PR https://github.com/vyos/vyos-1x/pull/2105

set system sflow interface 'eth0'
set system sflow interface 'eth1'
set system sflow server 127.0.0.1

Actualy is just exports TMOUT option per login

In T5364#153398, @troggie wrote:

In T5364#153397, @Viacheslav wrote:

I'm wondering about the syntax
Will it be enough?

set service pppoe-server pado-delay 0

I think we should include the sessions incase there multiple PPPOE services and people want to spread the load across multiple devices?
Or maybe an option to allow without sessions as well as allow with sessions - make the system versatile ?

I'm wondering about the syntax
Will it be enough?

set service pppoe-server pado-delay 0

Will be fixed in the next rolling release.

PR https://github.com/vyos/vyos-1x/pull/2102

In T5363#153177, @Apachez wrote:

I think this should be configured through a config option if bash-history should be retained or not (by default it shouldnt for regular users and equal to root).

It can for security reasons be argued that history should only exist in current session but when user logs out it should be removed.

This way in a multiuser environment one user cannot steal potential sensitive data from another user.

If security logging (what a particular user have done to the system when logged in) is needed this should be done remotely through syslog or similar.

Something wrong with this template https://github.com/vyos/vyos-1x/blob/d2540ac4c6fc05991b18cf0e2434fbb6d5f3c2cf/data/templates/lldp/vyos.conf.j2#L7

It should be configurable as an option but not by default.

It is not fully implemented.
You have to set the URL to a JSON file with System versions, which not exists for now (there is no permanent URL for it), so it will be in the future developments.

FRR does not support it
Allows only full multicast table

r11# clear ip 
...
  mroute       IP multicast routing table

https://github.com/vyos/vyos-1x/blob/d2540ac4c6fc05991b18cf0e2434fbb6d5f3c2cf/src/init/vyos-router#L327
https://github.com/vyos/vyos-1x/blob/d2540ac4c6fc05991b18cf0e2434fbb6d5f3c2cf/src/conf_mode/system-login.py#L392-L393

PR https://github.com/vyos/vyos-1x/pull/2101

Fixed with enabling offloads https://vyos.dev/T3619

vyos@r14# set interfaces ethernet eth0 offload 
Possible completions:
   gro                  Enable Generic Receive Offload
   gso                  Enable Generic Segmentation Offload
   lro                  Enable Large Receive Offload
   rfs                  Enable Receive Flow Steering
   rps                  Enable Receive Packet Steering
   sg                   Enable Scatter-Gather
   tso                  Enable TCP Segmentation Offloading

It possible with

set protocols bgp 65001 parameters default no-ipv4-unicast

It seems to work fine (VyOS 1.4-rolling-202307120317).

vyos@r14# set interfaces ethernet eth1 description 123
[edit]
vyos@r14# commit
[edit]
vyos@r14# compare 1
[interfaces ethernet eth1]
+ description "123"

Updated link https://github.com/vyos/vyatta-cfg-quagga/blob/2fa0f52e45f4491b760cf03e72c871020492dfb7/templates/protocols/ospf/passive-interface/node.def#L29-L35

We will not update FRR to 8.x for 1.3 LTS releases.

PR https://github.com/vyos/vyos-1x/pull/2084

@trae32566 Thanks I can confirm it is a bug with using commit-archive location, there is a separate task https://vyos.dev/T5348
Thanks

In T775#151897, @trae32566 wrote:

@Viacheslav I'm not sure why, but it appears that after doing this, there is high CPU usage on the secondary side, and eventually it stops responding entirely (bgp sessions go down, no response to anything via icmp) and has to be hard reset; it won't even respond to a console login attempt:

This makes me think something in my firewall configuration is making it unhappy. I can paste my full firewall config somewhere if you'd like, but I'd prefer if it's not public for security reasons (is email fine?).

