In T1289#78883, @Viacheslav wrote:Like this?
vyos@r4-roll# set policy route-map FJFFJJF rule 10 set ip-next-hop Possible completions: <x.x.x.x> IP addresswhere x.x.x.x route to blackhole?
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Oct 30 2020
Oct 30 2020
GitHub <noreply@github.com> committed rVYOSONEX6b5ddd5e03a7: Merge pull request #588 from sever-sever/T3031 (authored by c-po).
Like this?
In T1289#35636, @dmbaturin wrote:The usual procedure is to create a route-map that sets the nexthop to a blackholed address if the advertisment has a specific community string set.
So when a customer advertises an address (rather a /32 network) to you with that string set, it automatically ends up blackholed.Do you just want a shortcut for that, or you are having issues with community string-based approach?
This logic does not allow for the complete removal of the protocol.
https://github.com/vyos/vyatta-cfg-quagga/blob/32cbb1e5059c6c27449b7013f790aff1c50a9831/templates/protocols/ospf/passive-interface/node.def#L29-L35
@rizkidtn Update, please your request. Is the community works for you for blackholing?
I found some interesting information, it seems that inbound/outbound port mirroring can be achieved
Viacheslav changed the status of T3032: Ability to "set table" in the policy route-map from Open to Needs testing.
Can you please share the entire configuration and version of the VyOS to reproduce the issue in the lab.
Oct 29 2020
Oct 29 2020
Unknown Object (User) created T3031: Error in Equuleus' help for IPv6 ECMP.
set interfaces ethernet eth1 ipv6 address no-default-link-local is the right command, yes
Bug ;) will be fixed soon
Yes, but iptables tee seems to support packet copy of various rules
Do you mean that?
set interfaces ethernet eth1 mirror
- Not all interfaces can be used as "update-source"
Missed "vti | dum | lo" etc.
https://github.com/vyos/vyos-1x/blob/current/interface-definitions/protocols-bgp.xml.in#L639
GitHub <noreply@github.com> committed rVYOSONEX736ca991e86d: Merge pull request #587 from sever-sever/T2850 (authored by c-po).
PR https://github.com/vyos/vyos-1x/pull/587
Fix the FRR template for new bgp implementation.
GitHub <noreply@github.com> committed rVYOSONEXaed4cac87220: Merge pull request #586 from cjeanneret/nginx-redirect (authored by jestabro).
cjeanneret added a comment to T3029: Generated NGINX configuration is wrong for the redirection (http -> https).
Pull request is up: https://github.com/vyos/vyos-1x/pull/586
Viacheslav added a comment to T2587: Cannot enable the interface when the MTU is set to less than 1280.
How to do it?
Oct 28 2020
Oct 28 2020
zsdc changed the status of T3028: Create a default user when metadata is not available (for Cloud-init builds) from In progress to Needs testing.
You actually can when setting ipv6 disable-link-local addressing on the particular interface.
vyos@vyos# set interfaces ethernet eth2 mtu 16000 [edit] vyos@vyos# commit [ interfaces ethernet eth2 ] Interface MTU too high, maximum supported MTU is 9000!
The root cause for this is the sha256 checksum file itself. It contains the hash and the filename. When running sha256 --check during the upgrade it expects the "real" filename when calculating and verifying the hash. The real filename differs when using the vyos-rolling-latest.iso symlink on the webserver as it will tell the running VyOS installation a different filename and the validation fails. This is now fixed by not depending on the filename when verifying the has. We simply calculate the hash of the downloaded file and compare it to the hash we saved inside the checksum file and totally ignore the filename itself.
Unknown Object (User) closed T2631: l2tp, sstp, pptp add option to disable radius accounting as Resolved.
I have tested both SSTP and L2TP and it works as expected - thank you for this addition!
zsdc changed the status of T3028: Create a default user when metadata is not available (for Cloud-init builds) from Open to In progress.
Viacheslav changed the status of T3027: Unable to update system Signature check FAILED from Open to Confirmed.
Oct 27 2020
Oct 27 2020
Put in a PR to separate hello/hold timers for IPv4 and IPv6. Added IPv6 timers.
I will check it tomorrow and verify operation. Thank you!
Viacheslav closed T2587: Cannot enable the interface when the MTU is set to less than 1280 as Resolved.
Fixed
vyos@r4-roll# run show version
@klase Check these options in the next rolling release (after 20201027)
GitHub <noreply@github.com> committed rVYOSONEX9cf806a8b60a: Merge pull request #583 from jestabro/vyos-configtest (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEXec099db69f58: Merge pull request #584 from sever-sever/T2387_oct (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX174ae56c6f49: Merge pull request #581 from sever-sever/T2631 (authored by c-po).
jestabro closed T2885: configd: print commit errors to config session terminal, a subtask of T2582: Script daemon to offload processing during commit, as Resolved.
jestabro closed T2808: Add smoketest to ensure script consistency with config daemon, a subtask of T2582: Script daemon to offload processing during commit, as Resolved.
jestabro added a comment to T3003: Extend smoketest framework to allow loading an arbitrary config file.
FRR doesn't delete isis configuration related "interfaces" with
delete protocols isis foo interface eth1
protocol "isisd" in the test was added here https://github.com/vyos/vyos-1x/pull/483/files#diff-060cdf269ea89160caa0deaebe8e323f0559aa6dfd19e5634a33634f3e38e461R72
Viacheslav added a project to T2933: VRRP add option virtual_ipaddress_excluded: Restricted Project.
Viacheslav added a comment to T3014: Clear under op mode and conf mode act differently. Uniting them.
@kroy What PR?
sounds good - would be good having some other options than just domain-name and email, but that's another story :). I'll follow the other task then!
It already fixed in the master branch.
https://github.com/hiroyuki-sato/vyos-documentation/commit/8587946d16aaae6f5495c1e591220f88005cd276
SrividyaA closed T2924: Using 'set src' in a route-map invalidates it as part of a subsequent boot-up as Resolved.
Resolved in T2985
@SrividyaA Thanks.
I have tested on this rolling release VyOS 1.3-rolling-202010231135 and created a lab setup similar to the reporter's setup.
@craterman it seems bug with your resolution.
Oct 26 2020
Oct 26 2020
set service https certificates certbot
domain-name(s) should contain the desired server-name. A rewrite is in progress in:
https://phabricator.vyos.net/T2289
@jestabro hmmm I don't see that "certbot" in the completion - running on rolling 1.3... ? In fact, nodes "certificates" and "certbot" are not shown here:
set service https
Possible completions:
> api VyOS HTTP API configuration
> api-restrict Restrict api proxy to subset of virtual hosts
> certificates TLS certificates
+> virtual-host Identifier for virtual host
I've been running chronyd for some time in a number of environments without any noticeable issues. I do think the clock on the hosts seems to be a bit more stable, but not something that is overly remarkable one way or the other. I'd have no problem with the change.
It exists:
https://phabricator.vyos.net/T1585