- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
May 6 2021
May 6 2021
It seems a bug with frr-reload
! router bgp 64500 vrf foo no bgp ebgp-requires-policy no bgp network import-check exit ! vrf foo ip protocol bgp route-map RMAP exit-vrf ! route-map RMAP permit 10 set tag 555 ! line vty !
Update I find an example
! vrf foo ip protocol bgp route-map RMAP exit-vrf ! router bgp 64500 vrf foo no bgp ebgp-requires-policy no bgp network import-check !
@ernstjo
Is it supported by FRR?
Can you provide an example?
May 5 2021
May 5 2021
@rob it fixed in the latest 1.3 with commit https://github.com/vyos/vyos-1x/commit/c7430fbb8738d76e63a6972b7399fa39572e2254
probably just not hit at that time in 1.3-rc4
May 4 2021
May 4 2021
Viacheslav added a comment to T3516: FRR 7.5 adds a second route when you attempt to change a static route distance instead of overwriting the old route.
One solution for it:
vyos_bld@3c88687662fe:/vyos/work/T3516/vyatta-cfg-quagga$ git diff diff --git a/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def b/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def index f8bc9270..991a30ee 100644 --- a/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def +++ b/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def @@ -14,7 +14,10 @@ end: if ! ${vyatta_sbindir}/vyatta-next-hop-check $VAR(../@) ipv4 interface; then exit 1; fi + DIST=`cli-shell-api returnEffectiveValue protocols static interface-route $VAR(../@) next-hop-interface $VAR(@) distance` + vtysh -c "configure terminal" \ + -c "no ip route $VAR(../@) $VAR(@) $DIST" \ -c "no ip route $VAR(../@) $VAR(@)" else if [[ -n "$VAR(./distance/@)" ]]; then diff --git a/templates/protocols/static/route/node.tag/next-hop/node.def b/templates/protocols/static/route/node.tag/next-hop/node.def index 0574781d..44a39bfb 100644 --- a/templates/protocols/static/route/node.tag/next-hop/node.def +++ b/templates/protocols/static/route/node.tag/next-hop/node.def @@ -16,10 +16,12 @@ end: if ! ${vyatta_sbindir}/vyatta-next-hop-check $VAR(../@) ipv4 address; then exit 1; fi + DIST=`cli-shell-api returnEffectiveValue protocols static route $VAR(../@) next-hop $VAR(@) distance` if ${vyatta_sbindir}/vyatta-gateway-static_route-check.pl \ "$VAR(../@)" "$VAR(@)" then vtysh -c "configure terminal" \ + -c "no ip route $VAR(../@) $VAR(@) $DIST" \ -c "no ip route $VAR(../@) $VAR(@)" fi else
Viacheslav updated the task description for T3516: FRR 7.5 adds a second route when you attempt to change a static route distance instead of overwriting the old route.
Viacheslav updated the task description for T3516: FRR 7.5 adds a second route when you attempt to change a static route distance instead of overwriting the old route.
Apr 30 2021
Apr 30 2021
@greywolfe Can you explain, which records/params do you expect?
Is that correct?
Apr 29 2021
Apr 29 2021
Already in 1.4
set protocols bgp address-family ipv4-flowspec
Already in 1.3 and 1.4
Already in 1.3.
Viacheslav reopened T2512: vyatta-op-quagga [show ip] to XML format, a subtask of T2511: Migrate vyatta-op-quagga to new XML format, as Open.
ipv6 still in old format
Viacheslav closed T2512: vyatta-op-quagga [show ip] to XML format, a subtask of T2511: Migrate vyatta-op-quagga to new XML format, as Resolved.
A possible reason it tried to remove " neighbor 10.0.0.2 remote-as 65002" after " neighbor 10.0.0.2 interface peer-group foo"
But if we delete " neighbor 10.0.0.2 interface peer-group foo" it also delete and "" neighbor 10.0.0.2 remote-as 65002"
So it can't delete this string
@Dmitry Is it works if you include config as "global parameter" without patching?
