Expose additional network sysctl knobs

For BGP we need to expose a few additional sysctl entries. Namely we need net.ipv4.conf.all.rp_filter and net.ipv6.conf.all.forwarding. Let's expose them like the other ones via the KernelIpv4ConfAllRpFilter and KernelIpv6ConfAllForwarding heat parameters, respectively. We set KernelIpv4ConfAllRpFilter to a default of 1 as that is what is the default with RHEL >= 6 (https://access.redhat.com/solutions/53031) We set KernelIpv6ConfAllForwarding to a default of 0 since that is the default with at least RHEL >= 7. Verified the defaults on RHEL/CentOS-7: $ uname -a Linux rhel-7.redhat.local 3.10.0-1160.24.1.el7.x86_64 #1 SMP Thu Mar 25 21:21:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ cat /proc/sys/net/ipv4/conf/all/rp_filter /proc/sys/net/ipv6/conf/all/forwarding 1 0 and RHEL/CentOS-8: $ uname -a Linux localhost 4.18.0-293.el8.x86_64 #1 SMP Mon Mar 1 10:04:09 EST 2021 x86_64 x86_64 x86_64 GNU/Linux $ cat /proc/sys/net/ipv4/conf/all/rp_filter /proc/sys/net/ipv6/conf/all/forwarding 1 0 Co-Authored-By: Carlos Gonçalves <cgoncalves@redhat.com> Change-Id: I6d7d598e374cdc5289a61a7fb6b532c80a714458
2021-04-09 17:24:14 +02:00 · 2021-04-09 17:24:14 +02:00 · f4eb7d475a
commit f4eb7d475a
parent 690c7eda33
1 changed files with 12 additions and 0 deletions
--- a/deployment/kernel/kernel-baremetal-ansible.yaml
+++ b/deployment/kernel/kernel-baremetal-ansible.yaml
@ -39,6 +39,14 @@ parameters:
    default: 1
    description: Configures net.ipv4.ip_forward key
    type: number
+  KernelIpv6ConfAllForwarding:
+    default: 0
+    description: Configures the net.ipv6.conf.all.forwarding key
+    type: number
+  KernelIpv4ConfAllRpFilter:
+    default: 1
+    description: Configures the net.ipv4.conf.all.rp_filter key
+    type: number
  KernelIpNonLocalBind:
    default: 1
    description: Configures net.ipv{4,6}.ip_nonlocal_bind key
@ -165,6 +173,10 @@ outputs:
                value: 0
              net.ipv4.ip_forward:
                value: {get_param: KernelIpForward}
+              net.ipv4.conf.all.rp_filter:
+                value: {get_param: KernelIpv4ConfAllRpFilter}
+              net.ipv6.conf.all.forwarding:
+                value: {get_param: KernelIpv6ConfAllForwarding}
              net.ipv4.ip_nonlocal_bind:
                value: {get_param: KernelIpNonLocalBind}
              net.ipv6.ip_nonlocal_bind: