Skip to content

bond: T8084: disallow bond members that do not support MAC changes #4911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dmbaturin merged 4 commits into from
Dec 23, 2025
Merged

bond: T8084: disallow bond members that do not support MAC changes #4911

dmbaturin merged 4 commits into from
Dec 23, 2025
+52 −34

Conversation

@c-po
Copy link
Member

@c-po c-po commented Dec 19, 2025

Change summary

This commit series hardens bonding support and simplifies related code.

It prevents interfaces from joining a bond if they cannot change MAC addresses, including explicit handling for ENA interfaces on AWS EC2 with clear error messages instead of generic failures. It also refactors bond verification to remove duplicated logic and drops dynamic interface type detection, simplifying the code by assuming Ethernet-only bond underlays.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

How to test / Smoketest result

  • Embedded Smoketests
  • I placed virtio_net driver to the list of disallwoed drivers and errors got emitted.

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@c-po c-po added bp/sagitta Create automatic backport for sagitta LTS version bp/circinus Create automatic backport for circinus labels Dec 19, 2025
@github-actions
Copy link

github-actions bot commented Dec 19, 2025
edited
Loading

👍
No issues in PR Title / Commit Title

c-po added 4 commits December 19, 2025 21:51
@c-po
bond: T8084: remove dynamic interface type detection via vyos.ifconfi…
a7af736 
…g.Section

Aggregated / bonded interfaces do only work with ethernet interfaces as
underlaying link. There is no need to "dynamically" detect that eth0, eth1 or
any other interface starting with eth is an ethernet interface.

Remove calls to vyos.ifconfig.Section().
@c-po
bond: T8084: refactor verify() to remove duplication
e7b6579 
Consolidate repeated helper function calls used for both bonded and non-bonded
Ethernet interfaces, resulting in cleaner and more maintainable code.
@c-po
ethernet: T8084: prevent MAC changes on ENA interfaces (AWS EC2)
ba60266 
Add a safeguard to block MAC address changes when the underlying driver is ENA
(used on AWS EC2), and display a clear error message instead of raising
"OSError: [Errno 95] Operation not supported."
@c-po
bond: T8084: disallow bond members that do not support MAC changes
066d2be 
Building on commit ba60266 (“ethernet: T8084: prevent MAC changes on
ENA interfaces (AWS EC2)”), add safeguards to prevent interfaces from being used
as bond members if they:

* do not support MAC address changes, or
* appear on a denylist of interfaces invalid for bonding (currently empty)
@alexk37
Copy link
Contributor

alexk37 commented Dec 20, 2025
edited
Loading

Tested on aws t3.medim instance (ena driver):

vyos@VyOS-for-Smoke-Tests# set interfaces bonding bond0 member interface eth1
[edit]
vyos@VyOS-for-Smoke-Tests# commit
[ interfaces bonding bond0 ]
Can not add interface "eth1" to bond, driver is not supported!
[[interfaces bonding bond0]] failed
Commit failed
[edit]

vyos@VyOS-for-Smoke-Tests# ethtool --driver eth1
driver: ena
version: 6.6.117-vyos
firmware-version: 
expansion-rom-version: 
bus-info: 0000:00:06.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no

aws c4.2xlarge instance (ixgbevf driver):

vyos@VyOS-for-Smoke-Tests# set interfaces bonding bond0 member interface eth1
[edit]
vyos@VyOS-for-Smoke-Tests# commit
[edit]
vyos@VyOS-for-Smoke-Tests# run sh in
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address        MAC                VRF        MTU  S/L    Description
-----------  ----------------  -----------------  -------  -----  -----  -------------
bond0        -                 06:d6:38:0e:1e:9d  default   1500  u/u
eth0         172.16.11.232/24  06:aa:d9:c8:0a:65  default   1500  u/u    WAN
eth1         -                 06:d6:38:0e:1e:9d  default   1500  u/u    LAN
lo           127.0.0.1/8       00:00:00:00:00:00  default  65536  u/u
             ::1/128
[edit]
vyos@VyOS-for-Smoke-Tests# ethtool --driver eth1
driver: ixgbevf
version: 5.1.6
firmware-version: 
expansion-rom-version: 
bus-info: 0000:00:04.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: no
supports-register-dump: yes
supports-priv-flags: yes

@github-actions
Copy link

github-actions bot commented Dec 21, 2025

CI integration 👍 passed!

Details

CI logs

  • CLI Smoketests (no interfaces) 👍 passed
  • CLI Smoketests VPP 👍 passed
  • CLI Smoketests (interfaces only) 👍 passed
  • Config tests 👍 passed
  • Config tests VPP 👍 passed
  • RAID1 tests 👍 passed
  • TPM tests 👍 passed

sever-sever
sever-sever approved these changes Dec 22, 2025
View reviewed changes
Copy link
Member

@sever-sever sever-sever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add list of unsupported ethernet drivers for interface bonding to avoid errors.
If and interface cannot change its own MAC address, assume it is. not bondable.

natali-rs1985
natali-rs1985 approved these changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@natali-rs1985 natali-rs1985 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Disallows adding bond members that don't support MAC address changes - helps prevent bonding issues

@dmbaturin dmbaturin merged commit 583b29b into vyos:current Dec 23, 2025
25 of 27 checks passed
@vyosbot vyosbot added mirror-initiated This PR initiated for mirror sync workflow mirror-completed and removed mirror-initiated This PR initiated for mirror sync workflow labels Dec 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sever-sever sever-sever sever-sever approved these changes

@natali-rs1985 natali-rs1985 natali-rs1985 approved these changes

@jestabro jestabro Awaiting requested review from jestabro

@aapostoliuk aapostoliuk Awaiting requested review from aapostoliuk

Assignees

@c-po c-po

Labels

bp/circinus Create automatic backport for circinus bp/sagitta Create automatic backport for sagitta LTS version current mirror-completed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@c-po @alexk37 @sever-sever @natali-rs1985 @dmbaturin @vyosbot