Skip to content

Disable default route in dpu#21393

Merged
bingwang-ms merged 2 commits intosonic-net:masterfrom
yue-fred-gao:disable_dpu_default_route
Dec 8, 2025
Merged

Disable default route in dpu#21393
bingwang-ms merged 2 commits intosonic-net:masterfrom
yue-fred-gao:disable_dpu_default_route

Conversation

@yue-fred-gao
Copy link
Contributor

@yue-fred-gao yue-fred-gao commented Nov 21, 2025

Description of PR

Summary:
Fixes #21392

Type of change

  • Bug fix
  • Testbed and Framework(new/improvement)
  • New Test case
    • Skipped for non-supported platforms
  • Test case improvement

Back port request

  • 202205
  • 202305
  • 202311
  • 202405
  • 202411
  • 202505

Approach

What is the motivation for this PR?

minigraph for smartswitch topo should not have gateway in DHCP_IPV4_SERVER table. f gateway is not present, "router" dhcp option won't be included in the response and client won't install default route. Please see PR sonic-net/sonic-buildimage#21462 for the design.

How did you do it?

Remove gateway option from generated golden config

How did you verify/test it?

Run "./testbed-cli.sh deploy-mg vms-kvm-t1-smartswitch-ha ./lab ./password.txt"
Verify "gateway" option is not in DHCP_IPV4_SERVER
Verified no default route over midplane in DPU by show ip route.

`admin@dpu00:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route

S>*0.0.0.0/0 [1/0] via 20.0.200.14, Ethernet0, 17:04:20
C>*20.0.200.0/28 is directly connected, Ethernet0, 17:04:20
K 20.0.200.0/28 [0/0] is directly connected, Ethernet0, 17:04:23
C>*169.254.200.0/24 [0/1024] is directly connected, eth0-midplane, 17:04:27
K 240.127.1.0/24 [0/0] is directly connected, docker0, inactive 17:04:27
admin@dpu00:~$ Connection to 169.254.200.1 closed by remote host.
`

Any platform specific information?

Specific to SmartSwitch

Supported testbed topology if it's a new test case?

Documentation

@mssonicbld
Copy link
Collaborator

mssonicbld commented Nov 21, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 21, 2025

Azure Pipelines successfully started running 1 pipeline(s).

zjswhhh
zjswhhh approved these changes Dec 3, 2025
View reviewed changes
Copy link
Contributor

@zjswhhh zjswhhh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@zjswhhh
Copy link
Contributor

zjswhhh commented Dec 3, 2025

Hi @bingwang-ms - can you help merge please?

@yue-fred-gao
Disable default route in dpu
ab0e43d 
Signed-off-by: Yue Gao <yuega2@cisco.com>
@yue-fred-gao yue-fred-gao force-pushed the disable_dpu_default_route branch from 513d655 to ab0e43d Compare December 3, 2025 14:17
@mssonicbld
Copy link
Collaborator

mssonicbld commented Dec 3, 2025

/azp run

@github-actions github-actions bot requested a review from r12f December 3, 2025 14:17
@azure-pipelines
Copy link

azure-pipelines bot commented Dec 3, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

mssonicbld commented Dec 3, 2025

/azp run

@github-actions github-actions bot requested a review from xwjiang-ms December 3, 2025 22:53
@azure-pipelines
Copy link

azure-pipelines bot commented Dec 3, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@bingwang-ms bingwang-ms merged commit 8f6200a into sonic-net:master Dec 8, 2025
21 checks passed
nissampa pushed a commit to nissampa/sonic-mgmt_dpu_test that referenced this pull request Dec 9, 2025
@yue-fred-gao @nissampa
Disable default route in dpu (sonic-net#21393)
264c7cc 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Nishanth Sampath Kumar <nissampa@cisco.com>
@congh-nvidia
Copy link
Contributor

congh-nvidia commented Dec 10, 2025

Hi @yue-fred-gao , the show dhcp info command is not working without gateway:
https://github.com/sonic-net/sonic-buildimage/blame/master/dockers/docker-dhcp-server/cli/show/plugins/show_dhcp_server.py#L113
Would you mind raise another PR to fix the CLI?

tests.common.errors.RunAnsibleModuleFail: run module shell failed, Ansible Results =>
failed = True
changed = True
rc = 1
cmd = show dhcp_server ipv4 info
start = 2025-12-10 04:25:41.342223
end = 2025-12-10 04:25:41.709332
delta = 0:00:00.367109
msg = non-zero return code
invocation = {'module_args': {'_raw_params': 'show dhcp_server ipv4 info', '_uses_shell': True, 'expand_argument_vars': True, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'executable': None, 'creates': None, 'removes': None, 'stdin': None}}
_ansible_no_log = False
stdout =
stderr =
Traceback (most recent call last):
  File "/usr/local/bin/show", line 8, in 
    sys.exit(cli())
             ^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/decorators.py", line 64, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/show/plugins/dhcp-server.py", line 113, in info
    table.append([interface, entry["mode"], entry["gateway"], entry["netmask"], entry["lease_time"], entry["state"]])
                                            ~~~~~^^^^^^^^^^^
KeyError: 'gateway'

