Page MenuHomeVyOS Platform
Create Task
Maniphest T5371

"system name-server" is not vrf aware
Open, NormalPublicBUG
Actions

Description

When using vrf's (example: MGMT + INTERNET) "add system image" fails to complete. Same with "ping ntp.se vrf INTERNET".

However pinging IP-address directly such as "ping 194.58.200.20 vrf INTERNET" works so there is nothing wrong with routing. The name-server can also be pinged this way (by using IP-address).

Workaround is to remove "vrf INTERNET" for the upstream interface (so it becomes vrf default) then both "add system image" and "ping ntp.se" works.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202306290317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenFEATURE REQUESTNoneT5116 Better VRF support
 OpenBUGNoneT5371 "system name-server" is not vrf aware

Event Timeline

Apachez created this task.Jul 19 2023, 6:00 PM
n.fort added a subscriber: n.fort.EditedJul 19 2023, 6:04 PM

Adding system image using custom vrf it's supported:

vyos@vyos:~$ add system image foo.com 
Possible completions:
  <Enter>               Execute the current command
  username              Username for authentication
  vrf                   Download image via specified VRF

      
vyos@vyos:~$ add system image foo.com vrf 
Possible completions:
  <text>                Download image via specified VRF

      
vyos@vyos:~$ add system image foo.com vrf

Task: https://vyos.dev/T2690

n.fort added a comment.Jul 19 2023, 6:23 PM

This could be considred as duplicate task for: https://vyos.dev/T5116

pasik added a subscriber: pasik.Jul 19 2023, 7:45 PM
Apachez added a comment.Jul 25 2023, 7:42 PM

Workaround until "system name-server" becomes vrf aware seems to be to change context into vrf INTERNET and then do a ping with VRF syntax like so:

vyos@vyos:~$ ping 192.36.125.18 vrf INTERNET
PING 192.36.125.18 (192.36.125.18) 56(84) bytes of data.
64 bytes from 192.36.125.18: icmp_seq=1 ttl=59 time=1.31 ms
--- 192.36.125.18 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.310/1.310/1.310/0.000 ms

vyos@vyos:~$ ping ping.sunet.se vrf INTERNET
ping: Unknown host: ping.sunet.se

vyos@vyos:~$ force vrf INTERNET

vyos@vyos:INTERNET:~$ ping ping.sunet.se
/bin/ping: ping.sunet.se: System error

vyos@vyos:INTERNET:~$ ping ping.sunet.se vrf INTERNET
PING ping.sunet.se (192.36.125.18) 56(84) bytes of data.
64 bytes from ping.sunet.se (192.36.125.18): icmp_seq=1 ttl=59 time=1.29 ms
--- ping.sunet.se ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.294/1.294/1.294/0.000 ms

vyos@vyos:INTERNET:~$ exit
logout

vyos@vyos:~$

In this usecase there is no routing configured for VRF Default nor VRF MGMT, but a default route configured for VRF INTERNET.

In a reallife scenario its not impossible that one would like to use one (or more) DNS for VRF MGMT and another set for VRF INTERNET (or whatever VRFs one might setup).

dmbaturin triaged this task as Normal priority.Jan 9 2024, 6:03 PM
dmbaturin added a parent task: T5116: Better VRF support.
kevinrausch added a subscriber: kevinrausch.Jan 16 2024, 2:14 PM
dmbaturin edited projects, added VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.Fri, Apr 12, 2:19 PM