- Revision
- About this manual
- Scope
- Abbreviations
- 1 Introduction
- 2 Design
- 3 Test plan
| Rev | Date | Author | Description |
|---|---|---|---|
| 0.1 | 18/04/2022 | Nazarii Hnydyn | Initial version |
This document provides general information about Syslog Source IP implementation in SONiC
This document describes the high level design of Syslog Source IP feature in SONiC
In scope:
- Syslog Source IP configuration for UDP protocol
Out of scope:
- Syslog Source IP configuration for TCP protocol
| Term | Meaning |
|---|---|
| SONiC | Software for Open Networking in the Cloud |
| SSIP | Syslog Source IP |
| IP | Internet Protocol |
| UDP | User Datagram Protocol |
| TCP | Transmission Control Protocol |
| DB | Database |
| VRF | Virtual Routing and Forwarding |
| OMFWD | Syslog Forwarding Output Module |
| CLI | Сommand-line Interface |
| YANG | Yet Another Next Generation |
| VS | Virtual Switch |
| PTF | Packet Test Framework |
Figure 1: SSIP add flow
Figure 2: SSIP remove flow
Table 1: Event logging
Table 2: Syslog Forwarding Output Module
Table 3: SSIP parameters
SSIP is a feature which allows user to change UDP packet source IP address.
Any configured address can be used for source IP mangling.
This might be useful for security reasons.
SSIP also extends the existing syslog implementation with VRF device and server UDP port configuration support. The feature doesn't change the existing DB schema which makes it fully backward compatible.
This feature will support the following functionality:
- Syslog Source IP address configuration
- Syslog server UDP port configuration
- Syslog VRF device support
This feature will support the following commands:
- config: add/delete syslog server configuration
- show: display syslog server configuration
This feature will provide error handling for the next situations:
- Invalid object reference
- Invalid options/parameters
This feature will provide event logging for the next situations:
- Syslog server add/delete
| Event | Severity |
|---|---|
| Syslog server add/delete: success | NOTICE |
| Syslog server add/delete: error | ERROR |
SSIP will reuse syslog omfwd functionality which offers the next features:
- Source IP address configuration
- Server UDP port configuration
- VRF device configuration
| Parameter | Default | Description |
|---|---|---|
| target | none | Name or IP-Address of the system that shall receive messages. Any resolvable name is fine |
| address | none | Bind socket to a given local IP address. This option is only supported for UDP, not TCP |
| port | 514 | Name or numerical value of port to use when connecting to target |
| protocol | udp | Type of protocol to use for forwarding (e.g., tcp/udp) |
| device | none | Bind socket to given device (e.g., eth0/vrf0) |
| ipfreebind | 2 | Manages the IP_FREEBIND option on the UDP socket |
MAN page: omfwd
IP_FREEBIND (since Linux 2.4)
If enabled, this boolean option allows binding to an IP address that is nonlocal or does not (yet) exist.
This permits listening on a socket, without requiring the underlying network interface
or the specified dynamic IP address to be up at the time that the application is trying to bind to it.
This option is the per-socket equivalent of the ip_nonlocal_bind.
MAN page: ip_freebind
Configuration management of rsyslogd is done by rsyslog-config service.
The service is triggered by CLI once data is validated and pushed to Config DB.
The rsyslog-config service performs the next actions:
- Renders
rsyslog.conf.j2template withsonic-cfggento generate a newrsyslogdconfig file - Restarts
rsyslogservice which triggersrsyslogdto load a new config file
SSIP will have the next parameter mapping:
| SONiC | Rsyslogd | Config DB Schema |
|---|---|---|
| key | target | SYSLOG_SERVER|key |
| source | address | SYSLOG_SERVER|key|source |
| port | port | SYSLOG_SERVER|key|port |
| vrf | device | SYSLOG_SERVER|key|vrf |
SSIP offers vrf and source parameters for flexible configuration management.
Each parameter combination requires a dedicated handling approach.
Note:
- The destination might be not reachable over the specified
vrf/source: no way to check - user's responsibility - Additional validation is required when MGMT/DATA VRF is removed while reference still exists in syslog configuration
Linux kernel decides which source IP to use within the default VRF.
