PR https://github.com/vyos/vyos-1x/pull/2084

@trae32566 Thanks I can confirm it is a bug with using commit-archive location, there is a separate task https://vyos.dev/T5348
Thanks

In T775#151897, @trae32566 wrote:

@Viacheslav I'm not sure why, but it appears that after doing this, there is high CPU usage on the secondary side, and eventually it stops responding entirely (bgp sessions go down, no response to anything via icmp) and has to be hard reset; it won't even respond to a console login attempt:

This makes me think something in my firewall configuration is making it unhappy. I can paste my full firewall config somewhere if you'd like, but I'd prefer if it's not public for security reasons (is email fine?).

In T775#151894, @trae32566 wrote:

@Viacheslav I think that fixed it...sorta. It looks like now it does sync successfully, though it appears to time out after awhile for some reason:

trae@cr01a-vyos:~$ configure
[edit]
trae@cr01a-vyos# set firewall name INT_TO_LOCAL rule 80 destination address 192.168.253.2-192.168.253.3                                                                                                                                                                                                                    
[edit]
trae@cr01a-vyos# commit
INFO:vyos_config_sync:Config synchronization: Mode=load, Secondary=cr01b-vyos.int.rtr.trae32566.org

An error occurred: HTTPSConnectionPool(host='cr01b-vyos.int.rtr.trae32566.org', port=443): Read timed out. (read timeout=60)
ERROR:vyos_config_sync:An error occurred: HTTPSConnectionPool(host='cr01b-vyos.int.rtr.trae32566.org', port=443): Read timed out. (read timeout=60)

That being said, it does appear to have set the config on the other side:

trae@cr01b-vyos# show firewall name INT_TO_LOCAL rule 80
 action accept
 description "API access"
 destination {
     address 192.168.253.2-192.168.253.3
 }
 protocol tcp
 source {
     address 192.168.253.2-192.168.253.3
 }
trae@cr01b-vyos# cat /var/log/nginx/access.log 
fd52:d62e:8011:fffe::2 - - [09/Jul/2023:09:54:23 -0500] "POST /configure-section HTTP/1.1" 200 80 "-" "python-requests/2.28.1"
fd52:d62e:8011:fffe::2 - - [09/Jul/2023:09:55:25 -0500] "POST /configure-section HTTP/1.1" 499 0 "-" "python-requests/2.28.1"

Also, If it's any easier / you'd prefer I can set up a Webex or something.

@trae32566 Thanks, could you change one file and comment on one check?

sudo nano -c +140 /run/scripts/commit/post-hooks.d/vyos_config_sync

Set comment

# Config sync only if sections changed
#if not any(map(is_section_revised, sections)):
#    return

@trae32566 Which version on the remote site?

@trae32566 Try the same with ip address, I tested with IPv4 addresses

Check if it exists in the kernel.

zcat /proc/config.gz | grep PARPORT

@Apachez Thanks!

There are several layouts

se-fi-ir209
se-fi-lat6
se-ir209
se-lat6

@daniil could you re-check?

set qos interface eth0 ingress '1G-in'
set qos policy limiter 1G-in default bandwidth '1gbit'
set qos policy limiter 1G-in default burst '125000000b'

Could you explain the use case?
Can you archive it with the class?

vyos@r14# set qos policy limiter test class video match 1 ip dscp 
Possible completions:
   <0-63>               Differentiated Services Codepoint (DSCP) value
   default              match DSCP (000000)
   reliability          match DSCP (000001)
   throughput           match DSCP (000010)
   lowdelay             match DSCP (000100)
   priority             match DSCP (001000)
   immediate            match DSCP (010000)
   flash                match DSCP (011000)
   flash-override       match DSCP (100000)
   critical             match DSCP (101000)
   internet             match DSCP (110000)
   network              match DSCP (111000)
   AF11                 High-throughput data
   AF12                 High-throughput data
   AF13                 High-throughput data
   AF21                 Low-latency data
   AF22                 Low-latency data
   AF23                 Low-latency data
   AF31                 Multimedia streaming
   AF32                 Multimedia streaming
   AF33                 Multimedia streaming
   AF41                 Multimedia conferencing
   AF42                 Multimedia conferencing
   AF43                 Multimedia conferencing
   CS1                  Low-priority data
   CS2                  OAM
   CS3                  Broadcast video
   CS4                  Real-time interactive
   CS5                  Signaling
   CS6                  Network control
   CS7                  None
   EF                   Expedited Forwarding

PR https://github.com/vyos/vyos-1x/pull/2069

PR https://github.com/vyos/vyos-1x/pull/2067

The policy route works only with an interface (inbound direction) and doesn't work otherwise.
It's always been like this.

@ServerForge Could you check if it works as expected?
If yes you can close it.

@cuongdt1994 Could you check it? If it works as expected, we can close it.

Requires to rewrite PIM to get_config_dict https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/protocols_pim.py

PR https://github.com/vyos/vyos-1x/pull/2065

set qos interface eth0 egress 'test'
set qos policy shaper test bandwidth '300mbit'
set qos policy shaper test class 23 bandwidth '150mbit'
set qos policy shaper test class 23 match one ip protocol 'tcp'
set qos policy shaper test class 23 match two ip protocol 'udp'
set qos policy shaper test default bandwidth '20mbit'
set qos policy shaper test default queue-type 'fair-queue'
commit

PR https://github.com/vyos/vyos-1x/pull/2065

set qos interface eth0 ingress '300m-in'
set qos policy limiter 300m-in default bandwidth '300mbit'
set qos policy limiter 300m-in default burst '125000000b'
commit

Wireguard is not yet exists in the system when tun is already exists due to priority

vyos@r14:~$ /opt/vyatta/sbin/priority.pl | match "tun|wireguard"
380 interfaces/tunnel
381 interfaces/wireguard

Try set protocols bgp neighbor eth1 interface remote-as xxx

The issue was fixed with update container image vyos/vyos-build:current to the latest

e2 it is a temporary name to rename ethX in correct way
You have to use “ethernet ethX address x.x.x.x”

@apasheev it were rewritten in https://github.com/vyos/vyos-1x/pull/1567/files#diff-7839502816137d55f673c064e6ec87a2eed7dc80563b1e307363c3e4b090a2b3R302

set policy route-map FOO rule 10 set extcommunity rt '1111:2222222'
set policy route-map FOO rule 10 set extcommunity rt '33:444'
set policy route-map FOO rule 10 action permit

PR https://github.com/vyos/vyos-1x/pull/2059
PR https://github.com/vyos/vyos-build/pull/369

There is the similar task https://vyos.dev/T1518

@fernando It seems related task https://vyos.dev/T5302

PR https://github.com/vyos/vyos-1x/pull/2051

vyos@r14# run show conf com | match cont
set container name c1 allow-host-networks
set container name c1 description 'foof'
set container name c1 image 'busybox'
set container name c1 volume myvlm destination '/tmp'
set container name c1 volume myvlm propagation 'rshared'
set container name c1 volume myvlm source '/tmp'
set system sysctl parameter net.ipv4.tcp_congestion_control value 'bbr'
[edit]
vyos@r14# 
[edit]
vyos@r14# sudo podman inspect -f '{{.Mounts}}' c1
[{bind  /tmp /tmp   [nosuid nodev rbind] true rshared}]
[edit]
vyos@r14#

It fixes for shaper but breaks the policer
Policer uses limits in tc filter

In T4989#150726, @daniil wrote:

Now the traffic limiter is broken.

 interface br100 {
     ingress 1G-in
 }
 policy {
     limiter 1G-in {
         default {
             bandwidth 1gbit
             burst 125000000b
         }
     }
}

tc filter show dev br100 ingress

is empty, upload traffic is not limited.

Fixed in https://github.com/vyos/vyos-1x/pull/2047 https://vyos.dev/T5256

set qos interface eth0 egress 'test'
set qos policy shaper test bandwidth '330mbit'
set qos policy shaper test class 23 bandwidth '50%'
set qos policy shaper test class 23 match icmpv4 ip protocol 'icmp'
set qos policy shaper test default bandwidth '300mbit'
set qos policy shaper test default queue-type 'fair-queue'