Age | Commit message (Collapse) | Author |
|
If the script name is mangled, for any reason (e.g. missing support for
script arguments) checking against the exclude_set will yield a false
positive; check against the include_set, even if this is a longer
search.
|
|
processing
vyos-configd does yet not support calling a script with a passed argument, thus
we will exclude the routing protocols during this time from the vyos-configd
processing.
|
|
|
|
|
|
util: T3419: Handle IP addresses with netmasks and subnet prefixes in strip-private
|
|
|
|
configquery: T3402: add library for querying config values from op mode
|
|
strip-private
|
|
A small library that allows querying existence or value(s) of config
settings from op mode, and execution of arbitrary op mode commands.
|
|
ISIS: add VRF support
|
|
|
|
op-mode: T3403: Fix show pppoe sessions interupt
|
|
As we and FRR do not support multiple FRR process instances, there is no need
to make this configurable for a user. We rather rely on a solid default "VyOS".
|
|
|
|
|
|
We need to adjust the regex pattern for the default VRF as a trailing whitespace
is required due to an FRR issue: https://github.com/FRRouting/frr/issues/8300
|
|
|
|
|
|
The regex only validated interfaces according to the VyOS naming scheme, but
third party interfacs that are legit (e.g. exists within the kernel) failed
to validate.
The validator now also supports any kind of local interfaces attached to
the OS kernel.
|
|
Instead of multiple if/else paths, use a common vrf string variable which is
either populated or not. In addtion when interfaces are configured for a given
VRF, harden the regex for config reload.
|
|
VRF support can be tested using:
set vrf name red table 1000
set vrf name red protocols isis domain FOOO
set vrf name red protocols isis net 49.0001.1921.6800.1002.00
set vrf name red protocols isis interface eth1
|
|
|
|
As there can only be one running IS-IS process (FRR limitation) there is no need
in having a tagNode here. This adds artifical restrictions/limitations when
moving on to support VRFs for IS-IS protocol.
|
|
|
|
|
|
|
|
|
|
When NTP is executed inside a VRF context, we also must execute the op-mode
commands inside the given VRF.
This is a workaround until the op-mode programming library from T3402 is
available.
|
|
|
|
Within this example a MGMT VRF is used to administer the system, thus also move
the NTP portion into that VRF.
|
|
Private VLAN, also known as port isolation, is a technique in computer
networking where a VLAN contains switch ports that are restricted such that
they can only communicate with a given "uplink". The restricted ports are
called "private ports".
Each private VLAN typically contains many private ports, and a single uplink.
The uplink will typically be a port (or link aggregation group) connected to a
router, firewall, server, provider network, or similar central resource.
Q: https://en.wikipedia.org/wiki/Private_VLAN
|
|
|
|
|
|
|
|
Turns out we still need it, else a MC7710 card won't work on an APU4 device.
This reverts commit f9e0fb6bffd41c143ff5454c3b73cca4a588ca86.
|
|
nat66: T2518: Correct the wrong logic
|
|
We can leak routes back to the default VRF, thus the check added by commit
9184dfb5 ("static: vrf: T3344: add target vrf verify()") must have a "bail out"
option when one want's to leak routes into the default VRF.
|
|
When we leak routes to a VRF it is verified that the target VRF actually
exists.
|
|
|
|
|
|
|
|
VyOS 1.2 (crux) rejected prefixes other then of site /64.
[ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ]
Error: Prefix lenght is 127. It must be 64.
Same should be done on VyOS 1.3 and newer
|
|
|
|
When leaking routes to a VRF ensure that the VRF we are leaking to exists.
|
|
Re-issuing the same iproute2 commands can lead to errors, simply ignore
them and not raise a Python exception.
|
|
During assembly of the required config changes we also must move the
interfaces_removed assignemnt to an earlier stage so the value is also populated
when the entire process is removed to cleanup all remaining OSPF process assigned
interfaces.
This was yet not the case and when deleting OSPF I still got my "interface eth0"
with the area key configured.
|
|
Currently every smoketest does the setup and destruction of the configsession
on its own durin setUp(). This creates a lot of overhead and one configsession
should be re-used during execution of every smoketest script.
In addiion a test that failed will leaf the system in an unconsistent state.
For this reason before the test is executed we will save the running config
to /tmp and the will re-load the config after the test has passed, always
ensuring a clean environment for the next test.
|
|
|
|
|
|
For nat66, the previous processing
of f0d0a572 (NAT: nat66: t2518: support operation...) has errors.
If there is no index 3, we think that this is not the record we need
|