Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-102318

Lose VLAN filtering after reapply linux bridge port

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • NetworkManager-1.54.0-1.el10
    • Yes
    • Low
    • ZStream
    • rhel-net-mgmt
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Regression Exception
    • Hide

      Definition of Done:

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:

      The acceptance criteria defined below are met.

      Given a RHEL 9.4 system with NetworkManager 1.46.0-30 or later,
      and a Linux bridge configured with a port using VLAN filtering in trunk mode,

      When a system administrator executes nmcli device reapply <bridge-port> (e.g., nmcli device reapply dummy0),

      Then the VLAN configuration on the bridge port must remain intact and the VLAN trunk tags (e.g., 1–4094) must still be listed under the port.

      Integration test case is available upstream

      Code is reviewed and merged upstream

      Preliminary testing is done

      A demo is recorded

      Show
      Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: The acceptance criteria defined below are met. Given a RHEL 9.4 system with NetworkManager 1.46.0-30 or later, and a Linux bridge configured with a port using VLAN filtering in trunk mode, When a system administrator executes nmcli device reapply <bridge-port> (e.g., nmcli device reapply dummy0), Then the VLAN configuration on the bridge port must remain intact and the VLAN trunk tags (e.g., 1–4094) must still be listed under the port. Integration test case is available upstream Code is reviewed and merged upstream Preliminary testing is done A demo is recorded
    • Pass
    • Automated
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      The `nmcli device reapply` on linux bridge port will cause the bridge losing its VLAN filtering settings , which then lead to all packet from linux bridge ports been dropped caused by empty VLAN filtering.

      What is the impact of this issue to you?

      All use cases of VLAN filtering used in OpenShift will be impacted. Because all NNCP will be applied after OCP upgrade, when nmstate using reapply on NNCP with VLAN filtering, the NNCP will be shown as degraded mode and all VLAN filtering is gone. This causing all VMs in OpenShift lose their network access.

      Please provide the package NVR for which the bug is seen:

      NetworkManager-1.46.0-30.el9_4

      How reproducible is this bug?:

      100%

      Steps to reproduce

      echo '
interfaces:
- name: dummy0
  type: dummy
  state: absent
- name: br0
  type: linux-bridge
  state: absent
' | nmstatectl apply -

echo '
interfaces:
- name: dummy0
  type: dummy
- name: br0
  type: linux-bridge
  state: up
  ipv4:
    enabled: false
  bridge:
    options:
      stp:
        enabled: false
      vlan-default-pvid: 0
    port:
    - name: dummy0
      vlan:
        mode: trunk
        trunk-tags:
        - id-range:
            min: 1
            max: 4094' | nmstatectl apply -

bridge -com vlan

nmcli device reapply dummy0

bridge -com vlan

      Expected results

      port vlan-id
      dummy0 1-4094

      Actual results

      No VLAN on dummy0

      This problem works well in NetworkManager-1.46.0-19.el9_4.x86_64 , hence marked as regression.

        1. bridge-port-vlan-reapply.sh
          9 kB
        2. nm.log
          143 kB

              rh-ee-sfaye Stanislas Faye
              fge@redhat.com Gris Ge
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: