Starting from the config above:
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Apr 10 2024
Apr 10 2024
Viacheslav removed projects from T5279: vrf bind-to-all not working for TCP: VyOS 1.5 Circinus, VyOS 1.4 Sagitta.
set policy local-route rule 101 destination '0.0.0.0/0' set policy local-route rule 101 set table 'local' set policy local-route rule 102 destination '0.0.0.0/0' set policy local-route rule 102 set table 'main' set policy local-route rule 104 destination '0.0.0.0/0' set policy local-route rule 104 set table '170'
I am trying to narrow down how that happens, as my other experiments with vrf look fine.
jestabro closed T6207: image-tools: restore ability to copy config.boot.default on image install, a subtask of T4516: Rewrite system image manipulation tools in Python, as Resolved.
@greywolfe, let us know if you have tested it.
Reopen if you still have the issue.
Close the task as there is no response from the author. And we don't have reports like this.
Viacheslav closed T5534: VRRP rfc3768-compatibility broken after build 1.4-rolling-202308260020 as Resolved N/A.
Viacheslav triaged T6223: The number of symbols for iproute2 kernel interface name is limited as Normal priority.
Viacheslav renamed T6223: The number of symbols for iproute2 kernel interface name is limited from Number of symbols for iproute2 kernel interface name are limited to The number of symbols for iproute2 kernel interface name is limited.
The feature is present in 1.4 and 1.5:
Viacheslav updated the task description for T6223: The number of symbols for iproute2 kernel interface name is limited.
Viacheslav updated the task description for T6223: The number of symbols for iproute2 kernel interface name is limited.
Viacheslav renamed T6223: The number of symbols for iproute2 kernel interface name is limited from Number of symbols for iproute2 kernel interfaces are limited to Number of symbols for iproute2 kernel interface name are limited.
n.fort changed the status of T6216: Firewall group names that contain the '+' character break the config, a subtask of T5938: Migration fail root task for 1.4-rc, from Confirmed to In progress.
n.fort changed the status of T6216: Firewall group names that contain the '+' character break the config from Confirmed to In progress.
n.fort added a comment to T6216: Firewall group names that contain the '+' character break the config.
Viacheslav changed the status of T5795: Better support for dynamic IPv6 prefixes from Open to Needs reporter action.
@vfreex Can you re-check to see if everything works as you expected?
Viacheslav added a comment to T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters.
It is another bug, it should be a separate bug report https://vyos.dev/T6223
natali-rs1985 changed the status of T6141: Trying to set PADO delay in PPPoE server without also configuring the session options causes a commit failure from Open to In progress.
related to T6141
Chrisc-c-c added a comment to T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters.
After a bit more digging it looks like the 15 character limit is a kernel limitation, so the issue is more with how the interfaces are named when creating VRRP groups and no real handling of a scenario where the length is over 15 characters.
Yes, initial not applied. I corrected config and received other error
https://vyos.dev/T3771 was resolved should this one be closed as well given your comment @sever ?
I don't have any issues with your config, but my addresses (of course, I don't have all BGP VPN connections, etc.)
vyos@r4# set vrf name foo table 10101 [edit] vyos@r4# commit [edit] vyos@r4# [edit] vyos@r4# run show ver Version: VyOS 1.5-rolling-202404090019 Release train: current
Chrisc-c-c added a comment to T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters.
Log output when starting keepalived:
Yup... it does not even come back after commit-confirm - so I assume something more severe crashes.
Unfortunately this also breaks after the commit (even tho the "commit" command finalizes). If I recall correctly, a commit-confirm won't reboot the box either - but I'll double check that.
Viacheslav added a comment to T6082: BGP doesn't allow the same local AS and remote AS in peer groups.
@d.shleg As I mentioned the config is not applied by FRR
r4# show run bgpd Building configuration...
Yes, let me try.
Could you try the latest rolling?
Message at 6 March
Initial not confirmed by FRR, but I provided configuration is accepted by FRR but not applied by vyos. Please look messages
Ok. Just to clarify, as T6097 talks about ipv6: This seems to break both ipv6 and ipv4 connectivity for me
Viacheslav added a comment to T6082: BGP doesn't allow the same local AS and remote AS in peer groups.