In T775#151894, @trae32566 wrote:

@Viacheslav I think that fixed it...sorta. It looks like now it does sync successfully, though it appears to time out after awhile for some reason:

trae@cr01a-vyos:~$ configure
[edit]
trae@cr01a-vyos# set firewall name INT_TO_LOCAL rule 80 destination address 192.168.253.2-192.168.253.3                                                                                                                                                                                                                    
[edit]
trae@cr01a-vyos# commit
INFO:vyos_config_sync:Config synchronization: Mode=load, Secondary=cr01b-vyos.int.rtr.trae32566.org

An error occurred: HTTPSConnectionPool(host='cr01b-vyos.int.rtr.trae32566.org', port=443): Read timed out. (read timeout=60)
ERROR:vyos_config_sync:An error occurred: HTTPSConnectionPool(host='cr01b-vyos.int.rtr.trae32566.org', port=443): Read timed out. (read timeout=60)

That being said, it does appear to have set the config on the other side:

trae@cr01b-vyos# show firewall name INT_TO_LOCAL rule 80
 action accept
 description "API access"
 destination {
     address 192.168.253.2-192.168.253.3
 }
 protocol tcp
 source {
     address 192.168.253.2-192.168.253.3
 }
trae@cr01b-vyos# cat /var/log/nginx/access.log 
fd52:d62e:8011:fffe::2 - - [09/Jul/2023:09:54:23 -0500] "POST /configure-section HTTP/1.1" 200 80 "-" "python-requests/2.28.1"
fd52:d62e:8011:fffe::2 - - [09/Jul/2023:09:55:25 -0500] "POST /configure-section HTTP/1.1" 499 0 "-" "python-requests/2.28.1"

Also, If it's any easier / you'd prefer I can set up a Webex or something.

@trae32566 Thanks, could you change one file and comment on one check?

sudo nano -c +140 /run/scripts/commit/post-hooks.d/vyos_config_sync

Set comment

# Config sync only if sections changed
#if not any(map(is_section_revised, sections)):
#    return

@trae32566 Which version on the remote site?

@trae32566 Try the same with ip address, I tested with IPv4 addresses

Check if it exists in the kernel.

zcat /proc/config.gz | grep PARPORT

@Apachez Thanks!

There are several layouts

se-fi-ir209
se-fi-lat6
se-ir209
se-lat6

@daniil could you re-check?

set qos interface eth0 ingress '1G-in'
set qos policy limiter 1G-in default bandwidth '1gbit'
set qos policy limiter 1G-in default burst '125000000b'

Could you explain the use case?
Can you archive it with the class?

vyos@r14# set qos policy limiter test class video match 1 ip dscp 
Possible completions:
   <0-63>               Differentiated Services Codepoint (DSCP) value
   default              match DSCP (000000)
   reliability          match DSCP (000001)
   throughput           match DSCP (000010)
   lowdelay             match DSCP (000100)
   priority             match DSCP (001000)
   immediate            match DSCP (010000)
   flash                match DSCP (011000)
   flash-override       match DSCP (100000)
   critical             match DSCP (101000)
   internet             match DSCP (110000)
   network              match DSCP (111000)
   AF11                 High-throughput data
   AF12                 High-throughput data
   AF13                 High-throughput data
   AF21                 Low-latency data
   AF22                 Low-latency data
   AF23                 Low-latency data
   AF31                 Multimedia streaming
   AF32                 Multimedia streaming
   AF33                 Multimedia streaming
   AF41                 Multimedia conferencing
   AF42                 Multimedia conferencing
   AF43                 Multimedia conferencing
   CS1                  Low-priority data
   CS2                  OAM
   CS3                  Broadcast video
   CS4                  Real-time interactive
   CS5                  Signaling
   CS6                  Network control
   CS7                  None
   EF                   Expedited Forwarding

PR https://github.com/vyos/vyos-1x/pull/2069

PR https://github.com/vyos/vyos-1x/pull/2067

The policy route works only with an interface (inbound direction) and doesn't work otherwise.
It's always been like this.