Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-126560

After reboot connectivity to the macsec interface is lost when macsec configured over bond

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Can't Do
    • Icon: Normal Normal
    • None
    • rhel-8.10, rhel-9.6, rhel-10.0
    • NetworkManager
    • None
    • None
    • Low
    • rhel-net-mgmt
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      Definition of Done:

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:

      ( ) The acceptance criteria defined below are met.

      None

      ( ) Integration test case is available upstream.

      ( ) Code is reviewed and merged upstream.

      ( ) Preliminary testing is done.

      ( ) Upstream documentation is written in the upstream MR.

      ( ) Release notes text is written in the RHEL issue.

      ( ) A demo is recorded

      Show
      Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. None ( ) Integration test case is available upstream. ( ) Code is reviewed and merged upstream. ( ) Preliminary testing is done. ( ) Upstream documentation is written in the upstream MR. ( ) Release notes text is written in the RHEL issue. ( ) A demo is recorded
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      After reboot connectivity to the macsec interface is lost when macsec configured over bond

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      1. rpm -qa | grep NetworkManager-1
        NetworkManager-1.40.16-19.el8_10.x86_64

      The issue also seen on RHEL 9 as well as RHEL 10

      1. rpm -q NetworkManager
        NetworkManager-1.46.0-32.el9_4.x86_64
      1. rpm -q NetworkManager
        NetworkManager-1.52.0-5.el10_0.x86_64

      How reproducible is this bug?:

      // Seting up macsec interface

      1. nmcli con add type bond ifname bond1 con-name bond1 ipv4.method disabled ipv6.method disabled bond.options "mode=1,miimon=100"
      2. nmcli connection add type bond-slave con-name enp7s0 ifname enp7s0 master bond1
      3. nmcli connection add type bond-slave con-name enp8s0 ifname enp8s0 master bond1
      1. nmcli connection add type macsec con-name macsec0 ifname macsec0 macsec.parent bond1 macsec.mode psk macsec.mka-cak c1e7814e0aeaff9768b3321d246ae782 macsec.mka-ckn 54505d2d0730605f7c0d5837270c2b3d0780ec0cdd50373fc17ded01e31b657f ipv4.method manual ipv4.addresses 192.168.100.84/24 ipv6.method disabled

      // We see only macsec0 interface

      1. ip a s
        1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
        3: enp7s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
        link/ether 52:54:00:48:8b:eb brd ff:ff:ff:ff:ff:ff
        4: enp8s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
        link/ether 52:54:00:48:8b:eb brd ff:ff:ff:ff:ff:ff permaddr 52:54:00:bb:71:8e
        9: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether 52:54:00:48:8b:eb brd ff:ff:ff:ff:ff:ff
        10: macsec0@bond1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP group default qlen 1000
        link/ether 52:54:00:48:8b:eb brd ff:ff:ff:ff:ff:ff
        inet 192.168.100.84/24 brd 192.168.100.255 scope global noprefixroute macsec0
        valid_lft forever preferred_lft forever

      Now, when I rebooted, ran "nmcli con up macsec0", I see macsec1 interface:

      1. ip a s
        3: enp7s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
        link/ether 52:54:00:bb:71:8e brd ff:ff:ff:ff:ff:ff permaddr 52:54:00:48:8b:eb
        4: enp8s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
        link/ether 52:54:00:bb:71:8e brd ff:ff:ff:ff:ff:ff
        5: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether 52:54:00:bb:71:8e brd ff:ff:ff:ff:ff:ff
        6: macsec0@bond1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1468 qdisc noqueue state UP group default qlen 1000
        link/ether 26:74:6f:5a:f0:ef brd ff:ff:ff:ff:ff:ff
        inet 192.168.100.84/24 brd 192.168.100.255 scope global noprefixroute macsec0
        valid_lft forever preferred_lft forever
        8: macsec1@bond1: <BROADCAST,MULTICAST> mtu 1468 qdisc noop state DOWN group default qlen 1000 <<<<
        link/ether 52:54:00:bb:71:8e brd ff:ff:ff:ff:ff:ff
      1. nmcli c s
        NAME UUID TYPE DEVICE
        macsec0 15c58813-aed0-417a-bbdf-4ae2750dca47 macsec macsec0
        bond1 cb66b613-17f2-428b-aafe-4b1447753dbe bond bond1
        enp7s0 1d046e5a-ad28-457d-9be2-7d37c45c1877 ethernet enp7s0
        enp8s0 ffc013ba-50ec-40d1-b7c7-9b6ce5e5bad1 ethernet enp8s0
      1. nmcli d s
        DEVICE TYPE STATE CONNECTION
        macsec0 macsec connected macsec0
        bond1 bond connected bond1
        enp7s0 ethernet connected enp7s0
        enp8s0 ethernet connected enp8s0
        lo loopback unmanaged –
        macsec1 macsec unmanaged – <<<<<

      (For RHEL 8, I needed to run "nmcli con up macsec0" but for RHEL 9 and 10 I see issue reproduced just after reboot)

      Expected results

      We should not get macsec1 interface, macsec0 interface should have mac of bond1.

      Actual results

      We see macsec1 interface comes up with mac of bond1

        1. journal.log
          587 kB

              nm-team Network Management Team
              prpatel@redhat.com Prijesh Patel
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: