It was implemented around a year ago https://github.com/vyos/vyos-1x/commit/e201454f073c9a92fb56b65f497eae55fc634521
Just need to check if it works as expected.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed Search
Apr 12 2024
Apr 12 2024
Viacheslav added a comment to T5386: Execute VRRP transition script when `set high-availability disable` is commited.
Viacheslav added a comment to T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters.
In T6222#183247, @Chrisc-c-c wrote:Wouldn’t your suggested fix to https://vyos.dev/T6223 also apply here? If the plan is to validate interface name lengths and allow custom names this would be a non-issue.
Viacheslav edited projects for T1838: Flow accounting for ppp interfaces not work, added: VyOS 1.5 Circinus; removed VyOS 1.3 Equuleus (1.3.7), test.
Viacheslav added a comment to T6230: Implement kernel-mode flow collection and/or dataplane offload collection for high volume systems.
CPU Quota and ipt_netflow are different tasks.
CPU limits could be part of this task https://vyos.dev/T3706
Apr 11 2024
Apr 11 2024
Viacheslav added a comment to T6223: The number of symbols for iproute2 kernel interface name is limited.
Propose to add names for the interfaces:
set interfaces ethernet eth2 vif-s 100 vif-c 300 name if9999
Viacheslav added a comment to T6223: The number of symbols for iproute2 kernel interface name is limited.
An additional found old dhcp-client issue, does not properly support interface names with length > 13
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858580
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704072
Viacheslav changed the status of T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters from In progress to Needs testing.
Viacheslav changed the status of T5169: Add CGNAT Carrier-Grade NAT based on nftables from Open to Needs testing.
Viacheslav moved T6228: Cleanup of not existing units from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Viacheslav triaged T6227: Rewrite show conntrack-sync cache internal to use tabulate output as Low priority.
Viacheslav changed the status of T5386: Execute VRRP transition script when `set high-availability disable` is commited from Open to Needs reporter action.
@dex can you re-check?
It should execute the stop script if disable in config https://github.com/vyos/vyos-1x/blob/5d890037b177ce6971ac00f52e4cce2cac898f46/src/conf_mode/high-availability.py#L204-L206
Can someone re-check it in 1.5/1.3.6?
It can be working with set service dhcp-relay disable
Viacheslav added a project to T6226: Add "tcp-requece inspect-delay" to reverse proxy: VyOS 1.5 Circinus.
Viacheslav changed the status of T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters from Confirmed to In progress.
Viacheslav changed the status of T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters from Open to Confirmed.
Viacheslav added a comment to T6218: Container network interface in VRF fails to generate IPv6 link-local address.
Recheck and close it iff it was solved
Apr 10 2024
Apr 10 2024
The minimal configuration to reproduce:
set interfaces ethernet eth0 address '192.168.122.14/24'
Viacheslav removed projects from T5279: vrf bind-to-all not working for TCP: VyOS 1.5 Circinus, VyOS 1.4 Sagitta.
set policy local-route rule 101 destination '0.0.0.0/0' set policy local-route rule 101 set table 'local' set policy local-route rule 102 destination '0.0.0.0/0' set policy local-route rule 102 set table 'main' set policy local-route rule 104 destination '0.0.0.0/0' set policy local-route rule 104 set table '170'
@greywolfe, let us know if you have tested it.
Reopen if you still have the issue.
Close the task as there is no response from the author. And we don't have reports like this.
Viacheslav closed T5534: VRRP rfc3768-compatibility broken after build 1.4-rolling-202308260020 as Not Applicable.
Viacheslav triaged T6223: The number of symbols for iproute2 kernel interface name is limited as Normal priority.
Viacheslav renamed T6223: The number of symbols for iproute2 kernel interface name is limited from Number of symbols for iproute2 kernel interface name are limited to The number of symbols for iproute2 kernel interface name is limited.
Viacheslav updated the task description for T6223: The number of symbols for iproute2 kernel interface name is limited.
Viacheslav updated the task description for T6223: The number of symbols for iproute2 kernel interface name is limited.
Viacheslav renamed T6223: The number of symbols for iproute2 kernel interface name is limited from Number of symbols for iproute2 kernel interfaces are limited to Number of symbols for iproute2 kernel interface name are limited.
Viacheslav changed the status of T5795: Better support for dynamic IPv6 prefixes from Open to Needs reporter action.
@vfreex Can you re-check to see if everything works as you expected?
Viacheslav added a comment to T6222: VRRP rfc3768-compatibility not working correctly when resulting interface name is over 15 characters.
It is another bug, it should be a separate bug report https://vyos.dev/T6223
I don't have any issues with your config, but my addresses (of course, I don't have all BGP VPN connections, etc.)
vyos@r4# set vrf name foo table 10101 [edit] vyos@r4# commit [edit] vyos@r4# [edit] vyos@r4# run show ver Version: VyOS 1.5-rolling-202404090019 Release train: current
Viacheslav added a comment to T6082: BGP doesn't allow the same local AS and remote AS in peer groups.
@d.shleg As I mentioned the config is not applied by FRR
r4# show run bgpd Building configuration...
Could you try the latest rolling?
Viacheslav added a comment to T6082: BGP doesn't allow the same local AS and remote AS in peer groups.
Your initial configuration and adding a new peer is not acceptable by FRR
vyos@r4# run show ver Version: VyOS 1.5-rolling-202404090019 Release train: current
vyos@r4# compare
[protocols bgp neighbor]
+ 10.177.75.2 {
+ peer-group "OVERLAY"
+ remote-as "64542"
+ }Probably the same task https://vyos.dev/T6097
Viacheslav closed T5750: Upgrade from 1.3.4 to 1.4 Rolling fails QoS, a subtask of T5938: Migration fail root task for 1.4-rc, as Resolved.
Viacheslav moved T5858: Improve the formatting of conntrack statistics output from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Viacheslav moved T6124: Docker equuleus build image doesn't build due to fpm from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.7) board.
Apr 9 2024
Apr 9 2024
Viacheslav triaged T6218: Container network interface in VRF fails to generate IPv6 link-local address as Normal priority.
Mark it as resolved, reopen the task if required.
Viacheslav added a comment to T6106: Improve the commit error message for the case when route-reflector-client option is defined in a peer-group.
Was it fixed?
Viacheslav changed the status of T6106: Improve the commit error message for the case when route-reflector-client option is defined in a peer-group from In progress to Needs testing.
@MattK Could you re-check and close it?
Viacheslav changed the status of T6132: Conntrack-sync Internal Cache Growing Uncontrollably from Open to Needs reporter action.
Viacheslav changed the status of T6212: Firewall offload counters show always zero from Open to Needs testing.
@tjh Any updates?
By the way there is a new option
vyos@r4# set service conntrack-sync disable-syslog [edit] vyos@r4#
https://conntrack-tools.netfilter.org/manual.html#sync-aa
conntrackd allows you to deploy an symmetric Active-Active setup based on a static approach. For example, assume that you have two virtual IPs, vIP1 and vIP2, and two firewall replicas, FW1 and FW2. You can give the virtual vIP1 to the firewall FW1 and the vIP2 to the FW2.
Viacheslav added a project to T6217: Set the log id of the VRRP contrack-sync script to vyos-vrrp-conntracksync: Restricted Project.
@trae32566 Can you provide the next output?
sudo conntrackd -C /run/conntrackd/conntrackd.conf -s && echo "conntrack_count: " && sudo conntrack -C sudo conntrackd -C /run/conntrackd/conntrackd.conf -s network sudo conntrackd -C /run/conntrackd/conntrackd.conf -s cache sudo conntrackd -C /run/conntrackd/conntrackd.conf -s runtime sudo conntrackd -C /run/conntrackd/conntrackd.conf -s link sudo conntrackd -C /run/conntrackd/conntrackd.conf -s queue
Viacheslav triaged T6217: Set the log id of the VRRP contrack-sync script to vyos-vrrp-conntracksync as Low priority.
Viacheslav moved T6121: Extend service config-sync for sections vpn, policy, vrf from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
Viacheslav edited projects for T6121: Extend service config-sync for sections vpn, policy, vrf, added: VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta (1.4.0-epa2).
Viacheslav moved T6121: Extend service config-sync for sections vpn, policy, vrf from Open to Finished on the VyOS 1.5 Circinus board.
Viacheslav changed the status of T5858: Improve the formatting of conntrack statistics output from Open to In progress.
PR https://github.com/vyos/vyos-1x/pull/3280
vyos@r15-left:~$ show conntrack statistics CPU Found Invalid Insert Insert fail Drop Early drop Errors Search restart ----- ------- --------- -------- ------------- ------ ------------ -------- ---------------- -- -- 0 0 280 0 1 1 0 1 0 2 0 1 0 73 0 0 0 0 126 0 1 0 vyos@r15-left:~$
Apr 8 2024
Apr 8 2024
Viacheslav changed the status of T3437: BGP Confederation Addition Causes Error from Needs testing to Confirmed.
After deleting and adding the firewall, it looks good
So, for some reason, the rule 10 and default action accept were applied 2 times to the firewall
chain VYOS_FORWARD_filter {
type filter hook forward priority filter; policy accept;
counter packets 928376 bytes 1800341472 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-10"
counter packets 928376 bytes 1800341472 accept comment "FWD-filter default-action accept"
counter packets 0 bytes 0 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-10"
ct state { established, related } counter packets 0 bytes 0 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-20"
counter packets 0 bytes 0 accept comment "FWD-filter default-action accept"
}Apr 7 2024
Apr 7 2024
Viacheslav added a project to T5169: Add CGNAT Carrier-Grade NAT based on nftables: VyOS 1.5 Circinus.
Viacheslav changed the status of T1641: VRRP conntrack-sync dropping packets passing through the router from Open to Needs reporter action.
@Daya @trae32566 Any updates?
Viacheslav added a comment to T5966: Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments.
@indrajitr Can we close it?
@indrajitr Can we close it?
Viacheslav changed the status of T4588: BGP Peer Group Scaling issues from Open to Needs reporter action.
Viacheslav closed T6039: cloud-init DNS search-domain causes configuration migration/validation error, a subtask of T5907: cloud-init root task for 1.5 and 1.4 , as Resolved.
Viacheslav added a subtask for T5907: cloud-init root task for 1.5 and 1.4 : T6112: Cloud Init Ordering Incorrect.
Viacheslav added a parent task for T6112: Cloud Init Ordering Incorrect: T5907: cloud-init root task for 1.5 and 1.4 .
Viacheslav added a comment to T6099: Suppress unsupported interfaces from appearing in messages log by Telegraf .
@Giggum Can you check it on 1.5?