@yue-fred-gao
Copy link
Contributor Author

yue-fred-gao commented Dec 10, 2025

Hi @yue-fred-gao , the show dhcp info command is not working without gateway: https://github.com/sonic-net/sonic-buildimage/blame/master/dockers/docker-dhcp-server/cli/show/plugins/show_dhcp_server.py#L113 Would you mind raise another PR to fix the CLI?

tests.common.errors.RunAnsibleModuleFail: run module shell failed, Ansible Results =>
failed = True
changed = True
rc = 1
cmd = show dhcp_server ipv4 info
start = 2025-12-10 04:25:41.342223
end = 2025-12-10 04:25:41.709332
delta = 0:00:00.367109
msg = non-zero return code
invocation = {'module_args': {'_raw_params': 'show dhcp_server ipv4 info', '_uses_shell': True, 'expand_argument_vars': True, 'stdin_add_newline': True, 'strip_empty_ends': True, 'argv': None, 'chdir': None, 'executable': None, 'creates': None, 'removes': None, 'stdin': None}}
_ansible_no_log = False
stdout =
stderr =
Traceback (most recent call last):
  File "/usr/local/bin/show", line 8, in 
    sys.exit(cli())
             ^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/decorators.py", line 64, in new_func
    return ctx.invoke(f, obj, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/show/plugins/dhcp-server.py", line 113, in info
    table.append([interface, entry["mode"], entry["gateway"], entry["netmask"], entry["lease_time"], entry["state"]])
                                            ~~~~~^^^^^^^^^^^
KeyError: 'gateway'

Thanks for pointing this out. I have raised PR sonic-net/sonic-buildimage#24801. Please take a look.

selldinesh pushed a commit to selldinesh/sonic-mgmt that referenced this pull request Dec 11, 2025
@yue-fred-gao @selldinesh
Disable default route in dpu (sonic-net#21393)
7fad320 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: selldinesh <dinesh.sellappan@keysight.com>
echuawu pushed a commit to echuawu/sonic-mgmt that referenced this pull request Dec 12, 2025
@yue-fred-gao @echuawu
Disable default route in dpu (sonic-net#21393)
705ff45 
Signed-off-by: Yue Gao <yuega2@cisco.com>
saravanan-nexthop pushed a commit to saravanan-nexthop/sonic-mgmt that referenced this pull request Dec 15, 2025
@yue-fred-gao @saravanan-nexthop
Disable default route in dpu (sonic-net#21393)
c7ea42d 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Saravanan <saravanan@nexthop.ai>
gshemesh2 pushed a commit to gshemesh2/sonic-mgmt that referenced this pull request Dec 16, 2025
@yue-fred-gao @gshemesh2
Disable default route in dpu (sonic-net#21393)
95aba7a 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Guy Shemesh <gshemesh@nvidia.com>
AharonMalkin pushed a commit to AharonMalkin/sonic-mgmt that referenced this pull request Dec 16, 2025
@yue-fred-gao @AharonMalkin
Disable default route in dpu (sonic-net#21393)
a93a2bd 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Aharon Malkin <amalkin@nvidia.com>
gshemesh2 pushed a commit to gshemesh2/sonic-mgmt that referenced this pull request Dec 21, 2025
@yue-fred-gao @gshemesh2
Disable default route in dpu (sonic-net#21393)
3892ab5 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Guy Shemesh <gshemesh@nvidia.com>
gshemesh2 pushed a commit to gshemesh2/sonic-mgmt that referenced this pull request Dec 21, 2025
@yue-fred-gao @gshemesh2
Disable default route in dpu (sonic-net#21393)
8eefa97 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Guy Shemesh <gshemesh@nvidia.com>
@congh-nvidia
Copy link
Contributor

congh-nvidia commented Dec 25, 2025
edited
Loading

Hi @yue-fred-gao , I have find another issue caused by this PR. Since the default route is removed, we are not able to ssh to the DPU from the switch, because there is no route to the NPU mgmt IP:

admin@sonic:~$ sudo tcpdump -i eth0-midplane tcp dst port 22 -vvv
[ 4334.346618] device eth0-midplane entered promiscuous mode
tcpdump: listening on eth0-midplane, link-type EN10MB (Ethernet), snapshot length 262144 bytes
06:06:03.992403 IP (tos 0x0, ttl 62, id 22881, offset 0, flags [DF], proto TCP (6), length 60)
10.210.24.178.37242 > 169.254.200.1.ssh: Flags [S], cksum 0x8334 (correct), seq 1884908377, win 64240, options

admin@r-SN4280-10:~$ show ip interface | grep eth0
eth0 10.210.24.178/22 up/up N/A N/A

May I ask where do you configure the route to the NPU mgmt IP?

