Page MenuHomeVyOS Platform

Allow specifying source IP for 'add system image'
Closed, ResolvedPublicFEATURE REQUEST


If your machine has multiple interfaces, the source IP of outgoing connections will be the interface of the default route:

[email protected]:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             -                                 u/u
eth0.101                    u/u
eth0.115                    u/u
lo                            u/u
[email protected]:~$
[email protected]:~$ show ip route
Routing entry for
  Known via "ospf", distance 110, metric 10, best
  Last update 16:36:34 ago
  *, via eth0.101, weight 1
  *, via eth0.101, weight 1
[email protected]:~$

When this machine connects out to the internet, it will establish a connection from eth0.101, which is the default route. However, as that's a RFC1918 address, it will not have internet connectivity unless something upstream is doing NAT.

Historically, in Cisco land, this was resolved by having a loopback interface that the device used as a source IP, but that is becoming harder and harder to manage.

A simpler option would be to an option to add system image of from (or, preferably, a system configuration parameter?) that sets the --interface and related dns params to curl:

     --dns-interface <interface> Interface to use for DNS requests
     --dns-ipv4-addr <address> IPv4 address to use for DNS requests
     --dns-ipv6-addr <address> IPv6 address to use for DNS requests
     --dns-servers <addresses> DNS server addrs to use
     --interface <name> Use network INTERFACE (or address)

This means that the add system image command could be something like this;

add system image from eth0.115

However, the current curl binary itself has the --dns-interface command removed, which makes this harder.

[email protected]:~$ curl --dns-interface eth0.115 --interface eth0.115 -O /tmp/vyos.iso
curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
[email protected]:~$

A workaround for the missing curl DNS feature issue is to hard-code the IP address (which, admittedly, IS A TERRIBLE IDEA), and pass that as a curl param, as well:

[email protected]:~$ curl --resolve --interface eth0.115 -o /tmp/vyos.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  314M  100  314M    0     0  10.7M      0  0:00:29  0:00:29 --:--:-- 12.0M
[email protected]:~$ ls -al /tmp/vyos.iso
-rw-r--r-- 1 vyos users 329252864 Jun 14 20:44 /tmp/vyos.iso
[email protected]:~$

Edit, with a thought later: Rather than hard-coding IP addresses (which is guaranteed to break someone in the future), dig has a 'bind' param:

[email protected]:~$ dig -bPUB.IP.ADD.RESS +short A | awk '/^[0-9\.]+$/'
[email protected]:~$

Which means this could be used to generate the --resolve line:

dig -bPUB.IP.ADD.RESS +short | awk '/^[0-9\.]+$/ { printf (!x) ? "--resolve"$0 : ","$0; x=1}'


Difficulty level
Easy (less than an hour)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

Probably is can be set in a curlrc file which is populated from CLI options

c-po claimed this task.
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
erkin set Issue type to Feature (new functionality).Aug 30 2021, 5:26 AM
erkin removed a subscriber: Active contributors.