summaryrefslogtreecommitdiff
path: root/interface-definitions/vrf.xml.in
AgeCommit message (Collapse)Author
2021-11-28ospfv3: T3928: add VRF supportChristian Poessinger
set vrf name foo protocols ospfv3
2021-11-15vrf: T3960: when adding multiple VRFs and VNIs - do not delete previous onesChristian Poessinger
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
2021-08-20xml: remove superfluous "interface" prefix from interface includesChristian Poessinger
2021-08-13vrf: T3734: T3728: vni must be configured with a higher priority then bgpdChristian Poessinger
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp.
2021-07-17VRF: T3655: proper connection tracking for VRFszsdc
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones
2021-05-06isis: xml: T3236: restructure include files and make them easier to recognizeChristian Poessinger
2021-05-06ospf: xml: T3236: restructure include files and make them easier to recognizeChristian Poessinger
2021-04-29bgp: xml: T2387: restructure include files and make them easier to recognizeChristian Poessinger
2021-04-07vrf: T3344: re-add virtual network identifierChristian Poessinger
Commit 548d9057e3e (vrf: T3344: move dynamic routing protocols under "vrf name <name> protocols") temporary removed the possibility to specify the VNI for a given VRF to to changing of the CLI configuration nodes. As VNI is set inside zebra, we can re-use the now widely deployed frr python library to configure and change the configuration without any interference to other FRR daemons.
2021-03-29bgp: T1711: remove ASN tagNode and move to "local-as"Christian Poessinger
Every time when set configuration bgp, you need set AS number. There is very less benefit in this system so the AS number is moved from a tagNode level down to a leafNode with the name "local-as", same as on the neighbor or peer-group level. This changes the CLI configuration from: set protocols bgp 100 neighbor 10.10.1.2 remote-as 200 to set protocols bgp local-as 100 set protocols bgp neighbor 10.10.1.2 remote-as 200
2021-03-23vrf: T31: bump priority to 299 - still before any interface or serviceChristian Poessinger
2021-03-21isis: T3417: add VRF supportChristian Poessinger
VRF support can be tested using: set vrf name red table 1000 set vrf name red protocols isis domain FOOO set vrf name red protocols isis net 49.0001.1921.6800.1002.00 set vrf name red protocols isis interface eth1
2021-03-17vrf: T3344: adjust routing protocol priorities to be +1 after default VRFChristian Poessinger
2021-03-14static: T3280: move building blocks to subfolderChristian Poessinger
As the amount of include files now has reached a certain amount, it is getting more and more crowsded, thuse introducing "per topic" subdirectories on the filesystem to keep a clean structure makes sense.
2021-03-14xml: T1579: re-arrange xml interface include building blocksChristian Poessinger
As the amount of include files now has reached a certain amount, it is getting more and more crowsded, thuse introducing "per topic" subdirectories on the filesystem to keep a clean structure makes sense.
2021-03-14vrf: T3344: set explicit priority values for routing protocolsChristian Poessinger
We must ensure that an interface is already added to a VRF before it is referenced inside a VRF context, e.g. OSPF.
2021-03-14vrf: T3344: move dynamic routing protocols under "vrf name <name> protocols"Christian Poessinger
Instead of having the dynamic routing protocols OSPF and BGP residing under the "protocols vrf <name> [ospf|bgp]" nodes, rather move them directly under the "vrf name <name> protocols [ospf|bgp]" node. Now all VRF related parts are placed under the same root node. This eases the verify steps tremendously, as we do not need to check wheter a VRF eists or not, it will always exist as we operate under a child node.
2021-02-05vrf: T2450: provide full protocol support in XML and Python with new CLIChristian Poessinger
2021-01-16vrf: T31: migrate to get_config_dict()Christian Poessinger
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
2020-07-04vrf: T31: lower startup priority to 60Christian Poessinger
VRFs should be created as early as possible.
2020-05-30vrf: T2530: instance name must be 15 characters or lessChristian Poessinger
2020-04-03vrf: T31: name of isntance is not allowed to mimic an interface nameChristian Poessinger
Every VRF that's created is not allowed to be named like any interface that can be active on the system. This includes eth, lan, br, dum, lo .... In theoriy this would work but as soon as such a regular interface is created things will go sideways rather quick thus we limit the namespace which can be used to create a VRF. Appending an interface name is still possible like coolvrf-eth0.
2020-03-29vrf: T2178: table id must start at 100Christian Poessinger
... to not cause any issues with buildin tables or PBR. PBR uses table 1 - 200 so there is a small overlap (by intention)
2020-03-04vrf: T31: rename 'vrf disable-bind-to-all ipv4' to 'vrf bind-to-all'Christian Poessinger
By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to an l3mdev and processes may bind to the same port if they bind to an l3mdev. TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling the 'vrf bind-to-all' option.
2020-03-04vrf: T31: improve help for routing tableChristian Poessinger
2020-03-04vrf: T31: reuse interface-description.xml.i for instance descriptionChristian Poessinger
2020-03-04vrf: T31: use embedded regex on 'vrf name' instead of python scriptChristian Poessinger
2020-03-04vrf: T31: initial support for a VRF backend in XML/PythonThomas Mangin
This is a work in progress to complete T31 whoever thought it was less than 1 hour of work was ..... optimistic. Only VRF vreation and show is supported right now. No interface can be bound to any one VRF.