Age | Commit message (Collapse) | Author |
|
|
|
PBR is implemented in vyatta-cfg-firewall and the new policy framework uses one
script to rule them all that is triggered from the main policy level.
As the PBR configuration is a subnode with a lower priority we get an inversion,
thus all policy based configuration which applies to FRR only, is set to
priority 200.
Automated tests did not show any regression.
|
|
This commit is a cleanup and refinement of the container hosting implementation.
- Renamed CLI node ipv4-prefix -> prefix so both IPv4 and IPv6 prefix can be
supplied in the future. This is currently limited to IPv4 only as when using
IPv6 networks in combination with IPv4 the IPv4 prefix is altered randomly
- De-nested if clauses
- Use "for foo, bar in baz.items()" to more easily iterate of dictionary
values, this means "bar" can be used to access "baz[foo]"
|
|
|
|
The previously used regex allowed an address value of "dhcpfoo" which is invalid
and will raise an OSError. Harden the regex that it explicitly must be dhcp or
dhcpv6.
|
|
* community-list gained proper valueHelp nodes
* route-map set community gained proper valueHelp nodes
* route-map set comm-list now has a completion helper searching in
"policy community-list"
|
|
|
|
In this commit we add more address families within
BGP. This should bring VyOS the ability to enable
the rest of the capabilities within FRR.
Co-authored-by: Cheeze_It <none@none.com>
|
|
|
|
containers: T2216: Add podman for containers
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols rip route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not ripd.
|
|
|
|
set vrf name red protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
|
|
After commit 73557d68 ("bgp: T1711: remove ASN tagNode and move to 'local-as'")
when the BGP tag node was removed there is no need anymore for a script based
completion helper, we can rather rely on the build in "path" variant.
|
|
This was not possible due to a regression in iproute2 where the erspan_dir key
did not have a value. See [1] for more information.
[1]: https://lore.kernel.org/netdev/3ac544c09842410fb863b332917a03ad@poessinger.com/
|
|
|
|
|
|
|
|
Port over the regex used in the old node.def code-base and make this limitation
also live on the new CLI interface.
|
|
|
|
|
|
Commit 548d9057e3e (vrf: T3344: move dynamic routing protocols under "vrf name
<name> protocols") temporary removed the possibility to specify the VNI for a
given VRF to to changing of the CLI configuration nodes.
As VNI is set inside zebra, we can re-use the now widely deployed frr python
library to configure and change the configuration without any interference to
other FRR daemons.
|
|
Instead of having a dedicated ERSPAN interface type, rather move the specifics
into "interface tunnel". A migrator is not needed as there is yet no LTS release
with this feature and this is considered experimental.
|
|
Sometimes a modem might give a local IP before it retrieves a WAN IP.
This can be an issue with failover routes,
since the default route will get overridden.
|
|
Commit 5b22ebae ("T3170: check if any generated node.def files are empty") added
an initial test to find empty node.def files created by build-command-templates
or build-command-op-templates.
The problem was that GNU find always returns 0, thus the condition to bail out
on error was always met. This has been corrected to return false on hits only.
|
|
... this has been migrated to vyos-1x.
|
|
This reverts commit d8c27642a3753513ae1d3c433fa46858a5ee946c.
|
|
Currently if there are XML nodes defined in multiple places it can and will
happen that one overrides the other. In this case, the "protocols static arp"
definition file overwrites the node.def file in the "protocols static" folder
that had a priority - the priority is essential for l2tpv3 to work.
|
|
conf-mode: Add Dvorak layout
|
|
|
|
Every time when set configuration bgp, you need set AS number. There is very
less benefit in this system so the AS number is moved from a tagNode level down
to a leafNode with the name "local-as", same as on the neighbor or peer-group
level.
This changes the CLI configuration from:
set protocols bgp 100 neighbor 10.10.1.2 remote-as 200
to
set protocols bgp local-as 100
set protocols bgp neighbor 10.10.1.2 remote-as 200
|
|
|
|
As we and FRR do not support multiple FRR process instances, there is no need
to make this configurable for a user. We rather rely on a solid default "VyOS".
|
|
VRF support can be tested using:
set vrf name red table 1000
set vrf name red protocols isis domain FOOO
set vrf name red protocols isis net 49.0001.1921.6800.1002.00
set vrf name red protocols isis interface eth1
|
|
As there can only be one running IS-IS process (FRR limitation) there is no need
in having a tagNode here. This adds artifical restrictions/limitations when
moving on to support VRFs for IS-IS protocol.
|
|
|
|
|
|
Private VLAN, also known as port isolation, is a technique in computer
networking where a VLAN contains switch ports that are restricted such that
they can only communicate with a given "uplink". The restricted ports are
called "private ports".
Each private VLAN typically contains many private ports, and a single uplink.
The uplink will typically be a port (or link aggregation group) connected to a
router, firewall, server, provider network, or similar central resource.
Q: https://en.wikipedia.org/wiki/Private_VLAN
|
|
|
|
|
|
|
|
|
|
|
|
VyOS 1.2 (crux) rejected prefixes other then of site /64.
[ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ]
Error: Prefix lenght is 127. It must be 64.
Same should be done on VyOS 1.3 and newer
|
|
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
conf-mode: T2425: Add XML for policy-lists
|