Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-81742

NetworkManager bridge-port.vlans does not remove untagged VLAN 1

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • rhel-9.8
    • NetworkManager
    • None
    • No
    • None
    • rhel-net-mgmt
    • ssg_networking
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      NetworkManager does not remove VLAN 1 when configuring bridge-port.vlans even when an untagged pvid different than 1 is specified:

      nmcli conn mod vnet2 bridge-port.vlans "124 pvid untagged,123"
nmcli conn up vnet2

      The problem being that NM does not remove the "1" VLAN:

      [root@virt ~]# bridge -compressvlans vlan show
port              vlan-id  
virbr0            1 PVID Egress Untagged
br0               1 PVID Egress Untagged
vnet1             1 PVID Egress Untagged
vnet2             1 Egress Untagged
                  123
                  124 PVID Egress Untagged
bond1             1 PVID
                  2-4094

      Enable tracing for NetworkManager with:
      https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/introduction-to-networkmanager-debugging_configuring-and-managing-networking#setting-the-networkmanager-log-level_introduction-to-networkmanager-debugging

      Then, run:

      bridge vlan del dev vnet2 vid 1

      Followed by:

      nmcli conn mod vnet2 bridge-port.vlans "124 pvid untagged,123"

      Result:

      Feb 28 10:11:29 virt NetworkManager[46759]: <trace> [1740755489.9635] auth: call[1]: CheckAuthorization(org.freedesktop.NetworkManager.settings.modify.system), subject=unix-process[pid=46916, uid=0, start=9594594] (succeeding for root)
Feb 28 10:11:29 virt NetworkManager[46759]: <trace> [1740755489.9635] auth: call[1]: completed: authorized=1, challenge=0 (simulated)
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9635] create NMAuditManager singleton (852174f865074e50)
Feb 28 10:11:29 virt NetworkManager[46759]: <trace> [1740755489.9646] keyfile: commit: "/etc/NetworkManager/system-connections/vnet2.nmconnection": profile a0c846df-3269-4cdf-80cf-381429d70893 (vnet2) written
Feb 28 10:11:29 virt NetworkManager[46759]: <trace> [1740755489.9646] settings: update[a0c846df-3269-4cdf-80cf-381429d70893]: update-from-dbus: update profile "vnet2"
Feb 28 10:11:29 virt NetworkManager[46759]: <trace> [1740755489.9647] settings: storage[a0c846df-3269-4cdf-80cf-381429d70893,be7b257449979bf3/keyfile]: change event with connection "vnet2" (file "/etc/NetworkManager/system-connections/vnet2.nmconnection")
Feb 28 10:11:29 virt NetworkManager[46759]: <trace> [1740755489.9647] settings: update[a0c846df-3269-4cdf-80cf-381429d70893]: updating connection "vnet2" (be7b257449979bf3/keyfile), new version-id 3
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9647] ++ connection 'update connection' (0x56552f5469c0/NMSimpleConnection/"tun" < 0x56552f4f99c0/NMSimpleConnection/"tun") [/org/freedesktop/NetworkManager/Settings/13]:
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9647] ++ connection                [ 0x56552f583020 < 0x56552f4f43c0 ]
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9647] ++ connection.timestamp      = 1740755450 < 1740752020
Feb 28 10:11:29 virt NetworkManager[46759]: <trace> [1740755489.9649] policy: block-autoconnect: unblocking port profiles for controller ifname="vnet2", uuid="a0c846df-3269-4cdf-80cf-381429d70893"
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9649] manager: (vnet2) already created virtual interface name vnet2
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9649] Saving secrets for connection /org/freedesktop/NetworkManager/Settings/13 (vnet2)
Feb 28 10:11:29 virt NetworkManager[46759]: <info>  [1740755489.9650] audit: op="connection-update" uuid="a0c846df-3269-4cdf-80cf-381429d70893" name="vnet2" args="connection.timestamp" pid=46916 uid=0 result="success"
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9651] device[50f22eed61250955] (lo): add_pending_action (1): 'autoactivate'
Feb 28 10:11:29 virt NetworkManager[46759]: <debug> [1740755489.9652] device[50f22eed61250955] (lo): remove_pending_action (0): 'autoactivate'

      Then, run:

      nmcli conn up vnet2

      Result - No removal of VLAN 1:

      Feb 28 10:11:36 virt NetworkManager[46759]: <debug> [1740755496.0166] platform-linux: do-change-link[21]: success
Feb 28 10:11:36 virt NetworkManager[46759]: <debug> [1740755496.0166] platform: (vnet2) link: setting bridge VLANs on controller
Feb 28 10:11:36 virt NetworkManager[46759]: <debug> [1740755496.0166] platform: (vnet2) link:   bridge VLAN 123
Feb 28 10:11:36 virt NetworkManager[46759]: <debug> [1740755496.0167] platform: (vnet2) link:   bridge VLAN 124 PVID untagged
Feb 28 10:11:36 virt NetworkManager[46759]: <debug> [1740755496.0167] platform-linux: do-request-link: 25

              rh-ee-sfaye Stanislas Faye
              akaris@redhat.com Andreas Karis
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: