http://m.getsatisfaction.com/topics/7678563 vrf and mgmt-vrf packages from Cumulus Networks 2018-05-03T03:12:07Z 2018-01-31T15:23:36Z 7678563 http://m.getsatisfaction.com/topics/7678563 7678563 vrf and mgmt-vrf packages from Cumulus Networks 2018-05-03T03:12:07Z 2018-01-31T15:23:36Z Troy Kau http://m.getsatisfaction.com/people/8922531 https://www.gravatar.com/avatar/08cf457474bc05268a13835ff194aaa5?d=identicon&s=55&r=PG troy_kau In reading through your tutorial related to VRF's (<a href="http://schd.ws/hosted_files/ossna2017/fe/vrf-tutorial-oss.pdf" rel="nofollow" target="_blank" title="Link http//schdws/hosted_files/ossna2017/fe/vrf-tutorial-osspdf">http://schd.ws/hosted_files/ossna2017/fe/vrf-tutorial-oss.pdf</a>)&nbsp;I've come to a point where I am having troubles getting services on a vrf&nbsp;and note that the article mentions vrf &amp; mgmt-vrf packages from Cumulus &amp; includes a link (<a href="https://github.com/CumulusNetworks/vrf" rel="nofollow" target="_blank" title="Link https//githubcom/CumulusNetworks/vrf">https://github.com/CumulusNetworks/vrf</a>) however there are not configuration files such that we could just pull the git repo and run 'configure', 'make' and then 'make install'.<br />Does that exist elsewhere/can you point me to other documentation that might get me past this point?<br />I am specifically to a point of switch services to @mgmt that fail due to missing files/directories (which are all auto-generated in Cumulus) thus I believe I'm missing something that is in the referenced package. This is on an Ubuntu host: 16.04 on 4.14 kernel with updated iproute2 and the ifupdown2 package that the above referenced tutorial suggested.&nbsp; question 13 2 1 comment http://m.getsatisfaction.com/topics/7678563/replies/19284426 http://m.getsatisfaction.com/topics/7678563 19284426 David Ahern responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-01-31T15:52:52Z 2018-01-31T15:52:52Z David Ahern http://m.getsatisfaction.com/people/8265566 https://www.gravatar.com/avatar/7badc96cc7d94042829e92b9b999736b?d=identicon&s=55&r=PG david_ahern hi Troy: At the moment that code base is just text files. You can run 'make install' to install files, 'make rpm' to create an rpm package to install or 'dpkg-buildpackage -uc -us' to build a deb package to install. I will add a README with that information as well as a 'make deb' target for the debian package. 0 http://m.getsatisfaction.com/topics/7678563/replies/19284465 http://m.getsatisfaction.com/topics/7678563 19284465 Troy Kau responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-01-31T16:05:49Z 2018-01-31T16:05:49Z Troy Kau http://m.getsatisfaction.com/people/8922531 https://www.gravatar.com/avatar/08cf457474bc05268a13835ff194aaa5?d=identicon&s=55&r=PG troy_kau thanks for the quick response David, I'll keep an eye on git for the update &amp; give it a try 0 http://m.getsatisfaction.com/topics/7678563/replies/19315264 http://m.getsatisfaction.com/topics/7678563 19315264 Troy Kau responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-12T20:20:39Z 2018-02-12T20:20:39Z Troy Kau http://m.getsatisfaction.com/people/8922531 https://www.gravatar.com/avatar/08cf457474bc05268a13835ff194aaa5?d=identicon&s=55&r=PG troy_kau David: We were able to get several things working but I'm still stumbling on a few items. I can't seem to get rsyslog nor snmp@ working.&nbsp;<br />On the rsyslog I've added a directive specifying "Device=mgmt" but I'm getting an omfwd error.<br />On snmp I'm getting the following logs whenever I poll the device externally (we can run an snmpwalk &amp; get responses locally but nothing off the box): "snmpd[3673]: send response: Failure in sendto"<br />I added a forwarding rule and got rsyslog sending via the vrf but prior to that it seems it was unable to connect. Does this sound familiar/should I need to add the forwarding rule to the FIB?<br />Have you seen this snmp behavior before/have any suggestions?<br /><br />Thanks in advance. 0 http://m.getsatisfaction.com/topics/7678563/replies/19317546 http://m.getsatisfaction.com/topics/7678563 19317546 David Ahern responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-13T15:45:50Z 2018-02-13T15:45:50Z David Ahern http://m.getsatisfaction.com/people/8265566 https://www.gravatar.com/avatar/7badc96cc7d94042829e92b9b999736b?d=identicon&s=55&r=PG david_ahern Troy: Looks like my last response was eaten by goblins, so I'll try again.<br /><br />rsyslog needs to be version 8.24 or higher. Ubuntu 16.04 has an older version.<br /><br />net-snmp I need to check. At one point we needed a patched net-snmp to avoid it adding IP_PKTINFO with an ifindex of 0 which essentially removes the vrf binding done by the vrf command. &nbsp;That patch has been reverted and I tested net-snmp in Cumulus Linux yesterday and it worked fine with mgmt vrf. 0 http://m.getsatisfaction.com/topics/7678563/replies/19318414 http://m.getsatisfaction.com/topics/7678563 19318414 Troy Kau responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-13T19:18:05Z 2018-02-13T19:18:05Z Troy Kau http://m.getsatisfaction.com/people/8922531 https://www.gravatar.com/avatar/08cf457474bc05268a13835ff194aaa5?d=identicon&s=55&r=PG troy_kau I loaded rsyslog 8.32 (v8stable repo latest) and now I'm getting:<br />&nbsp;rsyslogd:&nbsp;No UDP socket could successfully be initialized, some functionality may be disabled.&nbsp; [v8.32.0]<br />&nbsp;rsyslogd: create UDP socket bound to device failed: Operation not permitted [v8.32.0]<br /><br />This is with the following in the rsyslog configuration:<br />$template GRAYLOGRFC5424,"&lt;%PRI%&gt;%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"<br />action( type="omfwd" Target="10.100.21.30" Device="mgmt" Port="1514" Protocol="udp" template="GRAYLOGRFC5424" ) 0 http://m.getsatisfaction.com/topics/7678563/replies/19318454 http://m.getsatisfaction.com/topics/7678563 19318454 David Ahern responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-13T19:31:12Z 2018-02-13T19:31:12Z David Ahern http://m.getsatisfaction.com/people/8265566 https://www.gravatar.com/avatar/7badc96cc7d94042829e92b9b999736b?d=identicon&s=55&r=PG david_ahern Hmmm.... sounds like rsyslog is not running as root. That is the only way to get EPERM denied. Do this:<br />strace -o /tmp/rsyslogd.trace -fF -tt -T&nbsp;/usr/sbin/rsyslogd -n<br /><br />Take a look at the trace file see which operation specifically is failing. 0 http://m.getsatisfaction.com/topics/7678563/replies/19318679 http://m.getsatisfaction.com/topics/7678563 19318679 Troy Kau responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-13T20:34:01Z 2018-02-13T20:34:01Z Troy Kau http://m.getsatisfaction.com/people/8922531 https://www.gravatar.com/avatar/08cf457474bc05268a13835ff194aaa5?d=identicon&s=55&r=PG troy_kau nice catch - it was running as syslog; running as root it seems to be just fine.&nbsp; Thanks<br />now I just need to get the snmp part - is there a specific release you would recommend? 0 http://m.getsatisfaction.com/topics/7678563/replies/19319420 http://m.getsatisfaction.com/topics/7678563 19319420 David Ahern responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-14T00:38:38Z 2018-02-14T00:38:38Z David Ahern http://m.getsatisfaction.com/people/8265566 https://www.gravatar.com/avatar/7badc96cc7d94042829e92b9b999736b?d=identicon&s=55&r=PG david_ahern snmpd release is not clear. I can see that the Ubuntu 16.04 version definitely has the sendmsg / IP_PKTINFO bug and that is why you get the sendto failures. I'll need to find some time to compare upstream code to the Cumulus version and see what change has it working. Perhaps early next week. 0 http://m.getsatisfaction.com/topics/7678563/replies/19355441 http://m.getsatisfaction.com/topics/7678563 19355441 Troy Kau responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-27T20:39:53Z 2018-02-27T20:39:53Z Troy Kau http://m.getsatisfaction.com/people/8922531 https://www.gravatar.com/avatar/08cf457474bc05268a13835ff194aaa5?d=identicon&s=55&r=PG troy_kau David - any news on an snmpd release to go after or is there some way that you're aware of that I can configure around the IP_PKTINFO bug? 0 http://m.getsatisfaction.com/topics/7678563/replies/19355543 http://m.getsatisfaction.com/topics/7678563 19355543 David Ahern responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-27T21:05:08Z 2018-02-27T21:05:08Z David Ahern http://m.getsatisfaction.com/people/8265566 https://www.gravatar.com/avatar/7badc96cc7d94042829e92b9b999736b?d=identicon&s=55&r=PG david_ahern Not good news for you, unfortunately. Someone is working on a solution for net-snmp to take upstream to properly handle net-snmp with VRFs.<br /><br />I did submit a kernel patch that keeps net-snmp from overriding the VRF binding. I need to look at getting that applied to stable kernels. If you roll your own kernel, the commit is&nbsp;1cbec07649ec ("net: Only honor ifindex in IP_PKTINFO if non-0")<br /><br />The short of it is there is no solution in the near term that is going to be in the Ubuntu or Debian releases.&nbsp; 0 http://m.getsatisfaction.com/topics/7678563/replies/19355676 http://m.getsatisfaction.com/topics/7678563 19355676 Troy Kau responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-02-27T21:32:47Z 2018-02-27T21:32:47Z Troy Kau http://m.getsatisfaction.com/people/8922531 https://www.gravatar.com/avatar/08cf457474bc05268a13835ff194aaa5?d=identicon&s=55&r=PG troy_kau Bummer but thanks for the update, I'll work around it for now &amp; move on and plan to circle back later. 0 http://m.getsatisfaction.com/topics/7678563/replies/19428725 http://m.getsatisfaction.com/topics/7678563 19428725 David Ahern responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-03-30T17:12:35Z 2018-03-30T17:12:35Z David Ahern http://m.getsatisfaction.com/people/8265566 https://www.gravatar.com/avatar/7badc96cc7d94042829e92b9b999736b?d=identicon&s=55&r=PG david_ahern Troy: The kernel patch is making its way to the stable trees (4.4, 4.9, 4.14, etc). Should find its way into the distributions in the next few months. At that point you will be able to run net-snmp over mgmt-vrf. 0 http://m.getsatisfaction.com/topics/7678563/replies/19500054 http://m.getsatisfaction.com/topics/7678563 19500054 David Ahern responded to "vrf and mgmt-vrf packages from Cumulus Networks" 2018-05-03T03:12:07Z 2018-05-03T03:12:07Z David Ahern http://m.getsatisfaction.com/people/8265566 https://www.gravatar.com/avatar/7badc96cc7d94042829e92b9b999736b?d=identicon&s=55&r=PG david_ahern Troy:<br /><br />The kernel patch I submitted upstream has been backported to 4.4 and 4.9. If you upgrade to kernel that is based on the kernel.org LTS kernels versions 4.4.126 and 4.9.92 or higher should have the fix that allows snmpd to run in a VRF context.<br />&nbsp; 0