Age | Commit message (Collapse) | Author |
|
Linux does not support changing the remote address from any (multipoint
GRE as used by DMVPN) to a discrete remote address. THis will return an
error: add tunnel "tun1" failed: Invalid argument
This can be handled by detecting the mGRE -> GRE change and re-create the tunnel
silently.
|
|
|
|
|
|
|
|
|
|
* 'T3379' of https://github.com/sever-sever/vyos-1x:
dhcpv6-server: T3379: Add option global-parameters name-server
|
|
Support setting additional options to the GENEVE tunnel like:
- ttl
- tos
- do not fragment bit
- ipv6 flowlabel
|
|
Verify proper configuration of VXLAN parameters for
- source-interface
- source-address
- remote
- vni
- group
Before it was only verified if the VXLAN tunnel interface was configured
at all but not if the parameters are correct, too.
|
|
|
|
op-mode: T3357: Fix show_interfaces bug with tunnels
|
|
|
|
pppoe: T3353: Remove regex for listen interface vlan-id
|
|
Commit 49bc3f1e ("vif: T3349: use fixed ordering when enabling parent and child
interface") also shipped a smoketest to verify the functionality of the parent
admin up/down problematic from T3349. The generic testcase failed for the VLAN
aware bridge as vlan-awarenes was not turned on.
|
|
|
|
When a VIF/VLAN interface is placed in admin down state but the lower
interface, serving the vlan, is moved from admin down -> admin up, all its
vlan interfaces will be placed in admin up state, too.
This is bad as a VLAN interface will become admin up even if its specified as
admin down after a reboot.
To reproduce:
set interfaces ethernet eth1 vif 20 disable
set interfaces ethernet eth1 disable
commit
delete interfaces ethernet eth1 disable
commit
Now check the interface state and it returns UP,LOWER_UP
7: eth1.20@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:b3:09:07 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:feb3:907/64 scope link
valid_lft forever preferred_lft forever
|
|
There had been four implementations of "ip -d -j link show interface" scattered
accross the codebase. Those implementations have now been combined into a new
helper:
vyos.util.get_json_iface_options()
|
|
|
|
Rename CLI options local-ip to source-address and remote-ip to remote to
get a consistent CLI experience for the user.
|
|
pppoe: T3353: Modify template for vlan-mon and interface
|
|
|
|
|
|
|
|
vyos.ifconfig: cleanup and tunnel refactoring
|
|
|
|
Streamline the CLI configuration where we try to use remote on other interfaces
like vxlan, geneve.
|
|
Streamline the CLI configuration where we try to use source-address when
creating connections which are especially sourced from a discrete address.
|
|
The following list shows the mapping of VyOS tunnel encapsulation modes to the
corresponding Linux modes.
VyOS Linux
gre gre
gre-bridge gretap
ipip ipip
ipip6 ipip6
ip6ip6 ip6ip6
ip6gre ip6gre
sit sit
Besides gre-bridge this is pretty consistent. As bridge interfaces are also
called tap interfaces gre-bridge will be renamed to gretap to make the
post-processing much easier.
This means (in detail) that there are no more child classes of _Tunnel and
there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
|
|
A VXLAN tunnel may now get a TTL, TOS, Flowlabel option specified. It is also
possible to disable learning of unknown addresses into the forwarding database.
|
|
Interface.get_config() was always a pure helper which exposed a "per interface
type" dictionary which was then fed by the caller to create interfaces by
iproute2 which required additional options during creation time.
Such interfaces had been:
* tunnel
* vxlan
* geneve
* macsec
* wifi
* macvlan / pseudo-ethernet
The code was always duplicated to convert from the VyOS CLI based get_config_dict()
to a dict which can be used to feed iproute2.
This path has been removed and we now always feed in the entire dictionary
retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper
get_interface_dict() to the interface we wan't to create.
This also adds the - personally long awaited - possibility to get rid of the
derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
|
|
bgp: T3365: Fix frr template for interface remote-as
|
|
|
|
bgp: T3365: Fix remote-as ordering for neighbor
|
|
bgp: T3225: is_addr_assigned should check only ipv4 ipv6 neighbors
|
|
|
|
|
|
Commit 4bf55f97 ("BGP: T2100: Adding RFC8212 option toggle.") added a CLI option
to enable RFC8212 ebgp-requires-policy checks. The extended smoketests assumed
that this will lead to an FRR configuration line of "bgp ebgp-requires-policy" -
which is not the case as this is a default option and FRR hides default
options from the config.
In order to properly verify this functionality we must conduct the negative test
and ensure the option is not present in the CLI at all.
|
|
bgp: T3320: Add checks for peer-group
|
|
|
|
bgp: T2100: Changing RFC8212 behavior and option toggle
|
|
bgp: T3225: Move is_addr_assigned check to neighbor
|
|
|
|
In this commit we add the default operation within BGP
to have RFC8212 disabled for eBGP routes. This default
should preserve the normal behavior for VyOS from earlier
releases of FRR to the current latest release. Another
option that we add is the ability to toggle whether or
not RFC8212 is enabled or disabled.
|
|
bgp: T3225: Checks if neighbor configured as system address
|
|
|
|
|
|
bgp: T3324: Add checks for peer password
|
|
|
|
bgp: T3323: Add verify for ttl-security and ebgp-multihop
|
|
|
|
|