Hi @c-po and thanks for the insight. I understand that this is a workaround for a reboot safe configuration if you're using vrf bgp neighbors.
We are also using vrf inside our infrastructure as well without vrf bgp neighbors and only redistribute connected routes and advertise them via EVPN.
- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 26 2025
Aug 26 2025
Viacheslav triaged T7742: Add operational mode 'show interfaces kernel statistics' command as Normal priority.
Fabse added a comment to T7665: Commit failed when attempted to create a new BGP instance for VRF linked with VXLAN(L3VNI)..
This changes switches the hsflowd to the following commit-id: dffc277
Viacheslav changed the status of T7754: Backport list_loaded_modules to 1.5 from Open to In progress.
Viacheslav triaged T7752: Setting OpenVPN site-to-site vtunX Interface Description Fails and Disrupts Service as Normal priority.
The similar task T6223
c-po closed T7388: IPv6: Neighbor discovery is not supported by every interface type, a subtask of T4627: Ability to set host part IPv6 address via interface IP token, as Invalid.
I think the entire idea was missguided and misslead by the fact that tokens are not supported on every interface type - only interfaces supporting "ARP" in the iproute2/Kernel source code but thats wrong in a different story.
Aug 25 2025
Aug 25 2025
Aug 25 2025, 4:19 PM · Restricted Project
a.apostoliuk changed the status of T7722: Backup next-hop is not installed in IS-IS LFA as expected from Open to In progress.
c-po changed the status of T7751: ssh: re-generating server key causes PermissionError from Open to In progress.
evgmol changed Issue type from feature to bug on T6823: Add option to configure autoconf (slaac) for ipv6 interfaces.
evgmol changed the status of T6823: Add option to configure autoconf (slaac) for ipv6 interfaces from Open to In progress.
The feature is really missing - I raised a PR to work on it https://github.com/vyos/vyos.vyos/pull/433
Viacheslav triaged T7750: VPP CGNAT commit failure and runtime errors with DPDK (driver ice) on custom build as Normal priority.
Viacheslav added a comment to T7750: VPP CGNAT commit failure and runtime errors with DPDK (driver ice) on custom build.
interface {
inside vpptun10.144
outside vpptun10.145
}c-po changed the status of T7665: Commit failed when attempted to create a new BGP instance for VRF linked with VXLAN(L3VNI). from Open to In progress.
I have found an interesting project with EINat/fullcone NAT implementation https://github.com/EHfive/einat-ebpf
Use cases https://github.com/EHfive/einat-ebpf/blob/main/docs/guide/use-case.md
https://github.com/EHfive/einat-ebpf/blob/main/docs/reference/rfc-compliance.md
You can download a static binary to play with it.
c-po added a comment to T7665: Commit failed when attempted to create a new BGP instance for VRF linked with VXLAN(L3VNI)..
In T7665#230894, @fernando wrote:
Aug 24 2025
Aug 24 2025
The feature is available in the latest Galaxy collection
https://galaxy.ansible.com/ui/repo/published/vyos/vyos/content/module/vyos_l3_interfaces/
evgmol changed the status of T6828: [vyos_config] Remove statements not in config from Needs testing to Needs reporter action.
Aug 23 2025
Aug 23 2025
c-po updated the task description for T7750: VPP CGNAT commit failure and runtime errors with DPDK (driver ice) on custom build.
c-po updated the task description for T7750: VPP CGNAT commit failure and runtime errors with DPDK (driver ice) on custom build.
guerralucasdaniel7 updated the task description for T7750: VPP CGNAT commit failure and runtime errors with DPDK (driver ice) on custom build.
In this case, can we have a proper error message for unsupported hw?
Also it seems strange that x710 supports VPP/DPDK but lacks TC_SETUP_FT.
Viacheslav changed the status of T7749: Dehardcode x86_64 ARCH to build VPP libraries used for accel-ppp-ng from Open to In progress.
Viacheslav updated the task description for T7749: Dehardcode x86_64 ARCH to build VPP libraries used for accel-ppp-ng.
Viacheslav updated the task description for T7749: Dehardcode x86_64 ARCH to build VPP libraries used for accel-ppp-ng.
Viacheslav changed the subtype of T7749: Dehardcode x86_64 ARCH to build VPP libraries used for accel-ppp-ng from "Task" to "Bug".
