Page MenuHomeVyOS Platform

maznu (Marek Isalski)
User

Projects

User does not belong to any projects.

User Details

User Since
Apr 24 2019, 5:50 AM (293 w, 3 h)

Recent Activity

Oct 16 2021

maznu added a comment to T3724: Allow setting host-name in l2tp section of accel-ppp.

https://github.com/vyos/vyos-1x/pull/1028 — though probably needs some tests developed?

Oct 16 2021, 8:20 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Aug 6 2021

maznu added a comment to T3692: VyOS build failing due to repo.saltstack.com.

salt-minion in the debian buster tree is version 2016.11.2+ds-1+deb9u4

Aug 6 2021, 10:27 PM · VyOS 1.4 Sagitta
maznu added a comment to T3692: VyOS build failing due to repo.saltstack.com.

salt-minion which depends on salt-common which may depend on a couple of other things:

Aug 6 2021, 9:43 PM · VyOS 1.4 Sagitta
maznu added a comment to T3692: VyOS build failing due to repo.saltstack.com.

The procedure I usually end up using:

Aug 6 2021, 9:36 PM · VyOS 1.4 Sagitta
maznu added a comment to T3692: VyOS build failing due to repo.saltstack.com.

https://repo.saltproject.io/py3/debian/10/amd64/latest buster Release looks wrong - shouldn't it read main at the end, instead of Release?

Aug 6 2021, 9:34 PM · VyOS 1.4 Sagitta
maznu added a comment to T3724: Allow setting host-name in l2tp section of accel-ppp.

Not having much luck with the build environment — and it doesn't seem to be something I've caused, because I get the same error building vyos-1x from mainline:

Aug 6 2021, 7:22 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
maznu added a comment to T3724: Allow setting host-name in l2tp section of accel-ppp.

I think all that is required is in: https://github.com/maznu/vyos-1x/commit/68d7897622ddaa4b2e5a98d79154500b33959567

Aug 6 2021, 2:20 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
maznu claimed T3724: Allow setting host-name in l2tp section of accel-ppp.
Aug 6 2021, 1:32 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
maznu added a comment to T3724: Allow setting host-name in l2tp section of accel-ppp.

Hello, @Dmitry, I agree. I'll prepare patches for 1.3 and 1.4.

Aug 6 2021, 1:32 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta
maznu added a comment to T3692: VyOS build failing due to repo.saltstack.com.

Unhelpfully it looks like Salt has changed repo: https://repo.saltproject.io/#debian

Aug 6 2021, 1:29 PM · VyOS 1.4 Sagitta

Aug 5 2021

maznu created T3724: Allow setting host-name in l2tp section of accel-ppp.
Aug 5 2021, 6:14 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Feb 19 2021

maznu added a comment to T3342: On xen-netback interfaces must set "scattergather" offload before MTU>1500.

Sure thing:

Feb 19 2021, 7:47 AM · VyOS 1.3 Equuleus (1.3.0)
maznu renamed T3342: On xen-netback interfaces must set "scattergather" offload before MTU>1500 from Must set "scattergather" offload before MTU to On xen-netback interfaces must set "scattergather" offload before MTU>1500.
Feb 19 2021, 5:00 AM · VyOS 1.3 Equuleus (1.3.0)
maznu updated the task description for T3342: On xen-netback interfaces must set "scattergather" offload before MTU>1500.
Feb 19 2021, 4:59 AM · VyOS 1.3 Equuleus (1.3.0)
maznu updated the task description for T3342: On xen-netback interfaces must set "scattergather" offload before MTU>1500.
Feb 19 2021, 4:57 AM · VyOS 1.3 Equuleus (1.3.0)
maznu created T3342: On xen-netback interfaces must set "scattergather" offload before MTU>1500.
Feb 19 2021, 4:51 AM · VyOS 1.3 Equuleus (1.3.0)

Jan 3 2021

maznu added a comment to T3005: Intel: update out-of-tree drivers, i40e driver warning.

