summaryrefslogtreecommitdiff
path: root/src/conf_mode/high-availability.py
diff options
context:
space:
mode:
authorSander Klein <github@roedie.nl>2022-09-01 11:36:20 +0200
committerSander Klein <github@roedie.nl>2022-09-01 11:36:20 +0200
commit1eff4f4da6ebd3405df1fec76f3288416abf66f5 (patch)
treea4e48262a95ff102afa30272d42f88693ea74f8c /src/conf_mode/high-availability.py
parent69f79beee2070906b68f2b910296c362e7216278 (diff)
downloadvyos-1x-1eff4f4da6ebd3405df1fec76f3288416abf66f5.tar.gz
vyos-1x-1eff4f4da6ebd3405df1fec76f3288416abf66f5.zip
T4665: Keepalived: Allow same VRID on interface
Using the same VRID on an interface is allowed as long as the address family is different (VRRPv2 vs VRRPv3)
Diffstat (limited to 'src/conf_mode/high-availability.py')
-rwxr-xr-xsrc/conf_mode/high-availability.py21
1 files changed, 14 insertions, 7 deletions
diff --git a/src/conf_mode/high-availability.py b/src/conf_mode/high-availability.py
index e14050dd3..8a959dc79 100755
--- a/src/conf_mode/high-availability.py
+++ b/src/conf_mode/high-availability.py
@@ -88,15 +88,12 @@ def verify(ha):
if not {'password', 'type'} <= set(group_config['authentication']):
raise ConfigError(f'Authentication requires both type and passwortd to be set in VRRP group "{group}"')
- # We can not use a VRID once per interface
+ # Keepalived doesn't allow mixing IPv4 and IPv6 in one group, so we mirror that restriction
+ # We also need to make sure VRID is not used twice on the same interface with the
+ # same address family.
+
interface = group_config['interface']
vrid = group_config['vrid']
- tmp = {'interface': interface, 'vrid': vrid}
- if tmp in used_vrid_if:
- raise ConfigError(f'VRID "{vrid}" can only be used once on interface "{interface}"!')
- used_vrid_if.append(tmp)
-
- # Keepalived doesn't allow mixing IPv4 and IPv6 in one group, so we mirror that restriction
# XXX: filter on map object is destructive, so we force it to list.
# Additionally, filter objects always evaluate to True, empty or not,
@@ -109,6 +106,11 @@ def verify(ha):
raise ConfigError(f'VRRP group "{group}" mixes IPv4 and IPv6 virtual addresses, this is not allowed.\n' \
'Create individual groups for IPv4 and IPv6!')
if vaddrs4:
+ tmp = {'interface': interface, 'vrid': vrid, 'ipver': 'IPv4'}
+ if tmp in used_vrid_if:
+ raise ConfigError(f'VRID "{vrid}" can only be used once on interface "{interface} with address family IPv4"!')
+ used_vrid_if.append(tmp)
+
if 'hello_source_address' in group_config:
if is_ipv6(group_config['hello_source_address']):
raise ConfigError(f'VRRP group "{group}" uses IPv4 but hello-source-address is IPv6!')
@@ -118,6 +120,11 @@ def verify(ha):
raise ConfigError(f'VRRP group "{group}" uses IPv4 but peer-address is IPv6!')
if vaddrs6:
+ tmp = {'interface': interface, 'vrid': vrid, 'ipver': 'IPv6'}
+ if tmp in used_vrid_if:
+ raise ConfigError(f'VRID "{vrid}" can only be used once on interface "{interface} with address family IPv6"!')
+ used_vrid_if.append(tmp)
+
if 'hello_source_address' in group_config:
if is_ipv4(group_config['hello_source_address']):
raise ConfigError(f'VRRP group "{group}" uses IPv6 but hello-source-address is IPv4!')