Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-95722

different ipv4/ipv6 orders in `route-rules` result in different priorities

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-9.7
    • nmstate
    • None
    • No
    • Low
    • rhel-net-mgmt
    • ssg_networking
    • 2
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      Definition of Done:

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:

      ( ) The acceptance criteria defined below are met.

      Given an nmstate YAML that declares both IPv4 and IPv6 route-rules without explicit priority

      When the rules are applied using nmstatectl apply,

      Then nmstate must assign automatic priorities starting from 30000 independently for IPv4 and IPv6 so that rule order does not affect assigned priority within each IP family.

      ( ) Integration test case is available upstream.

      ( ) Code is reviewed and merged upstream.

      ( ) Preliminary testing is done.

      ( ) A demo is recorded

      Show
      Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. Given an nmstate YAML that declares both IPv4 and IPv6 route-rules without explicit priority When the rules are applied using nmstatectl apply, Then nmstate must assign automatic priorities starting from 30000 independently for IPv4 and IPv6 so that rule order does not affect assigned priority within each IP family. ( ) Integration test case is available upstream. ( ) Code is reviewed and merged upstream. ( ) Preliminary testing is done. ( ) A demo is recorded
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      When verifying RHEL-74238 , found another issue.

      Given the constraints in RHEL-74238: no priority set, when applying both ipv4 and ipv6 route rules, the different orders of ipv4/ipv6 rules result in different priorities.

      Ipv4 and ipv6 rules seem sharing one “queue” of priority, either ipv4 or ipv6 rule which applied first will get the lower priority (30000 by default), the later one will get 30001, it’s not consistent.

      IMO, ipv4 and ipv6 route rule priority should be evaluated respectively:
      Both ipv4 and ipv6 should start from 30000 priority, don't impact each other.

      What is the impact of this issue to you?

      Here's an expanded test of the original issue, which may lead to inconsistent results.

      Please provide the package NVR for which the bug is seen:

      nmstate-2.2.46-0.20250529.2525gite524260a.el9.x86_64

      How reproducible is this bug?:

      100%

      Steps to reproduce

       

      cat << EOF > v4-v6.yaml
route-rules:
  config:
    - ip-from: 8.8.8.8/24
      ip-to: 200.1.1.1/24
      route-table: 100
    - ip-from: 8:8:8::8/24
      ip-to: 200:1:1::1/24
      route-table: 100
routes:
  config:
    - destination: 0.0.0.0/0
      next-hop-interface: veth0
      next-hop-address: 100.1.1.254
      table-id: 100
    - destination: ::/0
      next-hop-interface: veth0
      next-hop-address: 100:1:1::254
      table-id: 100
interfaces:
  - name: veth0
    type: veth
    state: up
    ipv4:
      enabled: true
      address:
        - ip: 100.1.1.1
          prefix-length: 24
    ipv6:
      enabled: true
      address:
        - ip: 100:1:1::1
          prefix-length: 24
    veth:
      peer: veth0_p
EOF
cat << EOF > v6-v4.yaml
route-rules:
  config:
    - ip-from: 8:8:8::8/24
      ip-to: 200:1:1::1/24
      route-table: 100
    - ip-from: 8.8.8.8/24
      ip-to: 200.1.1.1/24
      route-table: 100
routes:
  config:
    - destination: 0.0.0.0/0
      next-hop-interface: veth0
      next-hop-address: 100.1.1.254
      table-id: 100
    - destination: ::/0
      next-hop-interface: veth0
      next-hop-address: 100:1:1::254
      table-id: 100
interfaces:
  - name: veth0
    type: veth
    state: up
    ipv4:
      enabled: true
      address:
        - ip: 100.1.1.1
          prefix-length: 24
    ipv6:
      enabled: true
      address:
        - ip: 100:1:1::1
          prefix-length: 24
    veth:
      peer: veth0_p
EOF
nmstatectl apply v4-v6.yaml
{ ip rule; ip -6 rule ;} > v4-v6.rule
nmcli con del veth0 veth0_p
nmstatectl apply v6-v4.yaml
{ ip rule; ip -6 rule ;} > v6-v4.rule
diff v4-v6.txt v6-v4.txt

       

      Expected results

      no difference, both ipv4 and ipv6 default route rule priority should start with 30000

      Actual results

      # diff v4-v6.txt v6-v4.txt
2c2
< 30000:        from 8.8.8.0/24 to 200.1.1.0/24 lookup 100 proto static
---
> 30001:        from 8.8.8.0/24 to 200.1.1.0/24 lookup 100 proto static
6c6
< 30001:        from 8::/24 to 200::/24 lookup 100 proto static
---
> 30000:        from 8::/24 to 200::/24 lookup 100 proto static

              nm-team Network Management Team
              rh-ee-mshi1 Mingyu Shi
              Network Management Team Network Management Team
              Mingyu Shi Mingyu Shi
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: