Page MenuHomeVyOS Platform

Priority inversion in "interfaces vti vtiX ip"
Closed, ResolvedPublicBUG


NOTE no secrets pasted in this ticket are used on any device with connectivity (Internet or otherwise). They're generated solely to be parsed by our QA harness.

After performing

system image add <ISO>

and rebooting the device I am prompted the following:

Welcome to VyOS - debian tty1

debian login:

None of the users that were configured are able to log in, nor does the default vyos:vyos work.

When I reboot back into 1.1.8 and check


there is a config with the expected 1.2.1 signature and all sections are present.

Of course, deleting the above file and rebooting prompts with the default

vyos login:

prompt and default credentials work as expected.

So I pasted the contents of the above file into a file and performed a

load ~/file

from configuration mode and received only the following warning:

Warning: priority inversion [interfaces vti vti0 ip ospf](610) <= [interfaces vti vti0 ip](901)
         changing [interfaces vti vti0 ip ospf] to (902)
[ vpn ]
connecting to 'unix:///var/run/charon.ctl' failed: No such file or directory
failed to connect to stroke socket 'unix:///var/run/charon.ctl'
Warning: unable to [Stroking log source any to loglevel 1], received error code 65280

vyos@vyos# save

Then rebooted the box and was able to login without issue. The running config is attached.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close

Event Timeline

@ekim First of all, a quick fix for your situation with next-hop: add { } after the next-hop that is missing it. I.e.:

route {
    next-hop {}
    next-hop {
        distance 5

Oddly, I could not reproduce having a config rendered that way without braces on 1.1.8. I'd be interested in a reproducible procedure for doing it.

A real fix for it is a complicated question though. Here's what's going on. Next-hop is a so called tag node: a node that can have child nodes with arbitrary names (as opposed to a set of predefined names).
The old config parser currently expects to know it from the formatting, which is why they are rendered like this, with seemingly redundant braces:

route {
    next-hop {

However, in your config, it's not rendered that way, and the parser thinks it's a leaf node with a value.

dmbaturin renamed this task from Upgrade path errors 1.1.8 to 1.2.1-S2 to Priority inversion in "interfaces vti vtiX ip".Jul 8 2019, 4:07 PM
dmbaturin closed this task as Resolved.
dmbaturin claimed this task.