I have the following:
set protocols bgp as maximum-paths ebgp '3'
set protocols bgp as maximum-paths ibgp '3'
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 3 2020
Apr 3 2020
@Merijn If you don't use ECMP, only one best route will be installed in routing table.
In your case, the best path via 20562 6830 198611 with localpref 140.
In the bgp table, all prefixes will be present.
It's a general BGP Best Path Selection Algorithm.
The same is true for ipv4.
After receiving
zebra[1507]: 0:2804:fa0:8000::/33: Route install failed
GitHub <noreply@github.com> committed rVYOSONEXf91a8869cb1a: Merge pull request #296 from zdc/T1820 (authored by c-po).
Is there a patch to include configuration for this out there somewhere yet? I'd be interested in testing it out; can possibly help with the patch if it's started too.
c-po changed the status of T2206: Split WireGuard endpoint into proper host and port nodes from Open to In progress.
zsdc changed the status of T2193: Display disabled VRRP instances in a `show vrrp` output from Open to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEX5f850ee4f60e: Merge pull request #293 from zdc/T2193 (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXe8d26b914a27: Merge pull request #294 from runborg/fix-vrf-rex (authored by c-po).
jestabro moved T2100: BGP route adverisement wih checks rib from In Progress to Backport Candidates on the VyOS 1.3 Equuleus board.
thomas-mangin added a comment to T2186: Provide more information to the user when a traceback is reported to the user.
I agree: the logs should reflect the actions performed to update the router following the configuration change. As this should be the same each time, we should be able to check a change with a saved replay, as a way to check that all is as should (part of the smoketest testing).
Closed due to inactivity.
zsdc reassigned T1693: DNS Forwarding Services not responding with Allow-From from zsdc to Unknown Object (User).
How about parallel loops?
https://metacpan.org/pod/Parallel::Loops
Apr 2 2020
Apr 2 2020
c-po closed T2200: Add VRF support on wirelessmodem interfaces, a subtask of T1988: Migrate wirelessmodem to new XML/Python style interface, as Resolved.
c-po moved T2200: Add VRF support on wirelessmodem interfaces from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
c-po moved T2202: Update PowerDNS recursor to 4.2 series from Need Triage to In Progress on the VyOS 1.3 Equuleus board.
Viacheslav updated the task description for T2201: Rewrite protocol BGP [op-mode] to new XML/Python style.
c-po changed the status of T2200: Add VRF support on wirelessmodem interfaces, a subtask of T1988: Migrate wirelessmodem to new XML/Python style interface, from Open to In progress.
c-po changed the status of T2200: Add VRF support on wirelessmodem interfaces from Open to In progress.
c-po closed T1823: l2tpv3 interface migration fails, a subtask of T1556: Rewrite Bridge in new style XML syntax, as Resolved.
Both Routers running VyOS 1.2.3
jjakob reopened T2072: Shell autocomplete of option (config node) with quoted value doesn't work as "In progress".
This PR still needs to be merged: https://github.com/vyos/vyatta-cfg/pull/23
The above patch breaks sorting for other nodes that contain text, not a number. We'd need some way to distinguish different node types (text, IP, number,...) and chose different sorts depending on that.
This is only for interfaces, T2175 is for all frr related daemons .. other features need a ticket
zsdc changed the status of T1350: VRRP transition script will be executed once only from Confirmed to Needs testing.
In the current 1.3 branch the original issue was resolved and added STOP script support. It is necessary to test this and review the possibility to backport the solution into 1.2.
Is this only for interfaces or for other rewrites (NAT, Firewall, BGP) too? If so, I'll add all the related tasks.
Why we can't enable this feature by default.
A lot of customers don't use it, and announce their BGP prefix with "network x.x.x.x"
Imagine if you don't have configuration "redistribute connected" or "redistribute static".
If this feature enabled by default in the new release - you update the VyOS, reboot it and lose access to the router.
Because there are no routes /24 as directly connected. Also, you can use more-spec prefixes (/28 /29 /25), not /24.
Prefixes will disappear from the announcements ISPs.
It's impossible to figure out quickly what happened.
Apr 1 2020
Apr 1 2020
GitHub <noreply@github.com> committed rVYOSONEX2e8150e06056: Merge pull request #292 from zdc/T1350 (authored by dmbaturin).
c-po added a comment to T1875: Add the ability to use network address as BGP neighbor (bgp listen range).
I tried adding it but failed miserably. This should best be done with the entire BGP rewrite.
Unknown Object (User) added a comment to T2196: Dynamic ipv4 interface list hairpin.
Ok, as a workaround you can you.
set nat destination rule 102 source address !192.168.68.0/24
set nat destination rule 102 destination port '80' set nat destination rule 102 inbound-interface 'eth2' set nat destination rule 102 protocol 'tcp' set nat destination rule 102 translation address '192.168.68.101' set nat destination rule 102 translation port '80'
How will internal clients gain access to external sites if we forward all packets with dst port 80?
This is just one example.
GitHub <noreply@github.com> committed rVYOSONEX43f0a4d7bccd: Merge pull request #291 from thomas-mangin/T2182-percent (authored by c-po).
Unknown Object (User) added a comment to T2196: Dynamic ipv4 interface list hairpin.
One question, I don't understand why we can't use only port 80 without this dynamic WAN IP address. In any case, you have inbound interface and port, I think this will be enough.
jjakob updated the task description for T2195: Support for encrypted DNS: dnscrypt, DoH, DoT, anonymized DNS.
jjakob triaged T2195: Support for encrypted DNS: dnscrypt, DoH, DoT, anonymized DNS as Wishlist priority.
syncer edited projects for T1563: DNAT configuration issue, added: Invalid; removed VyOS 1.3 Equuleus.
jjakob added a comment to T2158: Commit fails if ethernet interface doesn't support flow control (pause).
What's the reason for enabling flow control by default? I'd have assumed disabled is more common and causes less problems. The node naming is not the best IMO as it has "disable-" in it, more reasonable would be to have a node called "flow-control" that enabled it if set, the default being disabled, and it could have sub-nodes to tweak the exact flow control settings.
I would check in main, before get_status, if a interface is disabled in config, then I'd just print "vtunX is disabled" and skip all other processing for that interface. If a interface is enabled but its status file isn't readable, print "Error: status file for vtunX is not readable" (I'd use try/except around the open in get_status, and return a exception so that main can print the error).
Mar 31 2020
Mar 31 2020
jjakob added a comment to T2158: Commit fails if ethernet interface doesn't support flow control (pause).
I can confirm the above commit fixes booting with interfaces that don't support flow control. I have no way of checking that it properly applies if the interface does support it.
jjakob closed T2137: vyos-build: set debian mirror for building docker image from ./configure as Wontfix.
After discussion on the PR it was determined this functionality wasn't needed.
jjakob changed the status of T2118: Failure to boot after power outage due to dirty filesystem and no fsck in initramfs from Needs testing to Confirmed.
jjakob added a comment to T2118: Failure to boot after power outage due to dirty filesystem and no fsck in initramfs.
I tested it today and it doesn't work yet.
@cpo is it what you have in mind:
c-po updated the task description for T2189: Adding a large port-range will take ~ 20 minutes to commit.