Age | Commit message (Collapse) | Author |
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
(cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
|
|
add mtu to default and specified class
update smoke test
(cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
(cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
(cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
(cherry picked from commit a72ededa0b29c25efaab52f2db170c34eba50248)
|
|
(cherry picked from commit 77a25e95da48549f2791b677f4ba187e547b1c6a)
|
|
(cherry picked from commit 8f2534e9654b61b7db45788bb52ac6cf8017b054)
|
|
ospfv3: T6087: add support to redistribute IS-IS routes (backport #3078)
|
|
(cherry picked from commit 6a97fdfa1ba9b4135a51498ea5acabb804256b2c)
|
|
(cherry picked from commit 256e939b2cd308e1e8be9dd72ccec6e87d58504b)
|
|
settings
(cherry picked from commit 5ee89f46096626ca8aac37da9237635e3d17766a)
|
|
is a network.
(cherry picked from commit a7a0c90404d03f7deccb74a46d0fe1f99116907a)
|
|
Example:
vyos@vyos# set protocols ospfv3 redistribute bgp
Possible completions:
metric OSPF default metric
metric-type OSPF metric type for default routes (default: 2)
route-map Specify route-map name to use
(cherry picked from commit ed2c288c8a9031f91acf76d20b84e2002696981c)
|
|
(cherry picked from commit b984cf8d179cf3d4b16e7f3e5cf94f822055cb04)
|
|
(cherry picked from commit 36883ebf0f820003ec86e14e7612ce113630def2)
|
|
required
(cherry picked from commit 6f7d1e15665655e37e8ca830e28d9650445c1217)
|
|
remove obsolete imports
(cherry picked from commit bc9ccaeda54279022b73a806fa8aa77c523fbecc)
|
|
|
|
This extends commit dbe8c613b ("bridge: T6043: do not call vxlan dependency if
interface does not exist (yet)") with a proper cleanup of additional interfaces
created during the testrun.
(cherry picked from commit 4cb80868ab3ab35453d8609392ca470a02764fac)
|
|
In order to keep the proper priority list during system startup and on initial
setup/commit for this feature the dependent VXLAN code should not be called,
if the interface in question does not exist (yet).
(cherry picked from commit dbe8c613bb80bc8b714398825054ade5942ea75b)
|
|
* set system login user <name> disable
(cherry picked from commit 6e0b146ed3b90da577c3ecba38836883fd435e7a)
|
|
context
* set vrf name <name> ip nht no-resolve-via-default
* set vrf name <name> ipv6 nht no-resolve-via-default
(cherry picked from commit 0fafc4bcdb9efc03796ddab0832471b11ba1bbe0)
|
|
* set system ip nht no-resolve-via-default
* set system ipv6 nht no-resolve-via-default
(cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
(cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
|
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem (backport #2988)
|
|
(cherry picked from commit 0f8bf6bd0fb29cfd638e9920674e7ad1d1d25350)
|
|
(cherry picked from commit ac2d7dfac6073d0f232191ec494f78a8d12889e4)
|
|
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8
The nftables format for conntrack timeouts is different.
Fix this.
(cherry picked from commit 24860e092426bf0bb09c2d164d66330be13bcd77)
|
|
(cherry picked from commit ef87bd7320da2750de4d93c14314965704f3dfbd)
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
(cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
|
|
(cherry picked from commit f3205d6dd1ea04adecbd8c857c80015ed53f2140)
|
|
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
(cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
|
|
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
|
|
(cherry picked from commit 17894f6f5d97df7d3ac1cf37ce0e1a96b8fa8e8b)
|
|
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
|
|
Always enable VRF strict_mode
(cherry picked from commit 117fbcd6237b59f54f2c1c66986a8ce073808c84)
|
|
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null>
* set protocols bgp parameters allow-martian-nexthop
* set protocols bgp parameters no-hard-administrative-reset"
(cherry picked from commit fff6004d46c5b939800fc3e61fe2102224625c0d)
|
|
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
(cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
|
|
(cherry picked from commit 586863bf3a9cb1dd1c0d74b628d00096b905740f)
|
|
(cherry picked from commit e1b63b9b1704a55ccbf75e7131651c85dd318107)
|
|
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node
to explicitly change this.
* set vpn ipsec site-to-site peer <name> replay-window <0-2040>
(cherry picked from commit 4d943d8fbf1253154897179b0e3ea2d93b898197)
|
|
(cherry picked from commit faa4c87d93c7808c6a4edd8eddd29049ec8ec3fa)
|
|
T5971: Rewritten ppp options in accel-ppp services (backport #2891)
|
|
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor (backport #2903)
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
(cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
|
|
|
|
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
|