- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
May 12 2021
set policy route-map ASxxx-CUS-IN6 rule 10 action 'permit' set policy route-map ASxxx-CUS-IN6 rule 10 set large-community '65:23:1 additive'
May 11 2021
Frr itself doesn't allow to set longer-prefixes without "prefix"
r4-1.3# show ip route 1.1.1.1 <cr> json JavaScript Object Notation nexthop-group Nexthop Group Information
May 10 2021
Can you change update source from eth0 to x.x.x.x?
I think there is no routes to neighbor
So you get it via default-route
You need to declare /32 route
Or use option
“ set protocols bgp neighbor <address|interface> disable-connected-check”
it not directly connected neighbours It can’t determine route to the next hop.
Try to set /32 route to ipv4 next hop and check again.
@francis We don't know anything about this issue.
And it difficult to say without the current configuration.
May 8 2021
@rherold can you recheck it? Or say is it real 1.3.0-rc4?
I can't reproduce it.
May 7 2021
set vpn ipsec site-to-site peer 100.64.0.2 dhcp-interface eth1
Which proper format do we need?
For example 2 tunnels:
peer-100.64.0.2-tunnel-0
peer-100.64.0.2-tunnel-1
Maybe related task T3505 which deletes the default route for DHCP in the commit.
May 6 2021
@carl.byington is it working in 1.3?
It seems a bug with frr-reload
! router bgp 64500 vrf foo no bgp ebgp-requires-policy no bgp network import-check exit ! vrf foo ip protocol bgp route-map RMAP exit-vrf ! route-map RMAP permit 10 set tag 555 ! line vty !
Update I find an example
! vrf foo ip protocol bgp route-map RMAP exit-vrf ! router bgp 64500 vrf foo no bgp ebgp-requires-policy no bgp network import-check !
@ernstjo
Is it supported by FRR?
Can you provide an example?
May 5 2021
@rob it fixed in the latest 1.3 with commit https://github.com/vyos/vyos-1x/commit/c7430fbb8738d76e63a6972b7399fa39572e2254
probably just not hit at that time in 1.3-rc4
May 4 2021
One solution for it:
vyos_bld@3c88687662fe:/vyos/work/T3516/vyatta-cfg-quagga$ git diff diff --git a/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def b/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def index f8bc9270..991a30ee 100644 --- a/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def +++ b/templates/protocols/static/interface-route/node.tag/next-hop-interface/node.def @@ -14,7 +14,10 @@ end: if ! ${vyatta_sbindir}/vyatta-next-hop-check $VAR(../@) ipv4 interface; then exit 1; fi + DIST=`cli-shell-api returnEffectiveValue protocols static interface-route $VAR(../@) next-hop-interface $VAR(@) distance` + vtysh -c "configure terminal" \ + -c "no ip route $VAR(../@) $VAR(@) $DIST" \ -c "no ip route $VAR(../@) $VAR(@)" else if [[ -n "$VAR(./distance/@)" ]]; then diff --git a/templates/protocols/static/route/node.tag/next-hop/node.def b/templates/protocols/static/route/node.tag/next-hop/node.def index 0574781d..44a39bfb 100644 --- a/templates/protocols/static/route/node.tag/next-hop/node.def +++ b/templates/protocols/static/route/node.tag/next-hop/node.def @@ -16,10 +16,12 @@ end: if ! ${vyatta_sbindir}/vyatta-next-hop-check $VAR(../@) ipv4 address; then exit 1; fi + DIST=`cli-shell-api returnEffectiveValue protocols static route $VAR(../@) next-hop $VAR(@) distance` if ${vyatta_sbindir}/vyatta-gateway-static_route-check.pl \ "$VAR(../@)" "$VAR(@)" then vtysh -c "configure terminal" \ + -c "no ip route $VAR(../@) $VAR(@) $DIST" \ -c "no ip route $VAR(../@) $VAR(@)" fi else
Apr 30 2021
@greywolfe Can you explain, which records/params do you expect?
Is that correct?
Apr 29 2021
Already in 1.4
set protocols bgp address-family ipv4-flowspec
Already in 1.3 and 1.4
Already in 1.3.
ipv6 still in old format
A possible reason it tried to remove " neighbor 10.0.0.2 remote-as 65002" after " neighbor 10.0.0.2 interface peer-group foo"
But if we delete " neighbor 10.0.0.2 interface peer-group foo" it also delete and "" neighbor 10.0.0.2 remote-as 65002"
So it can't delete this string
@Dmitry Is it works if you include config as "global parameter" without patching?
Apr 28 2021
vyos@r4-1.3:~$ show ipv6 route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected routePR's for Equuleus, save frr configurations.
https://github.com/vyos/vyatta-cfg/pull/39
https://github.com/vyos/vyatta-cfg-quagga/pull/75
For crux we use parser of " ipsec statusall {peer}"
Output if IKE established and esp SA not installed
vyos@r2-lts:~$ sudo ipsec statusall peer-192.0.2.1-tunnel-vti | grep Connections -A 50 Connections: peer-192.0.2.1-tunnel-vti: 192.0.2.2...192.0.2.1 IKEv1 peer-192.0.2.1-tunnel-vti: local: [192.0.2.2] uses pre-shared key authentication peer-192.0.2.1-tunnel-vti: remote: [192.0.2.1] uses pre-shared key authentication peer-192.0.2.1-tunnel-vti: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL Security Associations (2 up, 0 connecting): peer-192.0.2.1-tunnel-vti[3]: ESTABLISHED 12 minutes ago, 192.0.2.2[192.0.2.2]...192.0.2.1[192.0.2.1] peer-192.0.2.1-tunnel-vti[3]: IKEv1 SPIs: 0ab8c2ee5815350e_i 271fba46aab245da_r*, pre-shared key reauthentication in 29 minutes peer-192.0.2.1-tunnel-vti[3]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
PR for Equuleus https://github.com/vyos/vyos-1x/pull/823
Apr 27 2021
@joolli Re-check please it in any Linux system with the option "-I "
Is it different?
ping -I dum0 10.0.12.40
Works perfect in VyOS 1.4-rolling-202104260417