Example:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp")
Check if source IP is configured on any default VRF member:
yes - set source IP, no - generate error
Example:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp" address="1.1.1.1")
Check VRF type:
- Default
- MGMT
- DATA
Default VRF:
- Skip VRF configuration
MGMT VRF:
- Check if MGMT VRF is enabled:
yes - set VRF, no - generate error
DATA VRF:
- Check if VRF is a member of SONiC VRF table:
yes - set VRF, no - generate error
Example:
Default VRF:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp")
MGMT VRF:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp" device="mgmt")
DATA VRF:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp" device="Vrf-Data")
Check VRF type:
- Default
- MGMT
- DATA
Default VRF:
- Check if source IP is configured on any DEFAULT VRF member:
yes - set source IP, no - generate error - Skip VRF configuration
MGMT VRF:
- Check if MGMT VRF is enabled:
yes - set VRF, no - generate error - Check if source IP is configured on any MGMT VRF member:
yes - set source IP, no - generate error
DATA VRF:
- Check if VRF is a member of SONiC VRF table:
yes - set VRF, no - generate error - Check if source IP is configured on any DATA VRF member:
yes - set source IP, no - generate error
Example:
Default VRF:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp" address="1.1.1.1")
MGMT VRF:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp" address="1.1.1.1" device="mgmt")
DATA VRF:
*.* action(type="omfwd" target="2.2.2.2" protocol="udp" address="1.1.1.1" device="Vrf-Data")
; defines schema for syslog table configuration attributes
key = SYSLOG_SERVER|server_ip_address ; server IP address. Must be unique
; field = value
source = ip-addr ; source IP address
port = 1*5DIGIT ; server UDP port (0..65535)
vrf = vrf-device ; VRF device
; value annotations
h16 = 1*4HEXDIG
ls32 = h16 ":" h16
dec-octet = DIGIT ; 0-9
/ %x31-39 DIGIT ; 10-99
/ "1" 2DIGIT ; 100-199
/ "2" %x30-34 DIGIT ; 200-249
/ "25" %x30-35 ; 250-255
ipv4-addr = dec-octet "." dec-octet "." dec-octet "." dec-octet
ipv6-addr = 6( h16 ":" ) ls32
/ "::" 5( h16 ":" ) ls32
/ [ h16 ] "::" 4( h16 ":" ) ls32
/ [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
/ [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
/ [ *3( h16 ":" ) h16 ] "::" h16 ":" ls32
/ [ *4( h16 ":" ) h16 ] "::" ls32
/ [ *5( h16 ":" ) h16 ] "::" h16
/ [ *6( h16 ":" ) h16 ] "::"
ip-addr = ipv4-addr / ipv6-addr
vrf-default = "default"
vrf-mgmt = "mgmt"
vrf-data = "Vrf-" 1*255VCHAR
vrf-device = vrf-default / vrf-mgmt / vrf-dataConfig DB:
redis-cli -n 4 HGETALL 'SYSLOG_SERVER|2.2.2.2'
1) "source"
2) "1.1.1.1"
3) "port"
4) "514"
5) "vrf"
6) "default"
redis-cli -n 4 HGETALL 'SYSLOG_SERVER|3.3.3.3'
1) "source"
2) "1.1.1.1"
3) "port"
4) "514"
5) "vrf"
6) "mgmt"
redis-cli -n 4 HGETALL 'SYSLOG_SERVER|2222::2222'
1) "source"
2) "1111::1111"
3) "port"
4) "514"
5) "vrf"
6) "Vrf-Data"Syslog remote logging:
{
"SYSLOG_SERVER": {
"2.2.2.2": {
"source": "1.1.1.1",
"port": "514",
"vrf": "default"
},
"3.3.3.3": {
"source": "1.1.1.1",
"port": "514",
"vrf": "mgmt"
},
"2222::2222": {
"source": "1111::1111",
"port": "514",
"vrf": "Vrf-Data"
}
}
}No special handling is required
User interface:
config
|--- syslog
|--- add <server_ip> OPTIONS
|--- del <server_ip>
show
|--- syslog
Options:
config syslog add
-s|--source- source ip address-p|--port- server udp port-r|--vrf- vrf device
The following command adds/deletes syslog server:
config syslog add '2.2.2.2' \
--source '1.1.1.1' \
--port '514' \
--vrf 'default'
config syslog del '2.2.2.2'The following command shows syslog server configuration:
root@sonic:/home/admin# show syslog
SERVER IP SOURCE IP PORT VRF
----------- ----------- ------ --------
2.2.2.2 1.1.1.1 514 default
3.3.3.3 1.1.1.1 514 mgmt
2222::2222 1111::1111 514 Vrf-DataAn existing YANG model sonic-syslog.yang will be extended in order to provide support for SSIP.
Skeleton code:
module sonic-syslog {
yang-version 1.1;
namespace "http://github.com/Azure/sonic-system-syslog";
prefix syslog;
import ietf-inet-types {
prefix inet;
}
import sonic-vrf {
prefix vrf;
}
description "Syslog YANG Module for SONiC OS: remote syslog logging";
revision 2022-04-18 {
description "Initial revision.";
}
typedef vrf-device {
description "Represents syslog VRF device";
type enumeration {
enum default;
enum mgmt;
}
}
container sonic-syslog {
container SYSLOG_SERVER {
description "SYSLOG_SERVER part of config_db.json";
list SYSLOG_SERVER_LIST {
key "server_address";
leaf server_address {
description "Syslog server IP address";
type inet:ip-address;
}
leaf source {
description "Syslog source IP address";
type inet:ip-address;
}
leaf port {
description "Syslog server UDP port";
type inet:port-number;
}
leaf vrf {
description "Syslog VRF device";
type union {
type leafref {
path "/vrf:sonic-vrf/vrf:VRF/vrf:VRF_LIST/vrf:name";
}
type vrf-device;
}
}
}
/* end of list SYSLOG_SERVER_LIST */
}
/* end of container SYSLOG_SERVER */
}
/* end of container sonic-syslog */
}
/* end of module sonic-syslog */No special handling is required
SSIP basic configuration test:
- Verify rsyslog.conf after syslog server creation/removal
SSIP extended configuration test:
- Create syslog server with IPv4/IPv6 source IP
- Verify rsyslog.conf
- Create syslog server with default/mgmt/data VRF device
- Verify rsyslog.conf
TBD