Viacheslav added a subtask for T3116: Support back-end L4 level load balancing: T3209: Load balancing rules in firewall.
Viacheslav added a parent task for T3209: Load balancing rules in firewall: T3116: Support back-end L4 level load balancing.
Apr 28 2021
Apr 28 2021
vyos@r4-1.3:~$ show ipv6 route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected routePR's for Equuleus, save frr configurations.
https://github.com/vyos/vyatta-cfg/pull/39
https://github.com/vyos/vyatta-cfg-quagga/pull/75
Viacheslav added a comment to T3333: "show vpn ipsec sa" reports ESP tunnels to be up when they are not..
For crux we use parser of " ipsec statusall {peer}"
Output if IKE established and esp SA not installed
vyos@r2-lts:~$ sudo ipsec statusall peer-192.0.2.1-tunnel-vti | grep Connections -A 50 Connections: peer-192.0.2.1-tunnel-vti: 192.0.2.2...192.0.2.1 IKEv1 peer-192.0.2.1-tunnel-vti: local: [192.0.2.2] uses pre-shared key authentication peer-192.0.2.1-tunnel-vti: remote: [192.0.2.1] uses pre-shared key authentication peer-192.0.2.1-tunnel-vti: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL Security Associations (2 up, 0 connecting): peer-192.0.2.1-tunnel-vti[3]: ESTABLISHED 12 minutes ago, 192.0.2.2[192.0.2.2]...192.0.2.1[192.0.2.1] peer-192.0.2.1-tunnel-vti[3]: IKEv1 SPIs: 0ab8c2ee5815350e_i 271fba46aab245da_r*, pre-shared key reauthentication in 29 minutes peer-192.0.2.1-tunnel-vti[3]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Viacheslav edited projects for T3333: "show vpn ipsec sa" reports ESP tunnels to be up when they are not., added: VyOS 1.2 Crux (VyOS 1.2.8); removed VyOS 1.2 Crux.
Viacheslav added a comment to T3333: "show vpn ipsec sa" reports ESP tunnels to be up when they are not..
PR for Equuleus https://github.com/vyos/vyos-1x/pull/823
Apr 27 2021
Apr 27 2021
Viacheslav changed the status of T3425: Scripts from the /config/scripts/ folder do not run on live system from In progress to Needs testing.
@joolli Re-check please it in any Linux system with the option "-I "
Is it different?
ping -I dum0 10.0.12.40
Viacheslav moved T3455: system users can not be added in "edit" from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Works perfect in VyOS 1.4-rolling-202104260417
sa_data wrong format
vyos@r6-roll:~$ show vpn ipsec sa [[b'peer-203.0.113.2-tunnel-vti', 'up', '4m33s', '168B/168B', '2/2', '203.0.113.2', 'N/A', 'AES_CBC_256/HMAC_SHA1_96/MODP_1024'], ['peer-192.0.2.2-tunnel-vti', 'down', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A']] Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------------------------ ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- b'peer-203.0.113.2-tunnel-vti' up 4m33s 168B/168B 2/2 203.0.113.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-vti down N/A N/A N/A N/A N/A N/A vyos@r6-roll:~$
Apr 26 2021
Apr 26 2021
@Yuanandyuan Can you reproduce it with vyos cli? Or it raw podman commands?
Apr 19 2021
Apr 19 2021
Viacheslav changed the status of T3471: DHCP hook is not able to detect all running DHCP instances from Open to Needs testing.
Workaround set raw option "config /path/to/config/file"
Apr 16 2021
Apr 16 2021
@jestabro Cool!!!
Apr 15 2021
Apr 15 2021
Viacheslav changed the status of T3333: "show vpn ipsec sa" reports ESP tunnels to be up when they are not., a subtask of T2641: Rewrite vpn ipsec OP commands in new style XML syntax, from Open to Needs testing.
Viacheslav changed the status of T3333: "show vpn ipsec sa" reports ESP tunnels to be up when they are not. from Open to Needs testing.
Apr 14 2021
Apr 14 2021
Viacheslav added a comment to T3333: "show vpn ipsec sa" reports ESP tunnels to be up when they are not..
Viacheslav closed T3055: op-mode incorrect naming for ipsec policy-based tunnels , a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, as Resolved.
Apr 13 2021
Apr 13 2021
- A̶d̶d̶ ̶c̶h̶e̶c̶k̶s̶ ̶t̶o̶ ̶p̶r̶e̶v̶e̶n̶t̶ ̶s̶e̶t̶ ̶i̶p̶ ̶a̶d̶d̶r̶e̶s̶s̶ ̶f̶o̶r̶ ̶c̶o̶n̶t̶a̶i̶n̶e̶r̶ ̶o̶u̶t̶ ̶o̶f̶ ̶r̶a̶n̶g̶e̶ ̶"̶p̶r̶e̶f̶i̶x̶" done
set container name alp02 image 'alpine' set container name alp02 network NET01 address '192.0.2.1' set container network NET01 ipv4-prefix '10.0.0.0/24
error
time="2021-04-14T00:52:03+03:00" level=error msg="Error adding network: failed to allocate all requested IPs: 192.0.2.1" time="2021-04-14T00:52:03+03:00" level=error msg="Error while adding pod to CNI network \"NET01\": failed to allocate all requested IPs: 192.0.2.1" Error: unable to start container "60f20a2b517b4f828bef5683cd8a20504aa984648a0911f7f8df5c1a064d2625": error configuring network namespace for container 60f20a2b517b4f828bef5683cd8a20504aa984648a0911f7f8df5c1a064d2625: failed to allocate all requested IPs: 192.0.2.1
Viacheslav moved T3431: Show version all bug from Open to Backport Candidates on the VyOS 1.4 Sagitta board.
Viacheslav changed the status of T3455: system users can not be added in "edit" from Open to Needs testing.
Viacheslav moved T3032: Ability to "set table" in the policy route-map from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.8) board.
Viacheslav added a project to T3032: Ability to "set table" in the policy route-map: VyOS 1.2 Crux (VyOS 1.2.8).
Apr 12 2021
Apr 12 2021
Viacheslav added a comment to T3467: cannot set vrrp virtual-address with /31 mask when router uses networkaddress..
The reason these validations https://github.com/vyos/vyos-1x/blob/aca3254d96d01cc37c9e15e02e500a36f3708959/interface-definitions/vrrp.xml#L220-L224
There is no such problem in version 1.4.
Viacheslav changed the status of T3467: cannot set vrrp virtual-address with /31 mask when router uses networkaddress. from Open to Confirmed.
Apr 9 2021
Apr 9 2021
Viacheslav added a comment to T3467: cannot set vrrp virtual-address with /31 mask when router uses networkaddress..
@olofl which version?
Apr 8 2021
Apr 8 2021
If you add neighbor/commit and after that commit adding "set protocols bgp parameters default no-ipv4-unicast" it can not be accepted. Because neighbor was added before this command.
Re-create neighbor and commit. And check again.
Apr 7 2021
Apr 7 2021
You can't/don't need to set local-as for neighbor [ if neighbor local as == your global asn ]
Can you send a code error?
Apr 5 2021
Apr 5 2021
Fixed. 1.2.7, VyOS 1.3.0-rc3, VyOS 1.4-rolling-202104041918
Viacheslav changed the status of T1894: FRR config not loaded after daemons segfault or restart, a subtask of T3217: Save FRR configuration on each commit, from Open to Needs testing.
Viacheslav changed the status of T1894: FRR config not loaded after daemons segfault or restart from Open to Needs testing.
Viacheslav added a project to T1894: FRR config not loaded after daemons segfault or restart: VyOS 1.4 Sagitta.
Apr 4 2021
Apr 4 2021
Viacheslav added a comment to T3456: firewall: rules that should be deleted seem to be still in use.
The same with "policy" /usr/libexec/vyos/tests/config/dialup-router-medium-vpn