Here are my conclusions about the last week's shenanigans.

Jan 3 2021, 12:01 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T3167: Recurring bugs in Intel NIC drivers.

And a slightly longer-term traffic graph, showing CPU usage vs traffic levels across VyOS 1.2.5 to 1.3-rolling on the same XL710 box:

Jan 3 2021, 6:43 AM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T3167: Recurring bugs in Intel NIC drivers.

@drac we're a typical ISP/NSP, with a fair amount of eyeball traffic behind us, so expecting to see a fairly high amount of UDP for QUIC (but it's not the bulk of our traffic on our VyOS boxes which are BGP peering/transit edge). Each of our six VyOS boxes is pushing around 300-500Mbit/sec, of which two have XL710 NICs (the rest are a mix of ixgbe and qlcnic).

Jan 3 2021, 6:27 AM · VyOS 1.3 Equuleus (1.3.0)

Jan 2 2021

maznu added a comment to T3167: Recurring bugs in Intel NIC drivers.

@drac are you seeing Slab in /proc/meminfo gradually increasing before the panic? If so, the sourceforge post at the top recommends disabling TUPLE "acceleration". It seems that the more traffic you have, the quicker the crash. We were getting them every ~6 hours.

Jan 2 2021, 11:46 AM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T2321: VRF support for SSH, NTP, SNMP service.

Amending /etc/snmp/snmpd.conf as follows got it working for me (albeit temporarily). Our snmp listen-address is 10.13.0.56 in this instance.

Jan 2 2021, 7:37 AM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T2321: VRF support for SSH, NTP, SNMP service.

Similar issue for snmpd:

Jan 2 2021, 7:32 AM · VyOS 1.3 Equuleus (1.3.0)

Jan 1 2021

maznu added a comment to T3005: Intel: update out-of-tree drivers, i40e driver warning.

Alternatively, we've got an i40e VyOS box in production which is stable with:

Jan 1 2021, 8:40 AM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T3005: Intel: update out-of-tree drivers, i40e driver warning.

i40e is a tyre fire.

Jan 1 2021, 8:34 AM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T3005: Intel: update out-of-tree drivers, i40e driver warning.

Frustratingly, 2.13.10 seems to have some other — very nasty — bugs in it. We've had three kernel crashes on the latest VyOS 1.3 releases (from around Christmas) as a result, and I currently believe they are the same as those problems described here:

Jan 1 2021, 7:21 AM · VyOS 1.3 Equuleus (1.3.0)

Dec 27 2020

maznu added a comment to T922: OSPF - Process Crash after peer reboot.

We had problems with ospf6d crashing on VyOS 1.3 using FRR 7.3 (from around August 2020). However, according to FRR #6086 and FRR #6735 this might have been fixed in FRR 7.5 (which is in latest/current VyOS 1.3).

Dec 27 2020, 8:17 PM · VyOS 1.3 Equuleus (1.3.6)
maznu created T3157: salt-minion fails to start due to permission error accessing /root/.salt/minion.log.
Dec 27 2020, 8:07 PM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.4 Sagitta

Sep 1 2020

maznu added a comment to T291: support for Predictable Network Interface Names.

@Dmitry in various reboots and real-config-tests we've seen it settle in a few seconds, and we've seen it do 121 failed again today:

Sep 1 2020, 1:45 PM

Aug 31 2020

maznu added a comment to T291: support for Predictable Network Interface Names.

As per @Dmitry's suggestions, I did exactly the above. Upon reboot it did not look promising:

Aug 31 2020, 10:16 PM

Aug 29 2020

maznu added a comment to T1499: Move nic to mac mapping out of the configuration file.

Any news on this one? Have posted some of the pain I've been having in T291 where VyOS is neither behaving as per documentation (match on hw-id) nor consistently across reboots.

Aug 29 2020, 1:55 PM
maznu added a comment to T291: support for Predictable Network Interface Names.

Neither does VyOS have predicable interface names, nor does it behave as per VyOS' documentation.

Aug 29 2020, 8:05 AM
maznu added a comment to T291: support for Predictable Network Interface Names.

According to documentation — https://wiki.vyos.net/wiki/Troubleshooting — specifying the hw-id of an interface should be tell udev (or similar) to ensure that the interface with the MAC-address specified gets the name of e.g. eth0.

Aug 29 2020, 7:39 AM

May 6 2020

maznu added a comment to T1698: prefix-list and/or route-map not configured before referencing BGP neighbor is configured (BGP session established before filters applied).

The good news is that this can be fixed with:

May 6 2020, 12:44 PM

May 4 2020

maznu added a comment to T2425: Rewrite all policy zebra filters to XML/Python style.

Would love to see this resolved — a large (but reasonable) configuration doing IRR-based filtering from BGP peers took 9 hours to boot up.

May 4 2020, 4:43 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T1230: Improving Boot Time for Large Firewall Configurations.

We don't do any firewalling — we have lots of prefix-lists for filtering eBGP sessions. Right now we're looking at a router that's taken more than 1h20minutes to boot up — and it is still not finished — on modern Xeon CPUs. That's doubled in length since adding a prefix-list of around 5000 entries (roughly double the total number of prefix-list entries as before).

May 4 2020, 8:46 AM · VyOS 1.3 Equuleus (1.3.6)

Apr 28 2020

maznu added a comment to T2214: BGP peers dropping randomly.

We've got full IPv4 and IPv6 routing tables on our VyOS boxes, and we *definitely* needed to increase net.ipv6.route.max_size (we picked 256k to give us some headroom).

Apr 28 2020, 6:11 PM · VyOS 1.2 Crux

Apr 18 2020

maznu added a comment to T2044: RPKI doesn't boot properly.

While testing T1874 the procedure we followed was:

Apr 18 2020, 7:48 AM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
maznu added a comment to T1874: FRR crashing triggered by RPKI.

This is looking like it might be fixed in FRR version 7.2.1 onwards:

Apr 18 2020, 7:13 AM · VyOS 1.2 Crux (VyOS 1.2.5)
maznu added a comment to T1874: FRR crashing triggered by RPKI.

We managed to reproduce this on a test instance running VyOS 1.2.4 talking RTRR to Routinator3000 0.6.4:

Apr 18 2020, 7:10 AM · VyOS 1.2 Crux (VyOS 1.2.5)

Apr 17 2020

maznu added a comment to T2044: RPKI doesn't boot properly.

We saw something similar to this, but it seems like FRR eventually connected to RTRR. I think it has a timeout parameter — is that how often (slowly) it tries to re-establish?

Apr 17 2020, 8:20 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
maznu added a comment to T1874: FRR crashing triggered by RPKI.

We had this bug earlier today on 1.2.4.

Apr 17 2020, 8:18 PM · VyOS 1.2 Crux (VyOS 1.2.5)

Apr 4 2020

maznu added a comment to T2218: Add support for the peeringdb module in salt (upgrade salt-minion to 2019.2).

Can highly recommend: http://repo.saltstack.com/2019.2.html#debian (includes Jessie)

Apr 4 2020, 9:56 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
maznu updated the task description for T2218: Add support for the peeringdb module in salt (upgrade salt-minion to 2019.2).
Apr 4 2020, 9:55 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta
maznu created T2218: Add support for the peeringdb module in salt (upgrade salt-minion to 2019.2).
Apr 4 2020, 9:54 AM · VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Mar 25 2020

maznu added a comment to T1894: FRR config not loaded after daemons segfault or restart.

I'm not expecting a persisted-across-reboots FRR config — hence suggesting tmpfs — so when the system boots there is nothing there. Obviously something would need to create the (empty) FRR config files in tmpfs before running FRR, otherwise I expect all the FRR daemons will fail to start.

