Age | Commit message (Collapse) | Author |
|
|
|
Within this example a MGMT VRF is used to administer the system, thus also move
the NTP portion into that VRF.
|
|
Private VLAN, also known as port isolation, is a technique in computer
networking where a VLAN contains switch ports that are restricted such that
they can only communicate with a given "uplink". The restricted ports are
called "private ports".
Each private VLAN typically contains many private ports, and a single uplink.
The uplink will typically be a port (or link aggregation group) connected to a
router, firewall, server, provider network, or similar central resource.
Q: https://en.wikipedia.org/wiki/Private_VLAN
|
|
When we leak routes to a VRF it is verified that the target VRF actually
exists.
|
|
|
|
Currently every smoketest does the setup and destruction of the configsession
on its own durin setUp(). This creates a lot of overhead and one configsession
should be re-used during execution of every smoketest script.
In addiion a test that failed will leaf the system in an unconsistent state.
For this reason before the test is executed we will save the running config
to /tmp and the will re-load the config after the test has passed, always
ensuring a clean environment for the next test.
|
|
|
|
|
|
Instead of having the dynamic routing protocols OSPF and BGP residing under
the "protocols vrf <name> [ospf|bgp]" nodes, rather move them directly under
the "vrf name <name> protocols [ospf|bgp]" node. Now all VRF related parts
are placed under the same root node.
This eases the verify steps tremendously, as we do not need to check wheter a
VRF eists or not, it will always exist as we operate under a child node.
|
|
VyOS CLI config:
vrf red {
ospf {
default-information {
originate {
always
}
}
default-metric 30
passive-interface default
}
}
Will create the FRR configuration snippet:
!
router ospf vrf red
auto-cost reference-bandwidth 100
timers throttle spf 200 1000 10000
passive-interface default
default-metric 30
default-information originate always
!
|
|
nptv6: T2518: Support IPv6 address translation
|
|
|
|
|
|
|
|
* set protocols bgp ASN address-family ipv4-unicast maximum-paths
* set protocols bgp ASN address-family ipv4-unicast maximum-paths-ibgp
* set protocols bgp ASN address-family ipv6-unicast maximum-paths
* set protocols bgp ASN address-family ipv6-unicast maximum-paths-ibgp
|
|
|
|
Commit 52ee92b8 ("pppoe: T3386: Fix client ip-pool stop range") fixed the
generated client range configuration line for Accel-PPP but missed out altering
the testcase, too which validates the generated configuration line.
|
|
|
|
|
|
|
|
* 'T3379' of https://github.com/sever-sever/vyos-1x:
dhcpv6-server: T3379: Add option global-parameters name-server
|
|
Support setting additional options to the GENEVE tunnel like:
- ttl
- tos
- do not fragment bit
- ipv6 flowlabel
|
|
Verify proper configuration of VXLAN parameters for
- source-interface
- source-address
- remote
- vni
- group
Before it was only verified if the VXLAN tunnel interface was configured
at all but not if the parameters are correct, too.
|
|
|
|
Commit 49bc3f1e ("vif: T3349: use fixed ordering when enabling parent and child
interface") also shipped a smoketest to verify the functionality of the parent
admin up/down problematic from T3349. The generic testcase failed for the VLAN
aware bridge as vlan-awarenes was not turned on.
|
|
When a VIF/VLAN interface is placed in admin down state but the lower
interface, serving the vlan, is moved from admin down -> admin up, all its
vlan interfaces will be placed in admin up state, too.
This is bad as a VLAN interface will become admin up even if its specified as
admin down after a reboot.
To reproduce:
set interfaces ethernet eth1 vif 20 disable
set interfaces ethernet eth1 disable
commit
delete interfaces ethernet eth1 disable
commit
Now check the interface state and it returns UP,LOWER_UP
7: eth1.20@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:b3:09:07 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:feb3:907/64 scope link
valid_lft forever preferred_lft forever
|
|
There had been four implementations of "ip -d -j link show interface" scattered
accross the codebase. Those implementations have now been combined into a new
helper:
vyos.util.get_json_iface_options()
|
|
|
|
Rename CLI options local-ip to source-address and remote-ip to remote to
get a consistent CLI experience for the user.
|
|
|
|
|
|
|
|
Streamline the CLI configuration where we try to use remote on other interfaces
like vxlan, geneve.
|
|
Streamline the CLI configuration where we try to use source-address when
creating connections which are especially sourced from a discrete address.
|
|
The following list shows the mapping of VyOS tunnel encapsulation modes to the
corresponding Linux modes.
VyOS Linux
gre gre
gre-bridge gretap
ipip ipip
ipip6 ipip6
ip6ip6 ip6ip6
ip6gre ip6gre
sit sit
Besides gre-bridge this is pretty consistent. As bridge interfaces are also
called tap interfaces gre-bridge will be renamed to gretap to make the
post-processing much easier.
This means (in detail) that there are no more child classes of _Tunnel and
there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
|
|
Commit 4bf55f97 ("BGP: T2100: Adding RFC8212 option toggle.") added a CLI option
to enable RFC8212 ebgp-requires-policy checks. The extended smoketests assumed
that this will lead to an FRR configuration line of "bgp ebgp-requires-policy" -
which is not the case as this is a default option and FRR hides default
options from the config.
In order to properly verify this functionality we must conduct the negative test
and ensure the option is not present in the CLI at all.
|
|
bgp: T2100: Changing RFC8212 behavior and option toggle
|
|
In this commit we add the default operation within BGP
to have RFC8212 disabled for eBGP routes. This default
should preserve the normal behavior for VyOS from earlier
releases of FRR to the current latest release. Another
option that we add is the ability to toggle whether or
not RFC8212 is enabled or disabled.
|
|
|
|
Only missing is the route-map smoketest which tens to become very "heavy"
|
|
|
|
|
|
|
|
|
|
.. if BFD connections will be source from invalid sources this will
crash bfdd in FRR 7.3
|
|
When moving from Quagga to FRR the BGP address-family was extended by an
invalid peer-group statement. FRR always moved a configured peer-group
from the AFI level down to the neighbor level.
With the migration to FRR reload we must take care about this by ourselves.
|
|
* protocols bgp 65000 neighbor 192.0.2.1 address-family ipv4-unicast addpath-tx-all
* protocols bgp 65000 neighbor 192.0.2.1 address-family ipv4-unicast addpath-tx-per-as
* protocols bgp 65000 neighbor 2001:db8::1 address-family ipv6-unicast addpath-tx-all
* protocols bgp 65000 neighbor 2001:db8::1 address-family ipv6-unicast addpath-tx-per-as
|
|
|
|
|
|
|