Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-36429

Support per-interface IPv4 forwarding via sysctl in nmstate

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • nmstate-2.2.52-1.el10
    • None
    • ZStream
    • rhel-net-mgmt
    • ssg_networking
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Regression Exception
    • Hide

      Definition of Done:

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:

      ( ) The acceptance criteria defined below are met.

      Same as in the description. Reformulated:

      User story:

      As a user of a multi-interface node (OCP), I want to configure secondary interface  to allow forwarding sysctl (sysctl -w "net.ipv4.conf.eth2.forward=1") in order metallb LBs to work.

      Acceptance Criteria

      Given a system administrator configuring a system where default forwarding is not set (sysctl -w "net.ipv4.ip_forward=0"), 

      When they apply this nmstate config

      ---
interfaces:
  - name: eth1
    type: ethernet
    state: up
    ipv4:
      address:
      - ip: 192.0.2.251
        prefix-length: 24
      dhcp: false
      enabled: true
      sysctl:
        # using the name defined in
        # https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
        forwarding: true

      Then, the packets entering the eth1 are processed by forwarding rules (e.g. iptables-nft forward chain)

      ( ) Code changes are included in a downstream build attached to an errata.

      ( ) All required testing (manual and/or automated) passes successfully.

      ( ) Related documentation updates have been completed.

      Show
      Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. Same as in the description. Reformulated: User story : As a user of a multi-interface node (OCP), I want to configure secondary interface  to allow forwarding sysctl (sysctl -w "net.ipv4.conf.eth2.forward=1") in order metallb LBs to work. Acceptance Criteria Given a system administrator configuring a system where default forwarding is not set (sysctl -w "net.ipv4.ip_forward=0"),  When they apply this nmstate config --- interfaces:   - name: eth1     type: ethernet     state: up     ipv4:       address:       - ip: 192.0.2.251         prefix-length: 24       dhcp: false       enabled: true       sysctl:         # using the name defined in         # https: //www.kernel.org/doc/Documentation/networking/ip-sysctl.txt         forwarding: true Then, the packets entering the eth1 are processed by forwarding rules (e.g. iptables-nft forward chain) ( ) Code changes are included in a downstream build attached to an errata. ( ) All required testing (manual and/or automated) passes successfully. ( ) Related documentation updates have been completed.
    • Requested
    • None
    • Release Note Not Required
    • The RN is in RHEL-59083.
    • None

      Goal

      As a user of a multi-interface node (OCP), I want to configure secondary interface  to allow forwarding sysctl (sysctl -w "net.ipv4.conf.eth2.forward=1") in order metallb LBs to work.

      Acceptance Criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • Verify X
      • Verify Y
      • Verify Z

      Given that default forwarding is not set (sysctl -w "net.ipv4.ip_forward=0")

      I apply this nmstate config

      ---
interfaces:
  - name: eth1
    type: ethernet
    state: up
    ipv4:
      address:
        - ip: 192.0.2.251
          prefix-length: 24
      dhcp: false
      enabled: true
      forwarding: true  

      and I see the packets entering the eth1 are processed by forwarding rules (e.g. iptables-nft forward chain)

              rh-ee-sfaye Stanislas Faye
              kkarampo@redhat.com Konstantinos Karampogias
              Network Management Team Network Management Team
              Mingyu Shi Mingyu Shi
              Marc Muehlfeld Marc Muehlfeld
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated: