This is a continuation of Using VRF with SONiC.
SONiC is an OS for whitebox switches based on Debian / GNU Linux. It is currently based on Debian 9.0 (stretch). The kernel version is 4.9.189-3 + deb9u2.
SONiC is an OS for white box switches, so it provides network-related function settings, references, and operation checks. However, you cannot use the ʻip vrf` command to check the functionality of VRF (Virtual Routing and Forwarding).
Why can't I use the ʻip vrf` command?
--The iproute2 package is out of date and not supported --The linux kernel version is old and not supported
It will be. The iproute2 package itself is provided by stretch-backports with a version that supports ʻip vrf, which can be solved by installing it. However, if the kernel is still old, you will not be able to run ʻip vrf exec
.
I decided to try it immediately because it seems to be solved if I can update the kernel.
sudo apt-get -t stretch-backports install linux-image-4.19.0-0.bpo.6-amd64
When you reboot, it's safe ... 4.9.0, which was originally included, will start up. that?
Hmm. Is it GRUB? So when I rebooted again and hit ʻe` on the GRUB menu screen, it was still 4.9.0. Although it is a temporary edit, rewrite it to 4.19 and start it.
It has started. The management port is alive. Log in with ssh and check the version. Yoshi!
Let's run ʻip vrf exec, well, check the IP address with
show ip interfaces…… You can't see any Ethernet *? Let's look at the log.
show logging | less`
Then
INFO pmon#supervisord: 2020-02-21 07:59:43.276 INFO exited: syseepromd (exit status 1; not expected)
Ahhhh. Speaking of which, SONiC has a kernel module for control around the switch ASIC and SFP, so I completely forgot that it will not work unless the version matches. It's not included in the standard Linux kernel, so you can't help without starting with the build. Unfortunately, this is the end of the process.
SONiC allows you to create an image containing the Linux kernel from source code. At this time, it is possible to obtain a binary image from the outside to shorten the build time, but usually the Linux kernel itself is also built from the source code. Since that part is targeted for 4.9, I thought that it would work if I replaced it with a new version such as 4.19, so I tried it.
src / sonic-linux-kernel / Makefile
(insufficient)sonic-linux-kernel
is a submodule. The kernel source is expanded under this, and there is also a Makefile
, so it is good to change this.
Makefile.diff
diff --git a/Makefile b/Makefile
index 4d3a28a..6bf651f 100644
--- a/Makefile
+++ b/Makefile
@@ -2,11 +2,10 @@
SHELL = /bin/bash
.SHELLFLAGS += -e
-KERNEL_ABI_MINOR_VERSION = 2
-KVERSION_SHORT ?= 4.9.0-11-$(KERNEL_ABI_MINOR_VERSION)
+KVERSION_SHORT ?= 4.19.0-0.bpo.6
KVERSION ?= $(KVERSION_SHORT)-amd64
-KERNEL_VERSION ?= 4.9.189
-KERNEL_SUBVERSION ?= 3+deb9u2
+KERNEL_VERSION ?= 4.19.67
+KERNEL_SUBVERSION ?= 2+deb10u2~bpo9+1
kernel_procure_method ?= build
LINUX_HEADER_COMMON = linux-headers-$(KVERSION_SHORT)-common_$(KERNEL_VERSION)-$(KERNEL_SUBVERSION)_all.deb
@@ -20,11 +19,11 @@ ifneq ($(kernel_procure_method), build)
# Downloading kernel
diff --git a/Makefile b/Makefile
index 4d3a28a..6bf651f 100644
--- a/Makefile
+++ b/Makefile
@@ -2,11 +2,10 @@
SHELL = /bin/bash
.SHELLFLAGS += -e
-KERNEL_ABI_MINOR_VERSION = 2
-KVERSION_SHORT ?= 4.9.0-11-$(KERNEL_ABI_MINOR_VERSION)
+KVERSION_SHORT ?= 4.19.0-0.bpo.6
KVERSION ?= $(KVERSION_SHORT)-amd64
-KERNEL_VERSION ?= 4.9.189
-KERNEL_SUBVERSION ?= 3+deb9u2
+KERNEL_VERSION ?= 4.19.67
+KERNEL_SUBVERSION ?= 2+deb10u2~bpo9+1
kernel_procure_method ?= build
LINUX_HEADER_COMMON = linux-headers-$(KVERSION_SHORT)-common_$(KERNEL_VERSION)-$(KERNEL_SUBVERSION)_all.deb
@@ -20,11 +19,11 @@ ifneq ($(kernel_procure_method), build)
# Downloading kernel
I think this is fine. I'll try make
.
"SONIC_DEBUGGING_ON" : ""
"SONIC_PROFILING_ON" : ""
"KERNEL_PROCURE_METHOD" : "build"
"BUILD_TIMESTAMP" : "20200221.131016"
"BLDENV" : "stretch"
"VS_PREPARE_MEM" : "yes"
"ENABLE_SFLOW" : "y"
[ 01 ] [ target/debs/stretch/linux-headers-4.9.0-11-2-common_4.9.189-3+deb9u2_al
that?