Mar 25 2020, 3:34 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta
maznu added a comment to T1894: FRR config not loaded after daemons segfault or restart.

We've seen this recently on bleeding-edge (yesterday's version) of 1.3. I'm currently investigating what tripped ospf6d, but I suspect it's going to be some Ubiquiti routers spewing their nasty OSPFv3 implementation.

Mar 25 2020, 9:25 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.4 Sagitta

Sep 29 2019

maznu added a comment to T1699: Default net.ipv6.route.max_size 32768 is too low.

Agreed, I'm going to workaround with set system sysctl custom, but also submit a PR: https://github.com/vyos/vyatta-cfg-system/pull/107

Sep 29 2019, 8:50 PM · VyOS 1.2 Crux (VyOS 1.2.6)
maznu created T1699: Default net.ipv6.route.max_size 32768 is too low.
Sep 29 2019, 12:18 PM · VyOS 1.2 Crux (VyOS 1.2.6)
maznu updated the task description for T1698: prefix-list and/or route-map not configured before referencing BGP neighbor is configured (BGP session established before filters applied).
Sep 29 2019, 9:23 AM
maznu created T1698: prefix-list and/or route-map not configured before referencing BGP neighbor is configured (BGP session established before filters applied).
Sep 29 2019, 9:23 AM
maznu added a comment to T1514: Add ability to restart frr processes.

…or, indeed, it'd be great to be able to restart FRR and have it get a new config when this happened just now:

Sep 29 2019, 3:40 AM · VyOS 1.3 Equuleus (1.3.0)

Sep 23 2019

maznu added a comment to T1679: during bootup: invalid literal for int() with base 10.

That's fixed the problem we had, but we've encountered some other strangeness.

Sep 23 2019, 10:27 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T1679: during bootup: invalid literal for int() with base 10.

Thank you, @c-po, I'll go deploy it now, then! :-)

Sep 23 2019, 4:18 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T1679: during bootup: invalid literal for int() with base 10.

Has this been merged into 1.2, or just 1.3? Because all of the 1.2-rolling images currently available from downloads.vyos.io right now have this bug in them :-(

Sep 23 2019, 3:42 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T1237: Static Route Path Monitoring, failover.

MikroTik RouterOS supports something like this:

Sep 23 2019, 3:34 PM · VyOS 1.4 Sagitta
maznu added a comment to T732: Netflow: generate ASNs from the uacctd BGP thread..

Why does this BGP neighbor need to be configred in the VyOS CLI? Wouldn't it be added automatically as a side-effect of wanting netflow data to have ASNs? Maybe add a flag to netflow, for those of us who are carrying full tables.

Sep 23 2019, 3:31 PM
maznu added a comment to T1514: Add ability to restart frr processes.

Having had bgpd peg a core to 100% (for no discernible reason), I'd welcome the ability to give quag^WFRR a kick, rather than rebooting the entire VyOS box.

Sep 23 2019, 3:14 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T1520: Advanced network monitoring: nTop or similar.

We run ntop on a separate device, and export netflow data to the ntop/nprobe box from our routers (VyOS included). Would that work in your scenario too?

Sep 23 2019, 3:12 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T1679: during bootup: invalid literal for int() with base 10.

Symptoms which cause no configuration of the device after booting into 1.2:

Sep 23 2019, 3:01 PM · VyOS 1.3 Equuleus (1.3.0)
maznu added a comment to T1679: during bootup: invalid literal for int() with base 10.

PR to fix this: https://github.com/vyos/vyos-1x/pull/136

Sep 23 2019, 3:00 PM · VyOS 1.3 Equuleus (1.3.0)
maznu created T1679: during bootup: invalid literal for int() with base 10.
Sep 23 2019, 2:56 PM · VyOS 1.3 Equuleus (1.3.0)