Hi Sabrina, On Thu, Apr 03, 2025 at 12:28:54PM +0200, Sabrina Dubroca wrote:
Hello Hangbin,
2025-04-03, 08:58:55 +0000, Hangbin Liu wrote:
When setting the lower-layer link up/down, the ipvlan device synchronizes its state via netif_stacked_transfer_operstate(), which only checks the carrier state. However, setting the link down does not necessarily change the carrier state for virtual interfaces like bonding. This causes the ipvlan state to become out of sync with the lower-layer link state.
If the lower link and ipvlan are in the same namespace, this issue is hidden because ip link show checks the link state in IFLA_LINK and has a m_flag to control the state, displaying M-DOWN in the flags. However, if the ipvlan and the lower link are in different namespaces, this information is not available, and the ipvlan link state remains unchanged.
Is the issue with the actual behavior (sending/receiving packets, etc), or just in how it's displayed by iproute?
The upper link in netns up while lower link down will cause the traffic break in the pod.
For example:
- Add an ipvlan over bond0.
- Move the ipvlan to a separate namespace and bring it up.
- Set bond0 link down.
- The ipvlan remains up.
This issue affects containers and pods, causing them to display an incorrect link state for ipvlan. Fix this by explicitly changing the IFF_UP flag, similar to how VLAN handles it.
I'm not sure this change of behavior can be done anymore. And I'm not convinced vlan's behavior is better (commit 5e7565930524 ("vlan: support "loose binding" to the underlying network device") describes why it's not always wanted). IMO it makes sense to have admin state separate from link state.
Thanks for the comments, that's also what I am worried. I have send a question email[1] 2 months ago but not reply yet. So I post this patch and welcome any feedback.
[1]https://lore.kernel.org/netdev/Z67lt5v6vrltiRyG@fedora/
If you want a consistent behavior, the admin should also not be allowed to set the link UP again while its lower device is not, like VLAN does:
static int vlan_dev_open(struct net_device *dev) { struct vlan_dev_priv *vlan = vlan_dev_priv(dev); struct net_device *real_dev = vlan->real_dev; int err;
if (!(real_dev->flags & IFF_UP) && !(vlan->flags & VLAN_FLAG_LOOSE_BINDING)) return -ENETDOWN;
(but that would almost certainly break someone's scripts)
Yes, so let's wait for others feedback first.
Thanks Hangbin