| Age | Commit message (Collapse) | Author |
|---|
|
VRF names: "add, all, broadcast, default, delete, dev, get, inet,
mtu, link, type, vrf" are reserved and cannot be used for vrf name
(cherry picked from commit 52342f389af2da2995b858d026e6fbcad5c8bfaa)
|
|
(cherry picked from commit c33a96f6f0f0259808992b246b1a550fcf9a454a)
|
|
(cherry picked from commit 364009e4317fb5c6732635726b511613aa2ed519)
|
|
We always mangled and worked on the "ip rule" singleton even when nothing
needed to be changed. This resulted in a VRF hickup when the same VRF was added
and removed multiple times.
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
delete interfaces ethernet eth1 vrf
delete vrf
commit
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
broke reachability on eth1 - a reboot was required.
This change will now only alter the ip rule tables once when VRF instances
are created for the first time and will not touch the Kernel "ip rule"
representation afterwards.
(cherry picked from commit 2cec431e5caf9df85640f707cd6dc3077c17c238)
|
|
|
|
Re-issuing the same iproute2 commands can lead to errors, simply ignore
them and not raise a Python exception.
(cherry-picked from commit 9920f7340d60b51d32bad9dbd24a907718f72837)
|
|
because of typo
change from `bind_to_all` to `bind-to-all`
refer: interface-definitions/vrf.xml.in
(cherry picked from commit 8a78c790c1239eef533c7bbe12911aaeec4dc90f)
|
|
(cherry picked from commit 8953a14b01a4183ea890f1c3d569aae54e363614)
|
|
(cherry picked from commit e1b2f1012ca18ef4ecf2b53e9bb01a50880cbd3c)
|
|
47: bar: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP group default qlen 1000
link/ether 76:7d:c0:53:6d:89 brd ff:ff:ff:ff:ff:ff
inet 127.0.0.1/8 scope host bar
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
|
|
|
|
|
|
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
convert all call to jinja to use template.render
|
|
|
|
|
|
|
|
If the unreachable routes for IPv4 and IPv6 are not deleted, there will be an
error when creating the same VRF again after removal.
Error changing VRF: Command '['sudo', 'ip', '-4', 'route', 'del', 'vrf',
'Blue', 'unreachable', 'default', 'metric', '4278198272']' returned
non-zero exit status 2.
|
|
|
|
The list of VRFs to remove has been converted to a dict. The deletion of a VRF
was no longer triggered as the logic still thought it is a list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Linux routing uses rules to find tables - routing targets are then looked up in
those tables. If the lookup got a matching route, the process ends.
TL;DR; first table with a matching entry wins!
You can see your routing table lookup rules using "ip rule", sadly the local
lookup is hit before any VRF lookup. Pinging an addresses from the VRF will
usually find a hit in the local table, and never reach the VRF routing table -
this is usually not what you want. Thus we will re-arrange the tables and move
the local lookup furhter down once VRFs are enabled.
|
|
|
|
.. we run on 4.19 thus this is no longer needed.
|
|
|
|
By default the scope of the port bindings for unbound sockets is limited to the
default VRF. That is, it will not be matched by packets arriving on interfaces
enslaved to an l3mdev and processes may bind to the same port if they bind to
an l3mdev.
TCP & UDP services running in the default VRF context (ie., not bound to any
VRF device) can work across all VRF domains by enabling the 'vrf bind-to-all'
option.
|
|
|
|
vyos.vrf.list_vrfs() was only used in one function thus building a library is
no longer needed. If it is needed in the future it should be placed into a
library again.
|
|
Keep it simple and stupid :)
|
|
All configuration mode scripts are already run with sudo.
|
|
This is a work in progress to complete T31 whoever thought it was less than
1 hour of work was ..... optimistic.
Only VRF vreation and show is supported right now. No interface can be bound
to any one VRF.
|
