From 164916681aa9cad37e32b983e54bb85da9960464 Mon Sep 17 00:00:00 2001
From: Hua Liu <58683130+liuh-80@users.noreply.github.com>
Date: Wed, 6 Dec 2023 03:51:56 +0800
Subject: [PATCH] Fix can't access IPV6 address via management interface
 because 'default' route table does not add to route lookup issue. (#17281)

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
---
 files/image_config/interfaces/interfaces.j2      | 16 ++++++++++++----
 .../tests/sample_output/py2/interfaces           |  3 +++
 .../tests/sample_output/py2/two_mgmt_interfaces  |  6 ++++++
 .../tests/sample_output/py3/interfaces           |  3 +++
 .../tests/sample_output/py3/two_mgmt_interfaces  |  6 ++++++
 5 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/files/image_config/interfaces/interfaces.j2 b/files/image_config/interfaces/interfaces.j2
index b39331f459b7..3702eb1f6798 100644
--- a/files/image_config/interfaces/interfaces.j2
+++ b/files/image_config/interfaces/interfaces.j2
@@ -79,21 +79,29 @@ iface {{ name }} {{ 'inet' if prefix | ipv4 else 'inet6' }} static
 {%     set vrf_table = '5000' %}
     vrf mgmt
 {% endif %}
+{% set force_mgmt_route_priority = 32764 %}
     ########## management network policy routing rules
     # management port up rules
     up ip {{ '-4' if prefix | ipv4 else '-6' }} route add default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }} metric 201
     up ip {{ '-4' if prefix | ipv4 else '-6' }} route add {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }}
-    up ip {{ '-4' if prefix | ipv4 else '-6' }} rule add pref 32765 from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
+    up ip {{ '-4' if prefix | ipv4 else '-6' }} rule add pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
 {% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %}
-    up ip rule add pref 32764 to {{ route }} table {{ vrf_table }}
+    up ip rule add pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }}
 {% endfor %}
+{% if prefix | ipv6 and vrf_table == 'default'%}
+    # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
+    up ip -6 rule add pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }}
+{% endif %}
     # management port down rules
     pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete default via {{ MGMT_INTERFACE[(name, prefix)]['gwaddr'] }} dev {{ name }} table {{ vrf_table }}
     pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} route delete {{ prefix | network }}/{{ prefix | prefixlen }} dev {{ name }} table {{ vrf_table }}
-    pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} rule delete pref 32765 from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
+    pre-down ip {{ '-4' if prefix | ipv4 else '-6' }} rule delete pref {{ force_mgmt_route_priority + 1 }} from {{ prefix | ip }}/{{ '32' if prefix | ipv4 else '128' }} table {{ vrf_table }}
 {% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %}
-    pre-down ip rule delete pref 32764 to {{ route }} table {{ vrf_table }}
+    pre-down ip rule delete pref {{ force_mgmt_route_priority }} to {{ route }} table {{ vrf_table }}
 {% endfor %}
+{% if prefix | ipv6 and vrf_table == 'default'%}
+    pre-down ip -6 rule delete pref {{ force_mgmt_route_priority + 3 }} lookup {{ vrf_table }}
+{% endif %}
 {# TODO: COPP policy type rules #}
 {% endfor %}
 {% else %}
diff --git a/src/sonic-config-engine/tests/sample_output/py2/interfaces b/src/sonic-config-engine/tests/sample_output/py2/interfaces
index 90aadce5f44e..15d5f8426247 100644
--- a/src/sonic-config-engine/tests/sample_output/py2/interfaces
+++ b/src/sonic-config-engine/tests/sample_output/py2/interfaces
@@ -38,10 +38,13 @@ iface eth0 inet6 static
     up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
     up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
     up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
+    # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
+    up ip -6 rule add pref 32767 lookup default
     # management port down rules
     pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
     pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
     pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
+    pre-down ip -6 rule delete pref 32767 lookup default
 #
 source /etc/network/interfaces.d/*
 #
diff --git a/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces b/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces
index 319f25c4e91a..1b46be4bc380 100644
--- a/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces
+++ b/src/sonic-config-engine/tests/sample_output/py2/two_mgmt_interfaces
@@ -53,10 +53,13 @@ iface eth1 inet6 static
     up ip -6 route add default via 2603:10e2:0:abcd::1 dev eth1 table default metric 201
     up ip -6 route add 2603:10e2:0:abcd::/64 dev eth1 table default
     up ip -6 rule add pref 32765 from 2603:10e2:0:abcd::8/128 table default
+    # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
+    up ip -6 rule add pref 32767 lookup default
     # management port down rules
     pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default
     pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default
     pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default
+    pre-down ip -6 rule delete pref 32767 lookup default
 iface eth0 inet6 static
     address 2603:10e2:0:2902::8
     netmask 64
@@ -67,10 +70,13 @@ iface eth0 inet6 static
     up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
     up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
     up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
+    # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
+    up ip -6 rule add pref 32767 lookup default
     # management port down rules
     pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
     pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
     pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
+    pre-down ip -6 rule delete pref 32767 lookup default
 #
 source /etc/network/interfaces.d/*
 #
diff --git a/src/sonic-config-engine/tests/sample_output/py3/interfaces b/src/sonic-config-engine/tests/sample_output/py3/interfaces
index 90aadce5f44e..15d5f8426247 100644
--- a/src/sonic-config-engine/tests/sample_output/py3/interfaces
+++ b/src/sonic-config-engine/tests/sample_output/py3/interfaces
@@ -38,10 +38,13 @@ iface eth0 inet6 static
     up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
     up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
     up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
+    # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
+    up ip -6 rule add pref 32767 lookup default
     # management port down rules
     pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
     pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
     pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
+    pre-down ip -6 rule delete pref 32767 lookup default
 #
 source /etc/network/interfaces.d/*
 #
diff --git a/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces b/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces
index 490a27366fd3..4be6dcd5d801 100644
--- a/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces
+++ b/src/sonic-config-engine/tests/sample_output/py3/two_mgmt_interfaces
@@ -39,10 +39,13 @@ iface eth0 inet6 static
     up ip -6 route add default via 2603:10e2:0:2902::1 dev eth0 table default metric 201
     up ip -6 route add 2603:10e2:0:2902::/64 dev eth0 table default
     up ip -6 rule add pref 32765 from 2603:10e2:0:2902::8/128 table default
+    # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
+    up ip -6 rule add pref 32767 lookup default
     # management port down rules
     pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
     pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
     pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
+    pre-down ip -6 rule delete pref 32767 lookup default
 iface eth1 inet static
     address 10.0.10.100
     netmask 255.255.255.0
@@ -67,10 +70,13 @@ iface eth1 inet6 static
     up ip -6 route add default via 2603:10e2:0:abcd::1 dev eth1 table default metric 201
     up ip -6 route add 2603:10e2:0:abcd::/64 dev eth1 table default
     up ip -6 rule add pref 32765 from 2603:10e2:0:abcd::8/128 table default
+    # IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
+    up ip -6 rule add pref 32767 lookup default
     # management port down rules
     pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default
     pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default
     pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default
+    pre-down ip -6 rule delete pref 32767 lookup default
 #
 source /etc/network/interfaces.d/*
 #