I hope I didn't miss a bug report regarding this topic. I don't even know if this can be considered a bug, but it can break part of the VyOS configuration when upgrading from an older version.
IPv6 address validation seems to have changed between VyOS 1.2.3 and VyOS 1.3.2. In version 1.2.3 (I believe this works until 1.2.8), I was able to use a prefix-list with IPv4-mapped and IPv4-compatible IPv6 addresses (as in RFC 4291 section 2.5.5), which looked like this:
prefix-list6 testing { description "IPv4-compatible IPv6 addresses" rule 10 { action permit prefix ::127.0.0.0/104 }
In VyOS 1.3.2 the validation fails when you try to configure it in this format:
set policy prefix-list6 testing rule 10 action permit set policy prefix-list6 testing rule 10 prefix ::127.0.0.1/104 ::127.0.0.0/104 ist not a valid IPv6 network address Value validation failed Set failed
The obvious and usable workaround is to change the notation:
set policy prefix-list6 testing rule 10 action permit set policy prefix-list6 testing rule 10 prefix ::7f00:0/104
Interestingly, the FRR configuration in VyOS 1.3.2 looks like this in the end, even if you changed the notation:
ipv6 prefix-list testing seq 10 permit ::127.0.0.1/104
However, if the configuration is quite large, this behavior can lead to major problems during an update. When I tried to update a system with a 3000+ lines config.boot from VyOS 1.3.2 to VyOS 1.3.2, the configuration failed completely. I also tried this from later versions. If you upgrade from 1.2.8, for some reason only the specific prefix-list6 is missing. But if you save without noticing and reboot, route-maps that reference this prefix-list6 are also missing, so this can end quite bad.
Since I don't know whether this address validation behavior is intended and since it can lead so some serious problems depending on the configuration and VyOS version you are coming from, I thought I would at least let you know.