Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wlb: T4470: Migrate WAN Load Balancer to XML/Python #4108

Open
wants to merge 2 commits into
base: current
Choose a base branch
from

Conversation

sarthurdev
Copy link
Member

@sarthurdev sarthurdev commented Sep 29, 2024

Change Summary

This PR migrates the last remaining Vyatta perl module to XML/Python standard.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

wanloadbalance

Proposed changes

  • Migrate perl scripts/daemon to Python
  • Migrate op-mode from vyatta-wanloadbalance package

How to test

Smoketest result

DEBUG - Running Testcase: /usr/libexec/vyos/tests/smoke/cli/test_load-balancing_wan.py
DEBUG - test_check_chains (__main__.TestLoadBalancingWan.test_check_chains) ... ok
DEBUG - test_table_routes (__main__.TestLoadBalancingWan.test_table_routes) ... ok
DEBUG - 
DEBUG - ----------------------------------------------------------------------
DEBUG - Ran 2 tests in 16.750s
DEBUG - 
DEBUG - OK

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

Copy link

github-actions bot commented Sep 29, 2024

👍
No issues in PR Title / Commit Title

Copy link

github-actions bot commented Sep 29, 2024

✅ No issues found in unused-imports check.. Please refer the workflow run

@sarthurdev sarthurdev force-pushed the wlb_python branch 3 times, most recently from b43023b to a139da3 Compare October 8, 2024 08:05
@sarthurdev sarthurdev force-pushed the wlb_python branch 4 times, most recently from f201240 to bc76249 Compare October 8, 2024 21:36
@sarthurdev sarthurdev marked this pull request as ready for review October 9, 2024 08:32
@sarthurdev sarthurdev requested a review from a team as a code owner October 9, 2024 08:32
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

@sever-sever
Copy link
Member

sever-sever commented Nov 5, 2024

  1. ip rules not deleted (after deleting wlb config)
  2. Delete stick-conections fails
set load-balancing wan interface-health eth0 nexthop '10.0.1.1'
set load-balancing wan interface-health eth1 nexthop '10.0.2.1'
set load-balancing wan sticky-connections
commit


vyos@router# delete load-balancing wan sticky-connections 
[edit]
vyos@router# commit
[ load-balancing wan ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 136, in run_script
    script.apply(c)
  File "/usr/libexec/vyos//conf_mode/load-balancing_wan.py", line 104, in apply
    cmd(f'systemctl restart {service}')
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: systemctl restart vyos-wan-load-balance.service
returned: 
exit code: 1

[[load-balancing wan]] failed
Commit failed
[edit]
vyos@router# 

  1. Reverse protocol match does not work:
set load-balancing wan interface-health eth0 nexthop '10.0.1.1'
set load-balancing wan interface-health eth1 nexthop '10.0.2.1'
set load-balancing wan rule 20 inbound-interface 'eth2'
set load-balancing wan rule 20 interface eth1
set load-balancing wan rule 20 protocol 'tcp'
set load-balancing wan sticky-connections inbound
commit
set load-balancing wan rule 20 protocol !tcp 
commit

rules:

        chain wlb_mangle_prerouting {
                type filter hook prerouting priority mangle; policy accept;
                iifname "eth0" ct state new ct mark set 0x000000c9
                iifname "eth1" ct state new ct mark set 0x000000ca
                iifname "eth2" meta l4proto tcp ct state new limit rate 5/second burst 5 packets counter packets 0 bytes 0 jump wlb_mangle_isp_eth1
                iifname "eth2" meta l4proto tcp counter packets 0 bytes 0 meta mark set ct mark
        }

  1. Delete load-balancing does not flush nft rules
vyos@router:~$ show conf com | match load
set load-balancing wan enable-local-traffic
set load-balancing wan interface-health eth0 nexthop '10.0.1.1'
set load-balancing wan interface-health eth1 nexthop '10.0.2.1'
set load-balancing wan rule 20 inbound-interface 'eth2'
set load-balancing wan rule 20 interface eth1
set load-balancing wan rule 20 protocol '47'
set load-balancing wan sticky-connections inbound
vyos@router:~$ conf
d[edit]
vyos@router# delete load-balancing 
[edit]
vyos@router# commit
[edit]
vyos@router# 

check:

vyos@router:~$ sudo nft list table vyos_wanloadbalance
table ip vyos_wanloadbalance {
	chain wlb_nat_postrouting {
		type nat hook postrouting priority srcnat - 1; policy accept;
		ct mark 0x000000c9 counter packets 0 bytes 0 snat to 10.0.1.2
		ct mark 0x000000ca counter packets 1 bytes 328 snat to 10.0.2.2
	}

