  02:fe:4c:9d:dd:d2   9000  up
eth2         tap4097            virtio                  02:fe:54:e8:8a:17   9000  up
vpptun0      tap4098            virtio                  02:fe:6c:34:c6:63   9000  up
vpptun0.223  tap4098.223        virtio                  00:00:00:00:00:00      0  up
vpptun0.23   tap4098.23         virtio                  00:00:00:00:00:00      0  up
[edit]
vyos@r14# 

---

2. Add the second interface to the bonding and we see unexpected interfaces for NAT tap4098.23 in tap4098 in

set vpp interfaces bonding bond0 member interface eth2
commit

vyos@r14# run show vpp nat cgnat interfaces 
CGNAT interfaces:
  tap4098.23 in
  BondEthernet0.23 out
  tap4098 in
  BondEthernet0.223 in
[edit]
vyos@r14# 

[natali-rs1985]

@sever-sever Fixed. And now we should use VPP name of intefaces for CGNAT (not kernel vpptunX)

[sever-sever]

1. Unexpected None in interface

set vpp interfaces bonding bond0 kernel-interface 'vpptun0'
set vpp interfaces bonding bond0 member interface 'eth1'
set vpp kernel-interfaces vpptun0 vif 23 address '192.0.2.23/32'
set vpp kernel-interfaces vpptun0 vif 223 address '100.64.23.1/24'
set vpp nat cgnat interface inside 'bond0.223'
set vpp nat cgnat interface outside 'bond0'
set vpp nat cgnat rule 10 inside-prefix '100.64.23.0/24'
set vpp nat cgnat rule 10 outside-prefix '192.0.2.23/32'
set vpp settings interface eth1 driver 'dpdk'
set vpp settings interface eth2 driver 'dpdk'
set vpp settings unix poll-sleep-usec '2323'

op-mode looks good

vyos@r14# run show vpp nat cgnat interfaces 
CGNAT interfaces:
  BondEthernet0.223 in
  BondEthernet0 out
[edit]
vyos@r14# 

Delete kernel interfaces

delete vpp kernel-interfaces
commit

Unexpected None

vyos@r14# run show vpp nat cgnat interfaces 
CGNAT interfaces:
  None in
  BondEthernet0 out
[edit]
vyos@r14# 
vyos@r14# sudo vppctl show det44 interfaces 
DET44 interfaces:
 DELETED (9) in
 BondEthernet0 out
[edit]
vyos@r14# 

2. Add 2 kernel interfaces:

set vpp kernel-interfaces vpptun0 vif 223 address 100.64.23.1/24
set vpp kernel-interfaces vpptun0 vif 23 address 192.0.2.23/32
commit

Expected BondEthernet0.223 in but get BondEthernet0.23 in

vyos@r14# run show vpp nat cgnat interfaces 
CGNAT interfaces:
  BondEthernet0.23 in
  BondEthernet0 out
[edit]
vyos@r14# 

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests (no interfaces) 👍 passed
• CLI Smoketests VPP 👍 passed
• CLI Smoketests (interfaces only) ❌ failed
• Config tests 👍 passed
• Config tests VPP 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed