Page MenuHomeVyOS Platform
People bbabich

bbabich (Ben Babich)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 11 2017, 11:25 AM (312 w, 5 d)

Recent Activity
View All

Fri, May 12

bbabich added a comment to T3655: NAT Problem with VRF.
In T3655#131502, @Viacheslav wrote:

I have NAT working with vrf in VyOS 1.4-rolling-202208290458 + custom nat offload

set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth1 address '192.0.2.1/24'
set interfaces ethernet eth1 vrf 'foo'
set protocols static route 192.0.2.0/24 interface eth1 vrf 'foo'
set system conntrack
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 interface 'eth0'
set vrf name foo protocols static route 0.0.0.0/0 next-hop 192.168.122.1 vrf 'default'
set vrf name foo table '1010'

Nftables

[email protected]:/home/vyos# cat nat.nft 
flush ruleset

table ip filter {
	flowtable fastnat {
		hook ingress priority filter
		devices = { eth0, eth1 }
	}

	chain forward {
		type filter hook forward priority filter; policy accept;
		ip protocol { tcp, udp } flow add @fastnat
	}
}
table ip nat {
	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 192.0.2.0/24 oif "eth0" snat to 192.168.122.14 persistent
	}

	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
	}
}

Conntrack table

[email protected]:~$ sudo conntrack -F
conntrack v1.4.6 (conntrack-tools): connection tracking table has been emptied.
[email protected]:~$ 
[email protected]:~$ sudo conntrack -L
tcp      6 431999 ESTABLISHED src=192.168.122.14 dst=192.168.122.1 sport=22 dport=44462 src=192.168.122.1 dst=192.168.122.14 sport=44462 dport=22 [ASSURED] mark=0 use=1
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33018 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33018 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=37517 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=37517 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=59794 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=59794 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39288 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39288 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39616 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39616 [OFFLOAD] mark=0 use=2
icmp     1 29 src=192.0.2.2 dst=1.1.1.1 type=8 code=0 id=12387 src=1.1.1.1 dst=192.168.122.14 type=0 code=0 id=12387 mark=0 use=1
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=41155 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=41155 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=39829 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=39829 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33655 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33655 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=44835 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=44835 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=40213 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=40213 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=33729 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=33729 [OFFLOAD] mark=0 use=2
udp      17 src=192.0.2.2 dst=1.1.1.1 sport=48344 dport=53 src=1.1.1.1 dst=192.168.122.14 sport=53 dport=48344 [OFFLOAD] mark=0 use=2
conntrack v1.4.6 (conntrack-tools): 14 flow entries have been shown.
[email protected]:~$
Fri, May 12, 2:24 PM · Known issue, VyOS 1.4 Sagitta

May 18 2022

bbabich created T4431: route-map with match ip + ipv6 in same rule results in no advertisement of either.
May 18 2022, 8:12 AM · VyOS 1.4 Sagitta

Feb 17 2022

bbabich created T4251: Add TLS functionality for rsyslog.
Feb 17 2022, 4:51 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Feb 5 2022

bbabich updated the task description for T4229: Add xdp-tools to build.
Feb 5 2022, 4:23 AM · VyOS 1.4 Sagitta
bbabich created T4229: Add xdp-tools to build.
Feb 5 2022, 4:22 AM · VyOS 1.4 Sagitta

Jan 17 2022

bbabich created T4187: XDP broken for VLAN/vif interfaces with hardware offloading.
Jan 17 2022, 12:47 AM · VyOS 1.4 Sagitta

Dec 30 2021

bbabich created T4123: checksum file fails to download from AWS S3 in rolling-release.
Dec 30 2021, 6:22 AM · VyOS 1.4 Sagitta

Jan 5 2020

bbabich created T1945: FRR: Committing large number of peers in configuration results in temporarily incomplete config resulting in route leaks.
Jan 5 2020, 5:22 PM · VyOS 1.3 Equuleus (1.3.0)
bbabich created T1944: FRR: Invalid route in BGP causes update storm, memory leak, and failure of Zebra.
Jan 5 2020, 8:09 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
bbabich created T1943: Error in commit causes hung 'sudo write' threads.
Jan 5 2020, 8:00 AM · VyOS 1.3 Equuleus (1.3.3)

Jan 4 2020

bbabich created T1941: Config mismatch with FRR on misconfiguration of V6 peer.
Jan 4 2020, 9:25 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jan 29 2019

bbabich added a comment to T1148: epa2 BGP peers initiate before config is fully loaded, routes leak..

Still seems to be present in VyOS 1.2.0-GA...

Jan 29 2019, 11:22 AM · VyOS 1.3 Equuleus (1.3.0-epa1)

Jan 20 2019

bbabich added a comment to T1148: epa2 BGP peers initiate before config is fully loaded, routes leak..

The config validation issue also seems to cause issues with route-maps applied - running config shows route maps applied but not configured inside FRR as can be seen with vtysh.

Jan 20 2019, 11:37 AM · VyOS 1.3 Equuleus (1.3.0-epa1)
bbabich added a comment to T109: VyOS Can Lose Parts Of Its Config On Reboot - In Certain Situations.

Also happens when you put in invalid BGP config that doesn't get caught by the validation. It then thinks its applied successfully, saves it as the boot config, then BGP is broken upon next boot up.

Jan 20 2019, 11:33 AM · VyOS 1.3 Equuleus (1.3.3)

Mar 12 2018

bbabich added a comment to T316: Latest Nightly build (vyos-999.201705242137-amd64) is not booting.
In T316#10742, @c-po wrote:

@syncer I'm doing almost daily installs for testing in an ESXi environment. No problems. I think this one can be closed ..

Mar 12 2018, 4:32 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
bbabich added a comment to T35: Add IPv6 firewall network groups.
In T35#12629, @rps wrote:

Thank you very very much. I will pull down the next nightly and test.

Mar 12 2018, 4:27 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Feb 5 2018

bbabich added a watcher for vyatta-conntrack-sync: bbabich.
Feb 5 2018, 10:41 AM

Jun 17 2017

bbabich created T318: pmacct IPV6 support.
Jun 17 2017, 12:11 PM · Rejected