[sonic-utilities] managementVRF cli support(l3mdev)

[vharish02]

This commit adds CLI support for management VRF using l3dev. mVRF can
be enabled using config vrf add mgmt and deleted using config vrf del mgmt.
Show commands for management VRF are added which displays the Linux command
output, will update show command display after concluding what would be the
output for the show commands.
Added cli to configure management interface(eth0), config interface ip eth0
add can be used to configure eth0 ip and config ip eth0 remove is used to
remove eth0 ip.

New cli config/show commands:

config vrf add mgmt
config vrf del mgmt
config interface eth0 ip add ip/mask gatewayIP
config interface eth0 ip remove ip/mask

show mgmt-vrf
show mgmt-vrf route
show mgmt-vrf addresses
show mgmt-vrf interfaces

Signed-off-by: Harish Venkatraman [email protected]

- What I did
Added CLI support for management VRF
- How I did it
Added following new CLI commands to enable and disable management VRF using l3mdev and configure eth0 management interface ip address.

config commands:
config vrf add mgmt
config vrf del mgmt
config interface ip add eth0 ip/mask gatewayIP
config interface ip remove eth0 ip/mask

show commands:
show mgmt-vrf 
show mgmt-vrf routes

Modified show ntp command

- How to verify it
Configure management VRF using the above config command and use the show commands to display the output of mgmt-vrf interfaces, addresses, route and ntp.

- Previous command output (if the output of a command-line utility has changed)

- New command output (if the output of a command-line utility has changed)

-->
SAMPLE OUTPUTS OF SHOW COMMANDS
show mgmt-vrf

root@sonic:/etc/init.d# show mgmt-vrf 

ManagementVRF : Enabled

Management VRF interfaces in Linux:
348: mgmt: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether f2:2a:d9:bc:e8:f0 brd ff:ff:ff:ff:ff:ff
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master mgmt state UP mode DEFAULT group default qlen 1000
    link/ether 4c:76:25:f4:f9:f3 brd ff:ff:ff:ff:ff:ff
350: lo-m: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master mgmt state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether b2:4c:c6:f3:e9:92 brd ff:ff:ff:ff:ff:ff
root@sonic:/etc/init.d#

show mgmt-vrf routes

root@sonic:/etc/init.d# show mgmt-vrf routes

Routes in Management VRF Routing Table:
default via 10.16.210.254 dev eth0 metric 201 
broadcast 10.16.210.0 dev eth0 proto kernel scope link src 10.16.210.75 
10.16.210.0/24 dev eth0 proto kernel scope link src 10.16.210.75 
local 10.16.210.75 dev eth0 proto kernel scope host src 10.16.210.75 
broadcast 10.16.210.255 dev eth0 proto kernel scope link src 10.16.210.75 
broadcast 127.0.0.0 dev lo-m proto kernel scope link src 127.0.0.1 
127.0.0.0/8 dev lo-m proto kernel scope link src 127.0.0.1 
local 127.0.0.1 dev lo-m proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo-m proto kernel scope link src 127.0.0.1 
root@sonic:/etc/init.d#

show management_interface address

root@sonic:/etc/init.d# show management_interface address 
Management IP address = 10.16.210.75/24
Management NetWork Default Gateway = 10.16.210.254
root@sonic:/etc/init.d#

[a-barboza]

What relationship exists between managementVRF and VRF feature ?
There is a VRF feature which has its CLI. (https://github.com/Azure/SONiC/blob/master/doc/sonic-vrf-hld.md). Are there any CLIs which are common ?
How can i add the VRF folks to this review ?

[prsunny]

What relationship exists between managementVRF and VRF feature ?
There is a VRF feature which has its CLI. (https://github.com/Azure/SONiC/blob/master/doc/sonic-vrf-hld.md). Are there any CLIs which are common ?
How can i add the VRF folks to this review ?

@a-barboza, these are two different features implemented separately. This CLI is being reviewed by the VRF work-group and checked for any commonalities.

[a-barboza]

What relationship exists between managementVRF and VRF feature ?
There is a VRF feature which has its CLI. (https://github.com/Azure/SONiC/blob/master/doc/sonic-vrf-hld.md). Are there any CLIs which are common ?
How can i add the VRF folks to this review ?

@a-barboza, these are two different features implemented separately. This CLI is being reviewed by the VRF work-group and checked for any commonalities.

@prsunny Looks like there are quire a few commonalities (Eg: config vrf add, ...). So it is likely the patch will be redone.

[kannankvs]

@jleveque : Resolved the conflict. Request you to kindly review and merge it.

[kannankvs]

@prsunny and @jleveque : Anything else required on this? Or, can it be merged?

[a-barboza]

Is there a location where the table # of 5000 use for mgmt-vrf is mentioned ? I checked the mgmt-vrf HLD document but could not find a reference other than "1" in the example linux commands.

[kannankvs]

@a-barboza : We shall update the document once if the PR is merged. Just waiting to see if there could be any changes in the CLI before merging based on any review comments.

[kannankvs]

@a-barboza : Some of your questions from PR472 that are relevant for this PR are answered here.

1. Why restart NTP ? (These changes are for SNMP ?)
   <> This is not part of SNMP PR. This is part of this 463 PR. Once if 463 is merged, 472 PR will contain only mvrf SNMP CLI changes.

2. clear_mgmt command: There are some new commands common to all mgmt-vrf ?
   MGMT_INTERFACE, MGMT_VRF_CONFIG tables ?
   <> This command is an easy way to clear both the tables.

3. There is a new "--gw" option? Why is this only for eth0 ? Can Front Panel (In-Band) port be part of the mgmt-vrf ?
   <> As of now, eth0 alone will be part of mvrf; not front panel ports. This "gw" is to add default route for mvrf which is already there in config_db as part of MGMT_INTERFACE. We just added CLI for supporting that. This CLI enhancement is only for mvrf and hence other non mvrf options are not being touched.

4. Is the table Updated natshow script to support DNAT Pool changes #1001 reserved for mgmt-vrf, or is it Table# 1 ?
   <> Table 5000 is reserved for mvrf. CLI in this PR is already corrected to use 5000 (not 1001).

5. Will be replied in PR472.

6. Is the Curl, Wget, SSH also supported for mgmt-vrf ?
   <> Yes, all applications are supported for mgmt-vrf. Those applications do not need any enhancement. Users can do "cgexec -g l3mdev:mgmt COMMAND" for running any application from the device. Similarly, users can establish any application connections to the device from external network as well.

7. Where is the mgmtvrf_ntpq command ?
   <> mgmtvrf_ntpq is removed now in this PR463. Once if this PR463 is merged, same changes will be there in 472.

[a-barboza]

@kannankvs: thanks for the replies. For answer 3 above: Will the HLD for management vrf be updated to state the following " As of now, eth0 alone will be part of mvrf; not front panel ports" ?
Currently the HLD has use cases for In-band management.

[kannankvs]

@a-barboza : Yes, we will update it.

[prsunny]

Can you fix the alignment here? Looks like tab spaces

[kannankvs]

Done.

[prsunny]

Can you add this to a function and give a comment why this has to be restarted? Also in future if another service is required to be restarted, it can be in one place. Currently I see this repeated

[kannankvs]

Done. Moved it to a function and provided the required comments.

[prsunny]

What is the purpose of this? Is the backend code handling this? What if the user configures management VRF and then do a clear?

[kannankvs]

clear_mgmt was earlier indented for easy deletion of configured values. Now that we have required "del/remove" functions, it is not required. It is removed now.

[prsunny]

Please use version from IPAddress to check for IPv4 and IPv6.

[kannankvs]

Done. When mvrf was implemented in Feb2019, "ipaddress" module did not have the required path and hence it was unable to import. Now, the "ipaddress" module is available and it is already being used in main.py. It is now used in this function to check the version.

[prsunny]

As mentioned above, this must be in a separate function to avoid duplication

[kannankvs]

Done.

[prsunny]

This is confusing to show 'addresses' and 'address'. Can you paste both output. I think this can be removed and just use address in L493

[kannankvs]

Removed the confusing command. Like you said "show management_interface address" is good enough to display the configure address for eth0.

[prsunny]

As mentioned above, please use a function to check if mgmt vrf is enabled.

[kannankvs]

Done.

[prsunny]

Not yet done, please address the earlier comment

[kannankvs]

While resolving conflict, change got overwritten. Its resolved now. Apologies.

[prsunny]

Please remove extra line

[kannankvs]

Done

[kannankvs]

@prsunny : Comments are addressed. Request you to review and merge.

[prsunny]

Please move this comments to the below function. This is repeated below as well. Also please follow the multi-line comment format

[kannankvs]

Actually the comments are slightly different for enable and disable conditions. That is why it was provided at this place. Now, the comments are moved inside the function and reworded to suit for both enable and disable conditions. By multi-line, we assume you meant the usage of """, which is also done now.

[prsunny]

What is the difference between this and mvrf_restart_interfaces_config_ntp? Can we use the same?

[kannankvs]

There is a difference. One is restarting the "ntp-config" service and the other is restarting "ntp" service. "ntp-config" service will regenerate the ntp.conf file, which is required when the IP address for eth0 is modified. Same is not required when VRF is enabled or disabled.

[prsunny]

if (ip_input.version == current_ip.version) will cover both cases right?

[kannankvs]

yes, it will cover. Changed.

[prsunny]

Extra space after 0

[kannankvs]

Done.

[prsunny]

You may want to rephrase the comment here.

[kannankvs]

Done.

[prsunny]

KVSK??

[kannankvs]

Done.

[prsunny]

Network

[kannankvs]

Done.

[prsunny]

Not yet done, please address the earlier comment

[kannankvs]

@prsunny : Addressed the new comments as well.

[wendani]

Shall "MGMT_INTERFACE|eth0" be updated into the vrf "mgmt" in the CONFIG_DB when doing sudo config vrf add mgmt according to the VRF schema convention?

    "MGMT_INTERFACE": {
        "eth0": {
            "vrf_name": "mgmt"
        }
        "eth0|10.2.17.103/23": {
            "gwaddr": "10.2.16.1"
        }
    },

[prsunny]

Thats right Wenda