Page MenuHomeVyOS Platform
Create Task
Maniphest T6558

VRF removals are not validated against VRF usage
Open, WishlistPublicBUG
Actions

Description

verify() in conf_mode/vrf.py does not fully check for all possible bindings to a VRF when it is being removed.

There are 2 checks right now against VRF removal:

  • Do any interfaces belong to the VRF still?
  • Do legacy static routes belong to the VRF?

The legacy route check does not work - it's looking for the old node path under protocols. This isn't a big problem because that was all relocated under the vrf top level node.

Doing a grep over interface-defs for include/constraint/vrf, include/listen-address-vrf and include/vrf-multi returns a good list of VRF binding points, many of which aren't covered. Aside from interfaces, the problems appear to be:

  • VRF-aware service bindings
  • Policy elements
  • Route leaks

Removing a VRF without cleaning up these elements will lead to possible runtime config problems when further changes are made and definite configuration errors on next reboot.

Details

Version
-
Is it a breaking change?
Stricter validation
Issue type
Bug (incorrect behavior)

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenFEATURE REQUESTNoneT5116 Better VRF support
 OpenBUGNoneT6558 VRF removals are not validated against VRF usage

Event Timeline

talmakion created this task.Jul 5 2024, 9:45 AM
pasik subscribed.Jul 7 2024, 1:56 PM
Viacheslav triaged this task as Wishlist priority.Jul 8 2024, 8:12 AM
dmbaturin added a project: Bugs.Sep 15 2024, 5:04 PM
syncer edited projects, added VyOS Rolling; removed VyOS 1.5 Circinus.Nov 1 2024, 7:14 PM
syncer changed the subtype of this task from "Feature Request" to "Bug".
syncer moved this task from Need Triage to Backlog - Bug on the VyOS Rolling board.