Age | Commit message (Collapse) | Author |
|
After migrating the ethernet interfaces from the good old Perl days the
smp-affinity node yet has no effect anymore as the code is still missing (my
bad, sorry).
Drop the smp-affinity node and rather use tuned instead with the
network-throughput or network-latency profile.
- network-throughput: Profile for throughput network tuning. It is based on the
throughput-performance profile. It additionaly increases kernel network buffers.
- network-latency: Profile for low latency network tuning. It is based on the
latency-performance profile. It additionaly disables transparent hugepages,
NUMA balancing and tunes several other network related sysctl parameters.
I'd set network-throughput as the default on a new set system option performance
<throughput | latency> CLI node which is present in the default configuration.
https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
|
|
policy-conf: T439: Add policy local-route PBR
|
|
|
|
|
|
|
|
|
|
|
|
While migration to get_config_dict() was introduced in commit 789775af9f5 the
logic for adding an IPv4 or IPv6 peer address was using the wrong dictionary
to determine if it's an IPv4 or IPv6 address.
We now use the proper peer dict over the wrong config dict.
|
|
link-local addresses can still be disabled using:
set interfaces wireguard wg0 ipv6 address no-default-link-local
|
|
|
|
|
|
* tunnel-rewrite:
tunnel: T3068: automatic generate link-local adresses
tunnel: T3072: interfaces used for NHRP can not be deleted
tunnel: T3072: xml: harden regex validators
tunnel: T3072: migrate to get_config_dict()
|
|
|
|
|
|
|
|
|
|
The MAC address is changed after we have set an IP address on the interface or
started dhclient. This will cause some users to receive the wrong IP address
on device startup.
Change to order of how parameters are set in the system. The interface MAC
address is now configured first.
|
|
In the implementation of T3042, it will cause two problems:
1. Even if VLAN awareness is not enabled, the VLAN settings of the
vlan filter will be modified. When the bridge member has a WLAN interface,
the error is exposed, so repair it here. You should not modify the
related settings when the VLAN awareness mode is not enabled
2. Even if VLAN awareness is not enabled, the VLAN settings of the
vlan filter will be modified. When the bridge member has a WLAN interface,
due to special settings, the bridge mode cannot be entered and the settings
cannot be completed directly. Therefore, the WLAN interface should be rejected
Enter the bridge with VLAN awareness
|
|
This reverts commit 806f35b5856c3f8dae634718a6a9e82cc90bb63a.
Unfortunately this did not work our in the attempt to bridge a station to a
bridge "brX" interface. Also adjusting the wireless interface during operation
cause several exceptions and the feature is removed again as it was never in any
production system.
|
|
|
|
family
Certain tunnel types require that the local and remote IP is either both IPv4 or
IPv6, add a check which ensures that an error is throws if this is not the case.
|
|
Commit 84ce69a4 ('op-mode: add "show arp" command') copied the syntax from
"show protocols static arp" to "show arp" but the CLI variable reference index
was not decreases from 6 to 4 as the CLI level changed for the new command.
|
|
setting this to udp will allow both IPv4 and IPv6 connections. According to the
MAN page: proto indicates the protocol to use when connecting with the remote,
and may be "tcp" or "udp". For forcing IPv4 or IPv6 connection suffix tcp or
udp with 4/6 like udp4/udp6/tcp4/tcp6.
|
|
bridge: T3042: Better fix implementation errors
|
|
In #601, I provided a basic patch. Under this patch, I rely on vif to
detect the vlan id range that the bridge should flow through,
which may lead to greater redundancy in the configuration,
so I am considering detecting effective vlan filters In setting the range
of vlan id that is required to flow through the bridge,
I use set() to complete the deduplication of this vlan id
and set it to the bridge uniformly (at the same time,
I slightly modified the smoke test script)
|
|
Daemon was only enabled/disabled before and not started/stopped. This has been
corrected to start the daemon and wait until startup before sending the
configuration profile.
|
|
Python value
We should not use hardcoded Python values whenever possible. vyos.xml provides
an abstraction of the XML CLI definitions providing default values from the CLI
specified via the <defaultValue> node.
This increases consistency among all XML/Python wrappers.
Additional small fixes in this commit (besides the bad practice incorporating
unrelated changes into the same commit) contain:
- Keyboard layout shout be explicitly set for /dev/console
- Added missing Debian dependency on console-data
- When looking for a key in a dict, we do not need to specify dict.keys()
|
|
Revert "T2802: Tunnel interface does not apply EUI-64 IPv6 Address"
|
|
Revert "T3068: Automatic generation of IPv6 link local addresses for tunnel interfaces"
|
|
|
|
interfaces"
|
|
system: T3038: Add keyboard layout CLI command
|
|
T2802: Tunnel interface does not apply EUI-64 IPv6 Address
|
|
|
|
Generate an IPv6 Link Local address for wireguard interfaces.
|
|
* 't1316-frr-isis' of github.com:c-po/vyos-1x:
isis: T1316: refactor config retrieval and Jinja2 template
isis: T1316: October steps
|
|
Make the entire template code more human readable by denesting it, as there can
only be one ISIS daemon instance in FRR.
|
|
powerctl: T3066: Calculate minutes over 60
|
|
T3068: Automatic generation of IPv6 link local addresses for tunnel interfaces
|
|
T3060: Fixing a backwards check on dh length
|
|
openvpn: T3060: Remote-host is a required param for client
|
|
|
|
|
|
t1616-isis
* 'T1316_october' of https://github.com/sever-sever/vyos-1x:
isis: T1316: October steps
|
|
|
|
After commit 943a4a50 ("openvpn: T3051: fix creation of ifconfig-pool for
client communication") the smoketests had nod been adjusted correctly.
This has been fixed.
|
|
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined.
All places now have been converged into vyos.template as they are used both
in the Jinja2 templates and also in our scripts.
|
|
|
|
Better implementation to assign link local addresses automatically because address only assigned to interfaces which supports IPv6 addresses.
|
|
Tunnel interfaces hot having any IPv6 Link Local address because Linux Kernel does not assign address due to missing MAC. I have implemented a function to generate a linl local address and assign it to the interface. Link local address is required for OSPF and other protocols.
|