From 013f75111a09b7f65085b83529fe538a550da097 Mon Sep 17 00:00:00 2001 From: Joshua Boniface Date: Sun, 17 Mar 2019 20:05:58 -0400 Subject: [PATCH] Rearrange sysctl for rp_filtering off on bridge --- node-daemon/pvcd/Daemon.py | 54 ++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/node-daemon/pvcd/Daemon.py b/node-daemon/pvcd/Daemon.py index 3da7cf82..f0cfe358 100644 --- a/node-daemon/pvcd/Daemon.py +++ b/node-daemon/pvcd/Daemon.py @@ -303,32 +303,7 @@ logger.out(' Kernel: {}'.format(staticdata[1])) logger.out('Starting pvcd on host {}'.format(myfqdn), state='s') ############################################################################### -# PHASE 1d - Prepare sysctl for pvcd -############################################################################### - -if enable_networking: - # Enable routing functions - common.run_os_command('sysctl net.ipv4.ip_forward=1') - common.run_os_command('sysctl net.ipv6.ip_forward=1') - - # Send redirects - common.run_os_command('sysctl net.ipv4.conf.all.send_redirects=1') - common.run_os_command('sysctl net.ipv4.conf.default.send_redirects=1') - common.run_os_command('sysctl net.ipv6.conf.all.send_redirects=1') - common.run_os_command('sysctl net.ipv6.conf.default.send_redirects=1') - - # Accept source routes - common.run_os_command('sysctl net.ipv4.conf.all.accept_source_route=1') - common.run_os_command('sysctl net.ipv4.conf.default.accept_source_route=1') - common.run_os_command('sysctl net.ipv6.conf.all.accept_source_route=1') - common.run_os_command('sysctl net.ipv6.conf.default.accept_source_route=1') - - # Disable RP filtering on the VNI dev interface (to allow traffic pivoting from primary) - common.run_os_command('sysctl net.ipv4.conf.{}.rp_filter=0'.format(config['vni_dev'])) - common.run_os_command('sysctl net.ipv6.conf.{}.rp_filter=0'.format(config['vni_dev'])) - -############################################################################### -# PHASE 2 - Create local IP addresses for static networks +# PHASE 2a - Create local IP addresses for static networks ############################################################################### if enable_networking: @@ -365,6 +340,33 @@ if enable_networking: if upstream_dev_gateway: common.run_os_command('ip route add default via {} dev {}'.format(upstream_dev_gateway, upstream_dev)) +############################################################################### +# PHASE 2b - Prepare sysctl for pvcd +############################################################################### + +if enable_networking: + # Enable routing functions + common.run_os_command('sysctl net.ipv4.ip_forward=1') + common.run_os_command('sysctl net.ipv6.ip_forward=1') + + # Send redirects + common.run_os_command('sysctl net.ipv4.conf.all.send_redirects=1') + common.run_os_command('sysctl net.ipv4.conf.default.send_redirects=1') + common.run_os_command('sysctl net.ipv6.conf.all.send_redirects=1') + common.run_os_command('sysctl net.ipv6.conf.default.send_redirects=1') + + # Accept source routes + common.run_os_command('sysctl net.ipv4.conf.all.accept_source_route=1') + common.run_os_command('sysctl net.ipv4.conf.default.accept_source_route=1') + common.run_os_command('sysctl net.ipv6.conf.all.accept_source_route=1') + common.run_os_command('sysctl net.ipv6.conf.default.accept_source_route=1') + + # Disable RP filtering on the VNI dev and bridge interfaces (to allow traffic pivoting) + common.run_os_command('sysctl net.ipv4.conf.all.rp_filter=0'.format(config['vni_dev'])) + common.run_os_command('sysctl net.ipv4.conf.brcluster.rp_filter=0') + common.run_os_command('sysctl net.ipv6.conf.all.rp_filter=0'.format(config['vni_dev'])) + common.run_os_command('sysctl net.ipv6.conf.brcluster.rp_filter=0') + ############################################################################### # PHASE 3a - Determine coordinator mode ###############################################################################