	chain wlb_mangle_prerouting {
		type filter hook prerouting priority mangle; policy accept;
		iifname "eth0" ct state new ct mark set 0x000000c9
		iifname "eth1" ct state new ct mark set 0x000000ca
		iifname "eth2" meta l4proto gre ct state new limit rate 5/second burst 5 packets counter packets 0 bytes 0 jump wlb_mangle_isp_eth1
		iifname "eth2" meta l4proto gre counter packets 0 bytes 0 meta mark set ct mark
	}

	chain wlb_mangle_output {
		type filter hook output priority mangle; policy accept;
		meta mark != 0x00000000 counter packets 0 bytes 0 accept
		meta l4proto icmp counter packets 6096 bytes 552936 accept
		ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter packets 0 bytes 0 accept
		oifname != "eth2" meta l4proto gre ct state new limit rate 5/second burst 5 packets counter packets 0 bytes 0 jump wlb_mangle_isp_eth1
		oifname != "eth2" meta l4proto gre counter packets 0 bytes 0 meta mark set ct mark
	}

	chain wlb_mangle_isp_eth0 {
		meta mark set 0x000000c9 ct mark set 0x000000c9 counter packets 0 bytes 0 accept
	}

	chain wlb_mangle_isp_eth1 {
		meta mark set 0x000000ca ct mark set 0x000000ca counter packets 0 bytes 0 accept
	}
}
vyos@router:~$ 
  1. Delete load-balancing does not flush routes
vyos@router# delete load-balancing 
[edit]
vyos@router# commit
[edit]
vyos@router# 
[edit]
vyos@router# 
[edit]
vyos@router# run show ip route table all
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF default table 201:
K>* 0.0.0.0/0 [0/0] via 10.0.1.1, eth0, 02:32:50

VRF default table 202:
K>* 0.0.0.0/0 [0/0] via 10.0.2.1, eth1, 02:32:50

  1. Next-hop DHCP does not add routes in the tables
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth1 address 'dhcp'
set load-balancing wan interface-health eth0 nexthop 'dhcp'
set load-balancing wan interface-health eth1 nexthop 'dhcp'
set load-balancing wan rule 20 inbound-interface 'eth2'
set load-balancing wan rule 20 interface eth1
set load-balancing wan rule 20 protocol 'tcp'
set load-balancing wan sticky-connections inbound

Check:

vyos@router# run show ip route table all
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

VRF default table 254:
S>* 0.0.0.0/0 [210/0] via 10.0.1.1, eth0, weight 1, 00:03:15
  *                   via 10.0.2.1, eth1, weight 1, 00:03:15
C>* 10.0.1.0/24 is directly connected, eth0, 00:03:15
C>* 10.0.2.0/24 is directly connected, eth1, 00:03:15
C>* 100.64.0.0/24 is directly connected, eth2, 00:07:34
C>* 192.168.122.0/24 is directly connected, eth4, 00:07:35
[edit]
vyos@router# 
[edit]
vyos@router# run show ip route table 201
[edit]
vyos@router# run show ip route table 202
[edit]
vyos@router# sudo ip route show table 201
Error: ipv4: FIB table does not exist.
Dump terminated
[edit]
vyos@router# sudo ip route show table 202
Error: ipv4: FIB table does not exist.
Dump terminated
[edit]
vyos@router# 

python/vyos/wanloadbalance.py Outdated Show resolved Hide resolved
@sarthurdev sarthurdev force-pushed the wlb_python branch 3 times, most recently from 43a0b4a to f62d3e6 Compare November 15, 2024 20:55
@sarthurdev
Copy link
Member Author

sarthurdev commented Nov 15, 2024

Thanks @sever-sever

1. ip rules not deleted (after deleting wlb config) 

Fixed

2. Delete stick-conections fails

Fixed

3. Reverse protocol match does not work:

Fixed

4. Delete load-balancing does not flush nft rules

Fixed

5. Delete load-balancing does not flush routes

Fixed

6. Next-hop DHCP does not add routes in the tables

Fixed

Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Copy link

Conflicts have been resolved. A maintainer will review the pull request shortly.

Copy link

CI integration ❌ failed!

Details

CI logs

  • CLI Smoketests (no interfaces) ❌ failed
  • CLI Smoketests (interfaces only) ❌ failed
  • Config tests ❌ failed
  • RAID1 tests ❌ failed
  • TPM tests ❌ failed

@c-po c-po requested a review from sever-sever December 13, 2024 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

3 participants