Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: rhel-9.7
Component/s: nmstate
Labels:
None

Regression:
No
Severity:
Low

AssignedTeam:
rhel-net-mgmt
Sub-System Group:

ssg_networking

Story Points:
2
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Acceptance Criteria:

Hide

Definition of Done:

Please mark each item below with ( / ) if completed or ( x ) if incomplete:

( ) The acceptance criteria defined below are met.

Given an nmstate YAML that declares both IPv4 and IPv6 route-rules without explicit priority

When the rules are applied using nmstatectl apply,

Then nmstate must assign automatic priorities starting from 30000 independently for IPv4 and IPv6 so that rule order does not affect assigned priority within each IP family.

( ) Integration test case is available upstream.

( ) Code is reviewed and merged upstream.

( ) Preliminary testing is done.

( ) A demo is recorded

Show
Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. Given an nmstate YAML that declares both IPv4 and IPv6 route-rules without explicit priority When the rules are applied using nmstatectl apply, Then nmstate must assign automatic priorities starting from 30000 independently for IPv4 and IPv6 so that rule order does not affect assigned priority within each IP family. ( ) Integration test case is available upstream. ( ) Code is reviewed and merged upstream. ( ) Preliminary testing is done. ( ) A demo is recorded
Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

When verifying RHEL-74238 , found another issue.

Given the constraints in RHEL-74238: no priority set, when applying both ipv4 and ipv6 route rules, the different orders of ipv4/ipv6 rules result in different priorities.

Ipv4 and ipv6 rules seem sharing one “queue” of priority, either ipv4 or ipv6 rule which applied first will get the lower priority (30000 by default), the later one will get 30001, it’s not consistent.

IMO, ipv4 and ipv6 route rule priority should be evaluated respectively:
Both ipv4 and ipv6 should start from 30000 priority, don't impact each other.

What is the impact of this issue to you?

Here's an expanded test of the original issue, which may lead to inconsistent results.

Please provide the package NVR for which the bug is seen:

nmstate-2.2.46-0.20250529.2525gite524260a.el9.x86_64

How reproducible is this bug?:

100%

Steps to reproduce

cat << EOF > v4-v6.yaml
route-rules:
  config:
    - ip-from: 8.8.8.8/24
      ip-to: 200.1.1.1/24
      route-table: 100
    - ip-from: 8:8:8::8/24
      ip-to: 200:1:1::1/24
      route-table: 100
routes:
  config:
    - destination: 0.0.0.0/0
      next-hop-interface: veth0
      next-hop-address: 100.1.1.254
      table-id: 100
    - destination: ::/0
      next-hop-interface: veth0
      next-hop-address: 100:1:1::254
      table-id: 100
interfaces:
  - name: veth0
    type: veth
    state: up
    ipv4:
      enabled: true
      address:
        - ip: 100.1.1.1
          prefix-length: 24
    ipv6:
      enabled: true
      address:
        - ip: 100:1:1::1
          prefix-length: 24
    veth:
      peer: veth0_p
EOF
cat << EOF > v6-v4.yaml
route-rules:
  config:
    - ip-from: 8:8:8::8/24
      ip-to: 200:1:1::1/24
      route-table: 100
    - ip-from: 8.8.8.8/24
      ip-to: 200.1.1.1/24
      route-table: 100
routes:
  config:
    - destination: 0.0.0.0/0
      next-hop-interface: veth0
      next-hop-address: 100.1.1.254
      table-id: 100
    - destination: ::/0
      next-hop-interface: veth0
      next-hop-address: 100:1:1::254
      table-id: 100
interfaces:
  - name: veth0
    type: veth
    state: up
    ipv4:
      enabled: true
      address:
        - ip: 100.1.1.1
          prefix-length: 24
    ipv6:
      enabled: true
      address:
        - ip: 100:1:1::1
          prefix-length: 24
    veth:
      peer: veth0_p
EOF
nmstatectl apply v4-v6.yaml
{ ip rule; ip -6 rule ;} > v4-v6.rule
nmcli con del veth0 veth0_p
nmstatectl apply v6-v4.yaml
{ ip rule; ip -6 rule ;} > v6-v4.rule
diff v4-v6.txt v6-v4.txt

Expected results

no difference, both ipv4 and ipv6 default route rule priority should start with 30000

Actual results

# diff v4-v6.txt v6-v4.txt
2c2
< 30000:        from 8.8.8.0/24 to 200.1.1.0/24 lookup 100 proto static
---
> 30001:        from 8.8.8.0/24 to 200.1.1.0/24 lookup 100 proto static
6c6
< 30001:        from 8::/24 to 200::/24 lookup 100 proto static
---
> 30000:        from 8::/24 to 200::/24 lookup 100 proto static

is related to

RHEL-74238 Ansible RHEL network system role issue with nmstate `route-rules`

Release Pending

links to

tmt: /networking/nmstate/anyhost/route/test_rule_without_priority (verifies)

Assignee:: Network Management Team

Reporter:: Mingyu Shi

Developer:: Network Management Team

QA Contact:: Mingyu Shi

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/06/08 3:28 PM

Updated:: 2025/07/08 11:21 AM

Stale Date:: 2026/06/07

Details

Description

What were you trying to do that didn't work?

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

Steps to reproduce

Expected results

Actual results

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates