Query: All Stories

	Include stories about projects I am a member of.

@n.fort source-address is useful especially when more precision is needed. At the moment its use is cumbersome as it does not provide help hint on the addresses assigned to the router, forcing an operator to first list those addresses.

As of 1.4-rolling-202207250217 this is still not resolved.

I can confirm that at least as of version 1.4-rolling-202207250217the op commands have been merged:

vyos@vyos-lab:~$ reset bgp
Possible completions:
  <x.x.x.x>     BGP IPv4/IPv6 neighbor to clear
  <h:h:h:h:h:h:h:h>
  1-4294967295  Reset peers with the AS number
  all           Clear all peers
  external      Reset all external peers
  ipv4          IPv4 Address Family
  ipv6          IPv6 Address Family
  l2vpn         Layer 2 Virtual Private Network Address Family
  peer-group    Reset all members of peer-group
  prefix        Clear bestpath and re-advertise
  vrf           Virtual Routing and Forwarding (VRF)

@c-po which one is the new syntax?

@Viacheslav i believe this one can be closed ge and le where inverted order until i found out the error.

Agree that both options are not available in cli.. But, you can use source-address:

I can't reproduce it (VyOS 1.4-rolling-202207220217):

set policy prefix-list BARRA32 rule 5 action 'permit'
set policy prefix-list BARRA32 rule 5 ge '32'
set policy prefix-list BARRA32 rule 5 le '32'
set policy prefix-list BARRA32 rule 5 prefix '0.0.0.0/0'
set policy prefix-list UTRSv4s25 rule 5 action 'permit'
set policy prefix-list UTRSv4s25 rule 5 le '25'
set policy prefix-list UTRSv4s25 rule 5 prefix '0.0.0.0/0'
set policy prefix-list6 BARRA128 rule 5 action 'permit'
set policy prefix-list6 BARRA128 rule 5 ge '128'
set policy prefix-list6 BARRA128 rule 5 le '128'
set policy prefix-list6 BARRA128 rule 5 prefix '::/0'
set policy prefix-list6 UTRSv6s49 rule 5 action 'permit'
set policy prefix-list6 UTRSv6s49 rule 5 le '49'
set policy prefix-list6 UTRSv6s49 rule 5 prefix '::/0'

Will be fixed with syntax migration in T4118

@NikolayP Try the next command:

PR https://github.com/vyos/vyos-1x/pull/1430

vyos@r14:~$ show vrf
Name    State    MAC address        Flags                     Interfaces
------  -------  -----------------  ------------------------  ---------------
foo     up       be:e3:5c:f1:54:99  noarp,master,up,lower_up  eth1.50,eth1.55
bar     up       1e:7c:94:da:e0:35  noarp,master,up,lower_up  n/a
vyos@r14:~$

I have added a pull request for this:

PR https://github.com/vyos/vyos-1x/pull/1428

vyos@r14:~$ reset vpn ipsec-peer 2001:db8::2 
CHILD_SA {21241} closed successfully
CHILD_SA {21243} closed successfully
CHILD_SA {21245} closed successfully
CHILD_SA {21244} closed successfully
CHILD_SA {21247} closed successfully
CHILD_SA {21246} closed successfully
CHILD_SA {21249} closed successfully
CHILD_SA {21248} closed successfully
closing CHILD_SA peer_2001-db8--2_tunnel_0{21250} with SPIs cab47d6b_i (0 bytes) c3cbba13_o (0 bytes) and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
sending DELETE for ESP CHILD_SA with SPI cab47d6b
generating INFORMATIONAL request 14065 [ D ]
sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (69 bytes)
received packet: from 2001:db8::2[500] to 2001:db8::1[500] (69 bytes)
parsed INFORMATIONAL response 14065 [ D ]
received DELETE for ESP CHILD_SA with SPI c3cbba13
CHILD_SA closed
CHILD_SA {21250} closed successfully
establishing CHILD_SA peer_2001-db8--2_tunnel_0{21251}
generating CREATE_CHILD_SA request 14066 [ SA No KE TSi TSr ]
sending packet: from 2001:db8::1[500] to 2001:db8::2[500] (497 bytes)
received packet: from 2001:db8::2[500] to 2001:db8::1[500] (497 bytes)
parsed CREATE_CHILD_SA response 14066 [ SA No KE TSi TSr ]
selected proposal: ESP:AES_GCM_16_256/MODP_2048/NO_EXT_SEQ
CHILD_SA peer_2001-db8--2_tunnel_0{21251} established with SPIs ccaff1e5_i c5a2b674_o and TS 2001:db8:1111::/64 === 2001:db8:2222::/64
connection 'peer_2001-db8--2_tunnel_0' established successfully
Peer reset result: success
vyos@r14:~$

Commit fails b/c of frr-reload output: 200 % Local-AS allowed only for EBGP peers - we should add an appropriate verify() stage I guess.

PR https://github.com/vyos/vyos-1x/pull/1426
An example with only one rule 10 raw output

vyos@r14:~$ /usr/libexec/vyos/op_mode/nat.py show_rules --direction source --raw
[
    {
        "rule": {
            "family": "ip",
            "table": "nat",
            "chain": "POSTROUTING",
            "handle": 114,
            "comment": "SRC-NAT-10",
            "expr": [
                {
                    "match": {
                        "op": "==",
                        "left": {
                            "meta": {
                                "key": "oifname"
                            }
                        },
                        "right": "eth0"
                    }
                },
                {
                    "counter": {
                        "packets": 0,
                        "bytes": 0
                    }
                },
                {
                    "masquerade": null
                }
            ]
        }
    }
]
vyos@r14:~$

PR to new format + IPv6 entries https://github.com/vyos/vyos-1x/pull/1425

Unfortunately not all commands are present when using the bgp <afi> syntax. We should find the remaining ones and then move all to the new syntax - less confusing

@Viacheslav yep that one works...

All Stories
Use Results
Edit Query
Hide Query

Jul 26 2022

Jul 25 2022

Jul 24 2022

Jul 23 2022

Jul 22 2022