4 files changed, 71 insertions, 6 deletions

diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py
index d1d7d48c4..45e6e4c16 100644
--- a/python/vyos/ifconfig/bond.py
+++ b/python/vyos/ifconfig/bond.py
@@ -92,6 +92,19 @@ class BondIf(Interface):
         }
     }}
 
+    @staticmethod
+    def get_inherit_bond_options() -> list:
+        """
+        Returns list of option
+        which are inherited from bond interface to member interfaces
+        :return: List of interface options
+        :rtype: list
+        """
+        options = [
+            'mtu'
+        ]
+        return options
+
     def remove(self):
         """
         Remove interface from operating system. Removing the interface
diff --git a/python/vyos/ifconfig/ethernet.py b/python/vyos/ifconfig/ethernet.py
index 285542057..aa1e87744 100644
--- a/python/vyos/ifconfig/ethernet.py
+++ b/python/vyos/ifconfig/ethernet.py
@@ -75,6 +75,40 @@ class EthernetIf(Interface):
         },
     }}
 
+    @staticmethod
+    def get_bond_member_allowed_options() -> list:
+        """
+        Return list of options which are allowed for changing,
+        when interface is a bond member
+        :return: List of interface options
+        :rtype: list
+        """
+        bond_allowed_sections = [
+            'description',
+            'disable',
+            'disable_flow_control',
+            'disable_link_detect',
+            'duplex',
+            'eapol.ca_certificate',
+            'eapol.certificate',
+            'eapol.passphrase',
+            'mirror.egress',
+            'mirror.ingress',
+            'offload.gro',
+            'offload.gso',
+            'offload.lro',
+            'offload.rfs',
+            'offload.rps',
+            'offload.sg',
+            'offload.tso',
+            'redirect',
+            'ring_buffer.rx',
+            'ring_buffer.tx',
+            'speed',
+            'hw_id'
+        ]
+        return bond_allowed_sections
+
     def __init__(self, ifname, **kargs):
         super().__init__(ifname, **kargs)
         self.ethtool = Ethtool(ifname)
diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py
index 1fe5db7cd..8c5a0220e 100644
--- a/python/vyos/ifconfig/vxlan.py
+++ b/python/vyos/ifconfig/vxlan.py
@@ -56,6 +56,10 @@ class VXLANIf(Interface):
     }
 
     _command_set = {**Interface._command_set, **{
+        'neigh_suppress': {
+            'validate': lambda v: assert_list(v, ['on', 'off']),
+            'shellcmd': 'bridge link set dev {ifname} neigh_suppress {value} learning off',
+        },
         'vlan_tunnel': {
             'validate': lambda v: assert_list(v, ['on', 'off']),
             'shellcmd': 'bridge link set dev {ifname} vlan_tunnel {value}',
@@ -68,8 +72,8 @@ class VXLANIf(Interface):
         # - https://man7.org/linux/man-pages/man8/ip-link.8.html
         mapping = {
             'group'                      : 'group',
-            'external'                   : 'external',
             'gpe'                        : 'gpe',
+            'parameters.external'        : 'external',
             'parameters.ip.df'           : 'df',
             'parameters.ip.tos'          : 'tos',
             'parameters.ip.ttl'          : 'ttl',
@@ -113,6 +117,19 @@ class VXLANIf(Interface):
                        'port {port} dev {ifname}'
                 self._cmd(cmd.format(**self.config))
 
+    def set_neigh_suppress(self, state):
+        """
+        Controls whether neigh discovery (arp and nd) proxy and suppression
+        is enabled on the port. By default this flag is off.
+        """
+
+        # Determine current OS Kernel neigh_suppress setting - only adjust when needed
+        tmp = get_interface_config(self.ifname)
+        cur_state = 'on' if dict_search(f'linkinfo.info_slave_data.neigh_suppress', tmp) == True else 'off'
+        new_state = 'on' if state else 'off'
+        if cur_state != new_state:
+            self.set_interface('neigh_suppress', state)
+
     def set_vlan_vni_mapping(self, state):
         """
         Controls whether vlan to tunnel mapping is enabled on the port.
@@ -163,3 +180,9 @@ class VXLANIf(Interface):
         # Enable/Disable VLAN tunnel mapping
         # This is only possible after the interface was assigned to the bridge
         self.set_vlan_vni_mapping(dict_search('vlan_to_vni', config) != None)
+
+        # Enable/Disable neighbor suppression and learning, there is no need to
+        # explicitly "disable" it, as VXLAN interface will be recreated if anything
+        # under "parameters" changes.
+        if dict_search('parameters.neighbor_suppress', config) != None:
+            self.set_neigh_suppress('on')
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
index 4aac103ec..5704f8b64 100644
--- a/python/vyos/ifconfig/wireguard.py
+++ b/python/vyos/ifconfig/wireguard.py
@@ -167,11 +167,6 @@ class WireGuardIf(Interface):
         interface setup code and provide a single point of entry when workin
         on any interface. """
 
-        # remove no longer associated peers first
-        if 'peer_remove' in config:
-            for peer, public_key in config['peer_remove'].items():
-                self._cmd(f'wg set {self.ifname} peer {public_key} remove')
-
         tmp_file = NamedTemporaryFile('w')
         tmp_file.write(config['private_key'])
         tmp_file.flush()