Vijayakumar closed T7710: PR mirror - fix last-commit id fetch issue, a subtask of T6707: Implement a new build and release workflow based on GitHub Actions, as Resolved.
GitHub <noreply@github.com> committed rVYOSONEX968409218f91: Merge pull request #4675 from sever-sever/T7744 (authored by Viacheslav).
Aug 22 2025
Aug 22 2025
Nevermind, adding "use-routing" isn't sufficient; it doesn't handle all requests properly. I'm solving this by containerizing kea, so no need to half-fix the built-in version.
jestabro closed T7455: Update config_mgmt module and scripts for vyconf compatibility , a subtask of T7365: vyconf: add locking and invocation of pre/post-commit hooks, as Resolved.
jestabro closed T7493: Add vyconf support for commit-confirm, a subtask of T7728: Use vyconf session data changesets to regenerate session config, as Resolved.
jestabro closed T7493: Add vyconf support for commit-confirm, a subtask of T7455: Update config_mgmt module and scripts for vyconf compatibility , as Resolved.
jestabro closed T7734: Distinguish childless non-leaf nodes in vyconf set operation, a subtask of T6742: Correct rendering of childless non-leaf nodes, as Resolved.
jestabro moved T7718: Refine validate_tree method and add standalone validation utility from Need Triage to Completed on the VyOS Rolling board.
jestabro closed T7718: Refine validate_tree method and add standalone validation utility as Resolved.
c-po moved T7571: Inconsistent MAC address behaviour on bond interfaces from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
c-po moved T7571: Inconsistent MAC address behaviour on bond interfaces from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.4) board.
Viacheslav triaged T7743: Add a configurable VPP-CP listen interface option to accel-ppp-ng as Normal priority.
Viacheslav added a comment to T7240: IPv6 Prefix Delegation does not work for PPP/L2TP with RADIUS attribute Accel-VRF-Name.
Will be fixed after migration to the accel-ppp-ng T7744
Viacheslav changed the status of T7744: Migrate from accel-ppp to accel-ppp-ng from Open to In progress.
Viacheslav renamed T7744: Migrate from accel-ppp to accel-ppp-ng from Move from accel-ppp to accel-ppp-ng to Migrate from accel-ppp to accel-ppp-ng.
Viacheslav moved T7719: Add VPP tests per PR before merging from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
Viacheslav moved T7697: Merge vyos-vpp repo into vyos-1x from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
Viacheslav moved T7714: Exclude auxiliary directories from tarballs from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.4) board.
Viacheslav moved T7714: Exclude auxiliary directories from tarballs from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
Viacheslav moved T7623: Add a test for DHCP default route with VRF from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
@kakurpiel is correct, TC flowtable does not work with Intel cards due to lack of driver support. I suggest this ticket can be closed.
dsg added a comment to T7747: Hardware flowtable offload fails because device can only be used in a single flowtable.
I guess fixing this would require a rework of the nftables ruleset to use a single table inet vyos_filter for both v4 and v6. Probably a big change - though personally I think it would also be a huge useability win to not have to have two copies of every ACL. It would shorten my config a lot, and prevent screwups due to not keeping the v4 and v6 ACLs in sync.
Aug 21 2025
Aug 21 2025
Viacheslav added a comment to T7660: VPP fails to commit on AWS unless vfio module is manually loaded.
Will be fixed in the next rolling release.
Nice to re-check after 21 August
Viacheslav changed the status of T7660: VPP fails to commit on AWS unless vfio module is manually loaded, a subtask of T7070: VPP related bugs the root task, from Open to Needs testing.
Viacheslav changed the status of T7660: VPP fails to commit on AWS unless vfio module is manually loaded from Open to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEXc6da1089d762: Merge pull request #4667 from sever-sever/T7732 (authored by c-po).
@dmbaturin, @c-po, @jestabro and @n.fort
dmbaturin renamed T7745: Implement command permission checks for local operator users from Implement command permission checks for local users to Implement command permission checks for local operator users.
Viacheslav moved T7707: VPP add the vpp-crypto-engines dependency for IPSec from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
Viacheslav closed T7707: VPP add the vpp-crypto-engines dependency for IPSec, a subtask of T7070: VPP related bugs the root task, as Resolved.