Your initial configuration and adding a new peer is not acceptable by FRR
vyos@r4# run show ver Version: VyOS 1.5-rolling-202404090019 Release train: current
vyos@r4# compare
[protocols bgp neighbor]
+ 10.177.75.2 {
+ peer-group "OVERLAY"
+ remote-as "64542"
+ }Probably the same task https://vyos.dev/T6097
I only created a vrf (but did not assign it to anything else). Is that intend to break connectivity?
Thats common with other vendors aswell.
Viacheslav closed T5750: Upgrade from 1.3.4 to 1.4 Rolling fails QoS, a subtask of T5938: Migration fail root task for 1.4-rc, as Resolved.
Viacheslav moved T5858: Improve the formatting of conntrack statistics output from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Viacheslav moved T6124: Docker equuleus build image doesn't build due to fpm from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.7) board.
Removed assignee for now in case somebody else wants to fix this?
Removed assignee for now in case somebody else wants to fix this?
Removed assignee for now in case somebody else wants to fix this?
Apachez added a comment to T5694: NTP should always be allowed from localhost and bindaddress/binddevice can only exist once.
Removed assignee for now in case somebody else wants to fix this?
Confirmed this is now fixed.
Sorry guys - I'm on 1.4-epa2 these days but aren't doing VRRP/Conntrack sync anymore.
HollyGurza added a comment to T6106: Improve the commit error message for the case when route-reflector-client option is defined in a peer-group.
i think yes, now we will show frr logs for unhandled exceptions and normal short messages for others e.g. route-reflector-client only supported for iBGP peers
Giggum added a comment to T5694: NTP should always be allowed from localhost and bindaddress/binddevice can only exist once.
I gave it a go due to similarities between this and https://vyos.dev/T6123.
Apr 9 2024
Apr 9 2024
Started on a PR: https://github.com/vyos/vyos-1x/pull/3288
Viacheslav triaged T6218: Container network interface in VRF fails to generate IPv6 link-local address as Normal priority.
My specific use case is a container that requires --sysctl=net.ipv4.conf.all.forwarding=1
jvoss updated the task description for T6218: Container network interface in VRF fails to generate IPv6 link-local address.
Mark it as resolved, reopen the task if required.
Viacheslav added a comment to T6106: Improve the commit error message for the case when route-reflector-client option is defined in a peer-group.
Was it fixed?
Viacheslav changed the status of T6106: Improve the commit error message for the case when route-reflector-client option is defined in a peer-group from In progress to Needs testing.
@MattK Could you re-check and close it?
Viacheslav changed the status of T6132: Conntrack-sync Internal Cache Growing Uncontrollably from Open to Needs reporter action.
Viacheslav changed the status of T6212: Firewall offload counters show always zero from Open to Needs testing.
@tjh Any updates?
By the way there is a new option
vyos@r4# set service conntrack-sync disable-syslog [edit] vyos@r4#
https://conntrack-tools.netfilter.org/manual.html#sync-aa
conntrackd allows you to deploy an symmetric Active-Active setup based on a static approach. For example, assume that you have two virtual IPs, vIP1 and vIP2, and two firewall replicas, FW1 and FW2. You can give the virtual vIP1 to the firewall FW1 and the vIP2 to the FW2.
Viacheslav added a project to T6217: Set the log id of the VRRP contrack-sync script to vyos-vrrp-conntracksync: Restricted Project.
@trae32566 Can you provide the next output?
sudo conntrackd -C /run/conntrackd/conntrackd.conf -s && echo "conntrack_count: " && sudo conntrack -C sudo conntrackd -C /run/conntrackd/conntrackd.conf -s network sudo conntrackd -C /run/conntrackd/conntrackd.conf -s cache sudo conntrackd -C /run/conntrackd/conntrackd.conf -s runtime sudo conntrackd -C /run/conntrackd/conntrackd.conf -s link sudo conntrackd -C /run/conntrackd/conntrackd.conf -s queue
Viacheslav triaged T6217: Set the log id of the VRRP contrack-sync script to vyos-vrrp-conntracksync as Low priority.
n.fort changed the status of T6216: Firewall group names that contain the '+' character break the config from Open to Confirmed.