If you look closely, there is a description of getting the package at the bottom of build_debian.sh
, and the URL there says to get 4.9. Prepare additional patches.
build_debian.sh.diff
diff --git a/build_debian.sh b/build_debian.sh
index 37db2bde..bb58d7ab 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -37,7 +37,7 @@ if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then
else
DOCKER_VERSION=5:18.09.8~3-0~debian-stretch
fi
-LINUX_KERNEL_VERSION=4.9.0-11-2
+LINUX_KERNEL_VERSION=4.19.0-0.bpo.6
## Working directory to prepare the file system
FILESYSTEM_ROOT=./fsroot
@@ -139,9 +139,7 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/initramfs-tools_*.deb || \
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/linux-image-${LINUX_KERNEL_VERSION}-*_${CONFIGURED_ARCH}.deb || \
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install acl
-if [[ $CONFIGURED_ARCH == amd64 ]]; then
- sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install dmidecode hdparm
-fi
+[[ $CONFIGURED_ARCH == amd64 ]] && sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install dmidecode
## Update initramfs for booting with squashfs+overlay
cat files/initramfs-tools/modules | sudo tee -a $FILESYSTEM_ROOT/etc/initramfs-tools/modules > /dev/null
For many others, s / 4 \\ .9 \\ .0-11-2 / 4.19.0-0.bpo.6 /
is usually fine, so replace it with perl -pi
at once.
The rest is rules / linux-kernel.mk
.
linux-kernel.mk.diff
diff --git a/rules/linux-kernel.mk b/rules/linux-kernel.mk
index e6742bdf..ec36b382 100644
--- a/rules/linux-kernel.mk
+++ b/rules/linux-kernel.mk
@@ -1,9 +1,9 @@
# linux kernel package
-KVERSION_SHORT = 4.9.0-11-2
+KVERSION_SHORT = 4.19.0-0.bpo.6
KVERSION = $(KVERSION_SHORT)-$(CONFIGURED_ARCH)
-KERNEL_VERSION = 4.9.189
-KERNEL_SUBVERSION = 3+deb9u2
+KERNEL_VERSION = 4.19.67
+KERNEL_SUBVERSION = 2+deb10u2~bpo9+1
ifeq ($(CONFIGURED_ARCH), armhf)
# Override kernel version for ARMHF as it uses arm MP (multi-platform) for short version
KVERSION = $(KVERSION_SHORT)-armmp
Now that you shouldn't go to see 4.9 anymore, let's build again.
Initialized empty Git repository in /sonic/src/sonic-linux-kernel/linux-signed-amd64-4.19.67+2+deb10u2~bpo9+1/.git/
error: patch failed: debian/changelog:1248
error: debian/changelog: patch does not apply
stg import: Diff does not apply cleanly
Makefile:52: recipe for target '/sonic/target/debs/stretch/linux-headers-4.19.0-0.bpo.6-common_4.19.67-2+deb10u2~bpo9+1_all.deb' failed
make[1]: *** [/sonic/target/debs/stretch/linux-headers-4.19.0-0.bpo.6-common_4.19.67-2+deb10u2~bpo9+1_all.deb] Error 2
that?
There is a patch for the kernel in src / sonic-linux-kernel / patch
, but there are 105 files. Looking inside,
--"Backported from 4.10" (that is, you don't have to guess) -"Backported from 5.1" (I don't know if it hits, but it needs to be changed) --"Backported" (I don't know where it came from, so I need to investigate) --No comment (also needs investigation)
It turns out that you have to decide individually which patch you need. Some of them said, "This is for Mellanox switches," and it seemed that there were some patches that could not be applied depending on the target.
It's true that if you clean up one patch a day, you can do 105 in 105 days, and if you clean up 10 patches a day, you can do 105 in 11 days. I abandoned the replacement of. I'm afraid I can't help it.
I will leave the wreckage of the work on github, so if you can do your best, you may start with this. https://github.com/iMasaruOki/sonic-buildimage/tree/linux-kernel-4.19
After wandering around, I found that I could manage to use cgroups as an alternative. I made a shell script. Since it is thrown into the gist, please copy and use it freely. https://gist.github.com/iMasaruOki/a4e4cf03f4b754cb5d5f17633276a381
The operation is like this.
admin@sonic:~$ ip addr show Ethernet0
8: Ethernet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9100 qdisc pfifo_fast master Vrf1 state UP group default qlen 1000
link/ether 6c:b9:c5:16:88:cc brd ff:ff:ff:ff:ff:ff
inet 172.21.1.1/31 scope global Ethernet0
valid_lft forever preferred_lft forever
inet6 fe80::6eb9:c5ff:fe16:88cc/64 scope link
valid_lft forever preferred_lft forever
admin@sonic:~$ ping 172.21.1.0
PING 172.21.1.0 (172.21.1.0) 56(84) bytes of data.
--- 172.21.1.0 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
admin@sonic:~$ sudo ./ip-vrf-exec Vrf1 ping 172.21.1.0
PING 172.21.1.0 (172.21.1.0) 56(84) bytes of data.
64 bytes from 172.21.1.0: icmp_seq=1 ttl=64 time=0.421 ms
--- 172.21.1.0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.421/0.421/0.421/0.000 ms
admin@sonic:~$
So I managed to do it. Yoshi!
If you can ping, you can just use ping -I Vrf1 172.21.1.0
instead of cgroup. Speaking of which, netdev was growing, I see, it was a blind spot.
There was Official Page about the development of replacing the kernel or making the base Debian a buster. It's work in progress, but I think it's better to refer to this.
Recommended Posts