PR for 1.5 https://github.com/vyos/vyos-1x/pull/2687

PR for 1.5 https://github.com/vyos/vyos-1x/pull/2683

PR for VyOS 1.5 https://github.com/vyos/vyos-1x/pull/2682 which will also be backported to 1.4

The same task T5712

In T160#168646, @danielpo wrote:

That's great!
I tried running make interface_definitions in vyos-1x and copy in the changed files into my vyos install, but the files kept disappearing when rebooting, and couldn't figure out how to build an iso with your vyos 1-x repo.

So I wil try it when there is a vyos rolling iso available.

PR:
https://github.com/vyos/vyos-1x/pull/2679

Actually, it doesn't! :(
{F4050258}

Latest 1.5 rolling ISO has it

That's great!
I tried running make interface_definitions in vyos-1x and copy in the changed files into my vyos install, but the files kept disappearing when rebooting, and couldn't figure out how to build an iso with your vyos 1-x repo.

PR https://github.com/vyos/vyos-1x/pull/2677

set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 address '192.168.122.10/24'
set interfaces ethernet eth2 address '2001:db8::1/64'

I usually do debug this way https://github.com/vyos/vyos-1x/blob/dfbc854157fa4655a8f459b2447df64dc74119d1/src/helpers/vyos-failover.py#L181-L183

if you are running the netfilter implementation, I think the iptables mangle is handled automatically.(I verified this by changing my Jool to netfilter and removed these lines below:

ip6tables -t mangle -A PREROUTING --destination 64:ff9b::/96 -j JOOL --instance default
iptables  -t mangle -A PREROUTING --destination 172.21.8.202 -p tcp --dport 1:65535 -j JOOL --instance default
iptables  -t mangle -A PREROUTING --destination 172.21.8.202 -p udp --dport 1:65535 -j JOOL --instance default
iptables  -t mangle -A PREROUTING --destination 172.21.8.202 -p icmp -j JOOL --instance default

I stil haven't tried nat64, but quick config example, for nat64 for single ipv6 address is not allowed by our cli:

@danielpo marking IPv6 packet is possible

set policy route6 PBR6 interface 'eth1'
set policy route6 PBR6 rule 100 set mark '4'
set policy route6 PBR6 rule 100 source address '2001:db8::/64'

Confirmed working properly in 1.4.0-rc1

Some users have issues https://forum.vyos.io/t/grub-menu-fails-to-load-on-serial-only-devices-with-no-kvm/

@Viacheslav
First of all, thanks for the failover feature!
If you have enough time, please take a look at this bugreport.

This would be a useful feature to have.

Is it possible to add support for policy routing?

@zsdc Can we backport it?

It won't be implemented for 1.3.x due to old backend

Fq_codel was added for 1.4/1.5 in T5489
Not planning to do it for 1.3 now

Not sure if Jool supports it.
As I understand, it is better to have a separate address for translations, otherwise, you should define ports for 64 translations. If you set 1-65535 for the "main" address, you will lose connections and can't use those ports for the system (they will be available only for translations)
Jool uses its own bib table instead of conntrack to manage nat mappings.
So you should add a separate pool only for translations.

Is it possible to add a feature of setting the translation pool address to follow an interface IP address similar to nat44's source masquerade for those with dynamic public IPv4 addresses?

New PR https://github.com/vyos/vyos-1x/pull/2665

Should be fixed in T5817
Could you re-check?

I finally got a chance to dive into this some more.