Age | Commit message (Collapse) | Author |
|
T5086: Add sFlow drop-monitor-limit option
|
|
hsflowd will export the headers of dropped packets (along with the
name of the function in the Linux kernel where that skb was dropped)
as part of the standard sFlow feed.
This measurement complements the sFlow packet sampling and
counter-telemetry well because it provides visibility into the
traffic that is not flowing.
Very helpful for troubleshooting.
The limit (a rate limit max of N drops per second sent out in the
sFlow datagrams) is the parameter you would set in the CLI.
set system sflow drop-monitor-limit 50
|
|
T5091: IPoE-server verify RADIUS settings
|
|
|
|
T5092: IPoE-server named pool must not rely on auth type
|
|
T5086: Add sFlow feature based on hsflowd
|
|
|
|
1. Rewritten CLI of 'reset vpn' commands.
2. Created 'reset vpn ipsec remote-access' commands to reset
RA IKEv2 session.
3. Created 'reset vpn ipsec site-to-site all' command to reset all
configured IPSec site-to-site peers sessions.
4. Rewritten 'reset vpn l2t|pptp|sstp' commands to
new opmode style.
|
|
As we don't have global option 'gateway-address' for ipoe-server
we cannot use general configverify.verify_accel_ppp_base_service
Add verify radius setting for configuration mode 'radius'
Radius authentication required at least one RADIUS server
|
|
Named pools for ipoe-server must not rely on autentication type
It is a separate global option for [ipoe] and [ip-pool] sections
|
|
Add sFlow feature based on hsflowd
According to user reviews, it works more stable and more productive
than pmacct
I haven't deleted 'pmacct' 'system flow-accounting sflow' yet
It could be migrated or deprecated later
set system sflow agent-address '192.0.2.14'
set system sflow interface 'eth0'
set system sflow interface 'eth1'
set system sflow polling '30'
set system sflow sampling-rate '100'
set system sflow server 192.0.2.1 port '6343'
set system sflow server 192.0.2.11 port '6343'
|
|
T5055: NAT: extend packet-type to NAT
|
|
in firewall, to NAT
|
|
T5085: Fix ipv6 route-map for ospfv3
|
|
Add template to generate zebra
"ipv6 protocol ospf6 route-map xxx"
|
|
T2516: Exclude veth interfaces from duplex and speed check
|
|
Exclude interfaces with 'veth' driver from duplex and speed check
|
|
|
|
This reverts commit 9ed4113d6c4809a0126d04c99d60eaa76a7b6b15.
|
|
Fix podman error about invalid storage:
[graphdriver] prior storage driver overlay failed: 'overlay' is not supported
over overlayfs, a mount_program is required: backing file system is unsupported
for this graph driver" Error: 'overlay' is not supported over overlayfs, a
mount_program is required: backing file system is unsupported for this graph
driver.
|
|
Also ExecReload is a duplicate of the base service file
|
|
|
|
|
|
container
|
|
|
|
|
|
|
|
T5055: Firewall: add packet-type matcher in firewall and route policy
|
|
Container registry CLI node changed from leafNode to tagNode with the same
defaults. In addition we can now configure an authentication option per
registry.
|
|
|
|
|
|
T5058: Fix range_to_regex list argument
|
|
Values of the list for the 'range_to_regex' could be not only range
values as ['10-20', '22-30'] but also and not range values like
['10-20', '30', '80']
Fix if we args is list and non range values are exists in ths list
% range_to_regex(['10-20', '80'])
'(1\\d|20|80)'
|
|
graphql: T5068: generate client operations for code generation tools
|
|
T5070: Added show bgp martian/show bgp nexthop to bgp in vrf
|
|
T4973: DHCP server fix output for long leases
|
|
util: T5074: Fixed decoding of certificate value to UTF-8 string
|
|
With long lease time for example lease '4294967295' seconds
it is impossible to get end lease as value is 'ends never;'
It cause error to get timestamp() from 'ends never' and remaining
time 'lease.end - datetime.utcnow()'
Set default remaining and end lease to '-' if we cannot get this
info
|
|
Fixed decoding of certificate value returned by vici
to UTF-8 string.
|
|
|
|
qos: T5018: Fix issues between QoS and interface mirror/redirect
|
|
This will check if mirror/redirect is present on a QoS interface and use `vyos.configdep` module to update the interface again after QoS is applied.
|
|
|
|
T5073: IPoE-server fix parse empty range option
|
|
|
|
T5063: IPoE-server ethX vlan must not be used with client-subnet
|
|
IPoE-server 'interface ethX vlan xxx' (aka vlan-mon) must not be
used with 'interface ethX client-subnet'
So instead of shared pool accel-ppp uses the same pool for each
dynamically added VLAN
eth1 client-subnet '192.0.2.0/24'
eth1 vlan '2000-2021'
It cause this issue:
eth1.2000 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
eth2.2001 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
Only named pools with vlan option must be used.
|
|
If the 'client-subnet' is not used we must exclude it
from the ipoe.config.j2 template.
Otherwise we get wrong empty parameter ',range=,'
|
|
|
|
T5066: Fix GRE tunnel variable name which checks keys
|