hit a snag, probably a corner case, but wonder if one for a bug or a feature request maybe, so appreciate any feedback to decide
the setup:
Ubuntu Linux (host: VM or bare metal)
Incus Container
Alpine Linux
FRR
IS-IS
BGP
SRv6
VRFs
the setup requires “sysctl net.vrf.strict_mode=1”
no problem: sysctl.conf, rc-update add sysctl boot or default
but
reboot the host:
net.vrf.strict_mode in the container = 0
that breaks SRv6/VRF, some important BGP route gets installed in “rejected“ state
despair
restart the container:
net.vrf.strict_mode in the container = 1
SRv6 working again
profit
so the process to get it operational is: boot the host + restart the constainer
unimpressed
btw, regular local VRF functionality does not appear to be affected
narrowed it down to a race condition loading the vrf kernel module - now, that makes me think it’s one for a kernel/SR/FRR list, but since i’ve already written this much, may as well post it here too ok?
anyhow, 125h later, solution: modprobe vrf
or more permanent: raw.lxc=“lxc.hook.pre-start = /bin/sh -c ‘modprobe vrf || true’”
mild contempt
now, i’d like the container to be operational on a vanilla host (to save other CEOs pulling their hair out), so i’d rather it be handled by incus/frr - now, at this point monkey arrives at the conculsion that this is the wrong list to post this