vyos-1x.git/interface-definitions/interfaces-vxlan.xml.in, branch 1.4.0-epa3VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
https://git.amelek.net/vyos/vyos-1x.git/atom?h=1.4.0-epa32024-01-01T08:25:32+00:00T5474: establish common file name pattern for XML conf mode commands2024-01-01T08:25:32+00:00Christian Breunigchristian@breunig.cc2023-12-30T22:25:20+00:00urn:sha1:c9eaafd9f808aba8d29be73054e11d37577e539a
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
(cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
vxlan: T5759: change default MTU from 1450 -> 1500 bytes2023-11-22T10:05:48+00:00Christian Breunigchristian@breunig.cc2023-11-22T09:52:40+00:00urn:sha1:b083d60102e5b955a7dda544e94bc92b21e619b6
Found an odd behavior on Linux and the VyOS CLI implementation. If adding VXLAN
interfaces using iproute2 the MTU differs depending on the creation syntax:
ip -4 link add vxlan100 type vxlan dstport 4789 external df unset tos inherit \
ttl 16 nolearning vnifilter local 172.16.33.201
ip -4 link add vxlan200 type vxlan id 200 dstport 4789 local 172.16.33.201 dev eth0
ip -6 link add vxlan300 type vxlan id 300 dstport 4789 local 2001:db8:1::1 dev eth0
132: vxlan300: <BROADCAST,MULTICAST> mtu 1430 qdisc noop state DOWN group default qlen 1000
link/ether 4e:fb:e3:f5:d9:59 brd ff:ff:ff:ff:ff:ff
133: vxlan200: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
link/ether 0e:4e:f4:76:59:3f brd ff:ff:ff:ff:ff:ff
134: vxlan100: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ba:b6:b7:0c:b1:37 brd ff:ff:ff:ff:ff:ff
VyOS always sets a default MTU of 1450 bytes which is correct for IPv4 p2p links
or multicast, but invalid for IPv6 p2p. Also this will break EVPN deployments
as ethernet bridges with MTU < 1500 bytes are less fun.
Increase default MTU to 1500 bytes. Migrate old configurations to use 1450
bytes if not specified otherwise on the CLI.
(cherry picked from commit 4a163b016333e58fee9d6ec6b53a09e0160b3213)
vxlan: T5753: add support for VNI filtering2023-11-22T09:37:48+00:00Christian Breunigchristian@breunig.cc2023-11-16T21:16:58+00:00urn:sha1:449ab85212983078e21c839ff63c2fe2ba6e76ff
In a service provider network a service provider typically supports multiple
bridge domains with overlapping vlans. One bridge domain per customer. Vlans in
each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to
each customer.
Without the ability of VNI filtering, we can not provide VXLAN tunnels
with multiple tenants all requiring e.g. VLAN 10.
To Test:
set interfaces vxlan vxlan987 parameters external
set interfaces vxlan vxlan987 source-interface eth0
set interfaces vxlan vxlan987 parameters vni-filter
set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050
set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051
set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052
set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053
set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054
set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060
set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069
set interfaces bridge br0 member interface vxlan987
Add new op-mode command: show bridge vni
Interface VNI
----------- -----------
vxlan987 10050-10054
vxlan987 10060
vxlan987 10069
(cherry picked from commit 35f6033d21053fa420e837f157cd9377a4ccd26a)
vxlan: T5668: add CLI knob to enable ARP/ND suppression2023-10-31T06:01:09+00:00Christian Breunigchristian@breunig.cc2023-10-28T18:57:38+00:00urn:sha1:2e85b7ccef45924f1aae03513e116b9087c7ef69
In order to minimize the flooding of ARP and ND messages in the VXLAN network,
EVPN includes provisions [1] that allow participating VTEPs to suppress such
messages in case they know the MAC-IP binding and can reply on behalf of the
remote host. In Linux, the above is implemented in the bridge driver using a
per-port option called "neigh_suppress" that was added in kernel version 4.15.
[1] https://www.rfc-editor.org/rfc/rfc7432#section-10
(cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
vxlan: T5699: migrate "external" CLI know to "parameters external"2023-10-30T17:53:31+00:00Christian Breunigchristian@breunig.cc2023-10-30T15:23:30+00:00urn:sha1:4fdecbf61b02c102f0070d9dd1f785643b056de2
As we have a bunch of options under "paramteres" already and "external" is
clearly one of them it should be migrated under that node as well.
(cherry picked from commit cc7ba8824a5e9ec818f0bbe7fb85e1713a591527)
vxlan: T5671: change port to IANA assigned default port2023-10-22T16:44:27+00:00Christian Breunigchristian@breunig.cc2023-10-20T19:55:01+00:00urn:sha1:162bd820d6cb88091618be83369feb591fc30306
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that
predates the IANA assignment. As Most other vendors use the IANA assigned port,
follow this guideline and use the new default port 4789.
Existing configuration not defining an explicit port number will be migrated
to the old default port number of 8472, keeping existing configurations work!
(cherry picked from commit 6db8d3ded19f652b99231be0d705d76b598ac72a)
# Conflicts:
# interface-definitions/include/version/interfaces-version.xml.i
vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridges2023-09-09T05:17:40+00:00Christian Breunigchristian@breunig.cc2023-09-09T05:13:31+00:00urn:sha1:cfe1dbd7ab9c8ab55eeca04c0c2e01b0299cc558
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when
working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI
is configured against a container VXLAN interface which is referred to as a
'Single VXLAN device (SVD)'.
Multiple VLAN to VNI mappings can be configured against the same SVD. This
allows for a significant scaling of the number of VNIs since a separate VXLAN
interface is no longer required for each VNI.
Sample configuration of SVD with VLAN to VNI mappings is shown below.
set interfaces bridge br0 member interface vxlan0
set interfaces vxlan vxlan0 external
set interfaces vxlan vxlan0 source-interface 'dum0'
set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010'
set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011'
set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030'
set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
(cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
xml: T1579: merge generic-description.xml.i and interface/description.xml.i2023-01-07T08:07:40+00:00Christian Poessingerchristian@poessinger.com2023-01-07T08:07:10+00:00urn:sha1:662bae181cdff07a2472d7121d18ae37d380e062
No need to have two distinct include blocks as one superseeds the other. Also
this makes the entire behavior of "description" CLI node simpler.
policy: T2199: T4605: Migrate policy route interface to `policy route|route6 <name> interface <ifname>`2022-11-11T15:37:56+00:00sarthurdev965089+sarthurdev@users.noreply.github.com2022-11-02T14:32:11+00:00urn:sha1:586b24e0af1ae57c47c772229fc94ab50dfc1e4f
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
firewall: T2199: Refactor firewall + zone-policy, move interfaces under firewall node2022-09-13T09:59:11+00:00sarthurdev965089+sarthurdev@users.noreply.github.com2022-08-30T09:46:16+00:00urn:sha1:450ca9a9b46d69036af432ddad316d4ddb126085
* Refactor firewall and zone-policy rule creation and cleanup
* Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>`
* Remove `firewall-interface.py` conf script