vrajeshe pushed a commit to Akshath-17/sonic-mgmt that referenced this pull request Jan 4, 2026
@yue-fred-gao @vrajeshe
Disable default route in dpu (sonic-net#21393)
3c9aa97 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Venkata Gouri Rajesh Etla <vrajeshe@cisco.com>
@yue-fred-gao
Copy link
Contributor Author

yue-fred-gao commented Jan 5, 2026

From the switch, you should have a subnet route 169.254.200.0/24 over eth0-midplane. So when you ssh to a DPU, eth0-midplane should be picked as the outgoing interface and its ip address (165.254.200.254) should be used as source IP, not the NPU mgmt IP. I think you can check in your setup why NPU mgmt IP is used instead.

venu-nexthop pushed a commit to venu-nexthop/sonic-mgmt that referenced this pull request Jan 13, 2026
@yue-fred-gao @venu-nexthop
Disable default route in dpu (sonic-net#21393)
4870d04 
Signed-off-by: Yue Gao <yuega2@cisco.com>
yifan-nexthop pushed a commit to nexthop-ai/sonic-mgmt that referenced this pull request Jan 14, 2026
@yue-fred-gao @yifan-nexthop
Disable default route in dpu (sonic-net#21393)
4b25959 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: YiFan Wang <yifan@nexthop.ai>
PriyanshTratiya pushed a commit to PriyanshTratiya/sonic-mgmt that referenced this pull request Jan 21, 2026
@yue-fred-gao @PriyanshTratiya
Disable default route in dpu (sonic-net#21393)
a515128 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Priyansh Tratiya <ptratiya@microsoft.com>
lakshmi-nexthop pushed a commit to lakshmi-nexthop/sonic-mgmt that referenced this pull request Jan 28, 2026
@yue-fred-gao @lakshmi-nexthop
Disable default route in dpu (sonic-net#21393)
2dbea12 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Lakshmi Yarramaneni <lakshmi@nexthop.ai>
ytzur1 pushed a commit to ytzur1/sonic-mgmt that referenced this pull request Feb 2, 2026
@yue-fred-gao @ytzur1
Disable default route in dpu (sonic-net#21393)
9b984b0 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Yael Tzur <ytzur@nvidia.com>
@congh-nvidia congh-nvidia mentioned this pull request Feb 3, 2026
Merged
8 tasks
abhishek-nexthop pushed a commit to nexthop-ai/sonic-mgmt that referenced this pull request Feb 6, 2026
@yue-fred-gao @abhishek-nexthop
Disable default route in dpu (sonic-net#21393)
7574783 
Signed-off-by: Yue Gao <yuega2@cisco.com>
@vmittal-msft vmittal-msft added Request for 202511 branch Request to backport a change to 202511 branch Approved for 202511 branch labels Feb 13, 2026
mssonicbld pushed a commit to mssonicbld/sonic-mgmt that referenced this pull request Feb 13, 2026
@yue-fred-gao @mssonicbld
Disable default route in dpu (sonic-net#21393)
02a4140 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: mssonicbld <sonicbld@microsoft.com>
@mssonicbld
Copy link
Collaborator

mssonicbld commented Feb 13, 2026

Cherry-pick PR to 202511: #22413

@mssonicbld mssonicbld mentioned this pull request Feb 13, 2026
Open
11 tasks
rraghav-cisco pushed a commit to rraghav-cisco/sonic-mgmt that referenced this pull request Feb 13, 2026
@yue-fred-gao @rraghav-cisco
Disable default route in dpu (sonic-net#21393)
bdcaed4 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Raghavendran Ramanathan <rraghav@cisco.com>
anilal-amd pushed a commit to anilal-amd/anilal-forked-sonic-mgmt that referenced this pull request Feb 19, 2026
@yue-fred-gao @ztan-amd
Disable default route in dpu (sonic-net#21393)
d2259ef 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Zhuohui Tan <zhuohui.tan@amd.com>
abhishek-nexthop pushed a commit to nexthop-ai/sonic-mgmt that referenced this pull request Mar 17, 2026
@yue-fred-gao @abhishek-nexthop
Disable default route in dpu (sonic-net#21393)
ba0119a 
Signed-off-by: Yue Gao <yuega2@cisco.com>
Signed-off-by: Abhishek <abhishek@nexthop.ai>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zjswhhh zjswhhh zjswhhh approved these changes

@wangxin wangxin Awaiting requested review from wangxin

@yxieca yxieca Awaiting requested review from yxieca

@r12f r12f Awaiting requested review from r12f

@xwjiang-ms xwjiang-ms Awaiting requested review from xwjiang-ms

Assignees

No one assigned

Labels

Approved for 202511 branch Created PR to 202511 branch Request for 202511 branch Request to backport a change to 202511 branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: smartswitch golden config causes DPU installing default route over midplane interface

7 participants

@yue-fred-gao @mssonicbld @zjswhhh @congh-nvidia @KrisNey-MSFT @vmittal-msft @bingwang-ms