Age | Commit message (Collapse) | Author |
|
When deleting a route-map, prefix-list or access-list, we must ensure that
this routing policy is not referenced by any other protocol or policy.
When trying to remove a policy still in use, raise an error.
|
|
|
|
* 't2425-policy' of github.com:c-po/vyos-1x:
policy: T2425: re-implement "policy" tree from vyatta-cfg-quagga in XML/Python
|
|
|
|
smoketest: T2216: Containers set ip to test01
|
|
|
|
|
|
|
|
|
|
In the vyatta-cfg-quagga days the access-list(6) or prefix-list(6) sequence
numbers have been made up artifically. The new implementation from vyos-1x will
re-use the rule number specified on the CLI as the sequence number, this we have
to alter the tast cases to get a proper match from the beginning - covering
both the old and new world.
This can be done by using rule numbers that are multiples of 5.
|
|
containers: T2216: Add smoketest
|
|
|
|
In this commit we add more address families within
BGP. This should bring VyOS the ability to enable
the rest of the capabilities within FRR.
Co-authored-by: Cheeze_It <none@none.com>
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols static route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not staticd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols rip route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not ripd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols isis route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not isisd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols ospf route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not ospfd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols bgp route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not bgpd.
|
|
For an unknown reason this regularely fails on the QEMU builds, thus the test
for reading back IP addresses is temporary disabled. There is no big deal here,
as this uses the same methods on 802.1q and here it works and is verified.
|
|
|
|
|
|
This was not possible due to a regression in iproute2 where the erspan_dir key
did not have a value. See [1] for more information.
[1]: https://lore.kernel.org/netdev/3ac544c09842410fb863b332917a03ad@poessinger.com/
|
|
|
|
|
|
Instead of having a dedicated ERSPAN interface type, rather move the specifics
into "interface tunnel". A migrator is not needed as there is yet no LTS release
with this feature and this is considered experimental.
|
|
For L2TPv3 to properly work there must be a routing entry present for the
remote side of the tunnel, or use a directly connected subnet.
|
|
|
|
RFC7348 recommends VXLAN tunnels preserve a 1500 byte MTU.
|
|
When loading a configuration for BGP that contains the graceful-restart
options, the frr-reload script will not return 0, but the config is accepted.
This is a false positive, and related to https://github.com/FRRouting/frr/issues/8403
|
|
|
|
When validating FRR profiles, only load the configuration for each individual
profile instead of all profiles. This is done by a new argument to getFRRconfig()
named endsection='^!' which tells what is the delimiter when a config section
of FRR ends, this is usually "^!", but for BFD profiles this is "^ !", as this
is a new level under the FRR CLI.
|
|
|
|
Every time when set configuration bgp, you need set AS number. There is very
less benefit in this system so the AS number is moved from a tagNode level down
to a leafNode with the name "local-as", same as on the neighbor or peer-group
level.
This changes the CLI configuration from:
set protocols bgp 100 neighbor 10.10.1.2 remote-as 200
to
set protocols bgp local-as 100
set protocols bgp neighbor 10.10.1.2 remote-as 200
|
|
|
|
After upgrading FRR to a newer revision in stable/7.5 branch we can drop the
workaround where an additional whitespace was required after the "router
isis FOOO " statement.
Related to https://github.com/FRRouting/frr/pull/8306
|
|
As we and FRR do not support multiple FRR process instances, there is no need
to make this configurable for a user. We rather rely on a solid default "VyOS".
|
|
Instead of multiple if/else paths, use a common vrf string variable which is
either populated or not. In addtion when interfaces are configured for a given
VRF, harden the regex for config reload.
|
|
VRF support can be tested using:
set vrf name red table 1000
set vrf name red protocols isis domain FOOO
set vrf name red protocols isis net 49.0001.1921.6800.1002.00
set vrf name red protocols isis interface eth1
|
|
|
|
|
|
Within this example a MGMT VRF is used to administer the system, thus also move
the NTP portion into that VRF.
|
|
Private VLAN, also known as port isolation, is a technique in computer
networking where a VLAN contains switch ports that are restricted such that
they can only communicate with a given "uplink". The restricted ports are
called "private ports".
Each private VLAN typically contains many private ports, and a single uplink.
The uplink will typically be a port (or link aggregation group) connected to a
router, firewall, server, provider network, or similar central resource.
Q: https://en.wikipedia.org/wiki/Private_VLAN
|
|
When we leak routes to a VRF it is verified that the target VRF actually
exists.
|
|
|
|
Currently every smoketest does the setup and destruction of the configsession
on its own durin setUp(). This creates a lot of overhead and one configsession
should be re-used during execution of every smoketest script.
In addiion a test that failed will leaf the system in an unconsistent state.
For this reason before the test is executed we will save the running config
to /tmp and the will re-load the config after the test has passed, always
ensuring a clean environment for the next test.
|
|
|
|
|
|
Instead of having the dynamic routing protocols OSPF and BGP residing under
the "protocols vrf <name> [ospf|bgp]" nodes, rather move them directly under
the "vrf name <name> protocols [ospf|bgp]" node. Now all VRF related parts
are placed under the same root node.
This eases the verify steps tremendously, as we do not need to check wheter a
VRF eists or not, it will always exist as we operate under a child node.
|
|
VyOS CLI config:
vrf red {
ospf {
default-information {
originate {
always
}
}
default-metric 30
passive-interface default
}
}
Will create the FRR configuration snippet:
!
router ospf vrf red
auto-cost reference-bandwidth 100
timers throttle spf 200 1000 10000
passive-interface default
default-metric 30
default-information originate always
!
|
|
nptv6: T2518: Support IPv6 address translation
|