-
Bug
-
Resolution: Not a Bug
-
Normal
-
rhel-9.6
-
No
-
Moderate
-
1
-
rhel-net-mgmt
-
ssg_networking
-
3
-
False
-
False
-
-
None
-
NMT SST - Refine next
-
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
NetworkManager will create some nft rules for balance-slb bonding.
After re-up bonding conn, some nft rules are lost.
What is the impact of this issue to you?
Please provide the package NVR for which the bug is seen:
[root@dell-per740-07 ~]# rpm -q NetworkManager
NetworkManager-1.51.5-1.el9.x86_64
[root@dell-per740-07 ~]# uname -r
5.14.0-547.el9.x86_64
How reproducible is this bug?:
always
Steps to reproduce
# create balance-slb bonding nmcli connection add con-name br0 type bridge ifname br0 bridge.vlan-filtering yes ipv4.method disable ipv6.method disable bridge.stp no bridge.ageing-time 9000 nmcli connection up br0 nmcli connection add con-name bond0 type bond ifname bond0 master br0 bond.options "mode=balance-xor,balance-slb=1,xmit_hash_policy=vlan+srcmac" for port in ens2f0 ens2f1;do nmcli connection add con-name $port type ethernet ifname $port master bond0 done nmcli connection up bond0 for port in ens2f0 ens2f1;do nmcli con up $port done # list nft rules [root@dell-per740-07 ~]# nft list ruleset table netdev nm-mlag-bond0 { set macset-tagged { typeof ether saddr . vlan id size 65535 flags dynamic,timeout } set macset-untagged { typeof ether saddr size 65535 flags dynamic,timeout } chain tx-snoop-source-mac { type filter hook egress device "bond0" priority filter; policy accept; update @macset-tagged { ether saddr . vlan id timeout 5s } return update @macset-untagged { ether saddr timeout 5s } } chain rx-drop-looped-packets { type filter hook ingress device "bond0" priority filter; policy accept; ether saddr . vlan id @macset-tagged drop ether type 8021q return ether saddr @macset-untagged drop } chain rx-drop-bc-mc-ens2f1 { type filter hook ingress device "ens2f1" priority filter; policy accept; meta pkttype { broadcast, multicast } drop } chain tx-redirect-igmp-reports-ens2f1 { type filter hook egress device "ens2f1" priority filter + 1; policy accept; meta protocol ip igmp type { membership-report-v1, membership-report-v2, membership-report-v3 } fwd to "ens2f0" icmpv6 type { mld-listener-report, mld2-listener-report } fwd to "ens2f0" } } # re-up bonding conn nmcli con down bond0 nmcli con up bond0 # nft list ruleset again, some rules are lost. table netdev nm-mlag-bond0 { set macset-tagged { typeof ether saddr . vlan id size 65535 flags dynamic,timeout } set macset-untagged { typeof ether saddr size 65535 flags dynamic,timeout } chain tx-snoop-source-mac { type filter hook egress device "bond0" priority filter; policy accept; update @macset-tagged { ether saddr . vlan id timeout 5s } return update @macset-untagged { ether saddr timeout 5s } } chain rx-drop-looped-packets { type filter hook ingress device "bond0" priority filter; policy accept; ether saddr . vlan id @macset-tagged drop ether type 8021q return ether saddr @macset-untagged drop } }