Skip to content

T7950: VPP: Unexpected None interface in CGNAT when ethernet subinterace is removed from vif #4830

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: current
Choose a base branch
from
Open

T7950: VPP: Unexpected None interface in CGNAT when ethernet subinterace is removed from vif #4830

wants to merge 1 commit into from

Conversation

@natali-rs1985
Copy link
Contributor

@natali-rs1985 natali-rs1985 commented Nov 3, 2025

Do not allow to delete subinterface if it is in use in VPP NAT features

Change summary

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

How to test / Smoketest result

set interfaces ethernet eth1 vif 10 address 10.0.2.1/24

set vpp settings interface eth1 driver dpdk
set vpp nat cgnat interface inside eth1
set vpp nat cgnat interface outside  eth1.10
set vpp nat cgnat rule 10 inside-prefix 100.99.0.0/24
set vpp nat cgnat rule 10 outside-prefix 206.0.15.248/29
commit

del interfaces ethernet eth1 vif
commit

Before the fix:

vyos@vyos# sudo vppctl show det44 interfaces
DET44 interfaces:
 eth1 in
 DELETED (3) out
[edit]
@vyos# run show vpp nat cgnat interfaces
CGNAT interfaces:
  eth1 in
  None out
[edit]

After the fix:

vyos@vyos# commit
[ interfaces ethernet eth1 ]
Cannot delete interface "eth1.10", it is still in use by "vpp nat cgnat" as
outside interface

[[interfaces ethernet eth1]] failed
Commit failed

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@github-actions
Copy link

github-actions bot commented Nov 3, 2025
edited
Loading

👍
No issues in PR Title / Commit Title

sever-sever
sever-sever approved these changes Nov 3, 2025
View reviewed changes
src/conf_mode/interfaces_ethernet.py Outdated
for vif in ethernet.get(vif_type, []):
vif_name = f'{ifname}.{vif}'

for path in ['vpp.nat44', 'vpp.nat.cgnat']:
Copy link
Member

@sever-sever sever-sever Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we somehow extend the path or recursively check the entire VPP configuration?
There could be other places where we can find subinterfaces in the VPP config
For example:

set vpp interfaces bridge br1 member interface eth0.23
set vpp acl ip interface eth0.23
set vpp acl macip interface eth0.23
set vpp sflow interface eth0.23

I'm not against fixing this for NAT exclusively.

Copy link
Contributor Author

@natali-rs1985 natali-rs1985 Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At the moment subinterfaces are not allowed in any of this VPP configs.

dmbaturin
dmbaturin approved these changes Nov 3, 2025
View reviewed changes
Copy link
Member

@dmbaturin dmbaturin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also feel there could be a general solution, but I'm also not against fixing it in the only already known place first.

@dmbaturin dmbaturin added the bp/circinus Create automatic backport for circinus label Nov 3, 2025
@natali-rs1985
Copy link
Contributor Author

natali-rs1985 commented Nov 3, 2025

I've made it more universal. @sever-sever @dmbaturin please check once more

@github-actions github-actions bot added the rebase label Nov 6, 2025
@natali-rs1985
T7950: VPP: Unexpected None interface in CGNAT when ethernet subinter…
9b53673 
…face is removed from vif

Do not allow to delete subinterface if it is in use in VPP features
@github-actions
Copy link

github-actions bot commented Nov 6, 2025

CI integration ❌ failed!

Details

CI logs

  • CLI Smoketests (no interfaces) ❌ failed
  • CLI Smoketests VPP 👍 passed
  • CLI Smoketests (interfaces only) 👍 passed
  • Config tests 👍 passed
  • Config tests VPP 👍 passed
  • RAID1 tests 👍 passed
  • TPM tests 👍 passed

sever-sever
sever-sever approved these changes Nov 6, 2025
View reviewed changes
Copy link
Member

@sever-sever sever-sever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do not allow the deletion of subinterfaces that are used in VPP
I did not do local tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sever-sever sever-sever sever-sever approved these changes

@zdc zdc Awaiting requested review from zdc

@c-po c-po Awaiting requested review from c-po

@dmbaturin dmbaturin Awaiting requested review from dmbaturin

Assignees

@natali-rs1985 natali-rs1985

Labels

bp/circinus Create automatic backport for circinus current rebase

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@natali-rs1985 @dmbaturin @sever-sever