Age | Commit message (Collapse) | Author |
|
|
|
Commit 4f9aa30f ("vrf: bgp: T3523: add route-map support for kernel routes")
added the possibility to also filter BGP routes towards the OS kernel, but the
smoketests failed. Reason was a non working CLI command applied to bgpd.
Thus the VRF route-map and the BGP configuration is now split into two templates,
one to be used for each daemon (zebra and bgpd).
Nevertheless one more bug was found in vyos.frr which currently does not suppoort
calling modify_section() inside a configuration "block". See [1] for more info.
[1]: https://phabricator.vyos.net/T3529
|
|
|
|
|
|
|
|
frr-reload bug"
This reverts commit 49cfd4e0c56a8b7a85128bfdb4a4e19157137129.
|
|
When deleting a route-map, prefix-list or access-list, we must ensure that
this routing policy is not referenced by any other protocol or policy.
When trying to remove a policy still in use, raise an error.
|
|
|
|
* 't2425-policy' of github.com:c-po/vyos-1x:
policy: T2425: re-implement "policy" tree from vyatta-cfg-quagga in XML/Python
|
|
|
|
smoketest: T2216: Containers set ip to test01
|
|
|
|
|
|
|
|
|
|
In the vyatta-cfg-quagga days the access-list(6) or prefix-list(6) sequence
numbers have been made up artifically. The new implementation from vyos-1x will
re-use the rule number specified on the CLI as the sequence number, this we have
to alter the tast cases to get a proper match from the beginning - covering
both the old and new world.
This can be done by using rule numbers that are multiples of 5.
|
|
containers: T2216: Add smoketest
|
|
|
|
In this commit we add more address families within
BGP. This should bring VyOS the ability to enable
the rest of the capabilities within FRR.
Co-authored-by: Cheeze_It <none@none.com>
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols static route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not staticd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols rip route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not ripd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols isis route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not isisd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols ospf route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not ospfd.
|
|
Removing the Zebra/Linux Kernel route-map added by "set protocols bgp route-map"
was not removed once applied. This was because the removal must happen within
the zebra daemon and not bgpd.
|
|
For an unknown reason this regularely fails on the QEMU builds, thus the test
for reading back IP addresses is temporary disabled. There is no big deal here,
as this uses the same methods on 802.1q and here it works and is verified.
|
|
|
|
|
|
This was not possible due to a regression in iproute2 where the erspan_dir key
did not have a value. See [1] for more information.
[1]: https://lore.kernel.org/netdev/3ac544c09842410fb863b332917a03ad@poessinger.com/
|
|
|
|
|
|
Instead of having a dedicated ERSPAN interface type, rather move the specifics
into "interface tunnel". A migrator is not needed as there is yet no LTS release
with this feature and this is considered experimental.
|
|
For L2TPv3 to properly work there must be a routing entry present for the
remote side of the tunnel, or use a directly connected subnet.
|
|
|
|
RFC7348 recommends VXLAN tunnels preserve a 1500 byte MTU.
|
|
When loading a configuration for BGP that contains the graceful-restart
options, the frr-reload script will not return 0, but the config is accepted.
This is a false positive, and related to https://github.com/FRRouting/frr/issues/8403
|
|
|
|
When validating FRR profiles, only load the configuration for each individual
profile instead of all profiles. This is done by a new argument to getFRRconfig()
named endsection='^!' which tells what is the delimiter when a config section
of FRR ends, this is usually "^!", but for BFD profiles this is "^ !", as this
is a new level under the FRR CLI.
|
|
|
|
Every time when set configuration bgp, you need set AS number. There is very
less benefit in this system so the AS number is moved from a tagNode level down
to a leafNode with the name "local-as", same as on the neighbor or peer-group
level.
This changes the CLI configuration from:
set protocols bgp 100 neighbor 10.10.1.2 remote-as 200
to
set protocols bgp local-as 100
set protocols bgp neighbor 10.10.1.2 remote-as 200
|
|
|
|
After upgrading FRR to a newer revision in stable/7.5 branch we can drop the
workaround where an additional whitespace was required after the "router
isis FOOO " statement.
Related to https://github.com/FRRouting/frr/pull/8306
|
|
As we and FRR do not support multiple FRR process instances, there is no need
to make this configurable for a user. We rather rely on a solid default "VyOS".
|
|
Instead of multiple if/else paths, use a common vrf string variable which is
either populated or not. In addtion when interfaces are configured for a given
VRF, harden the regex for config reload.
|
|
VRF support can be tested using:
set vrf name red table 1000
set vrf name red protocols isis domain FOOO
set vrf name red protocols isis net 49.0001.1921.6800.1002.00
set vrf name red protocols isis interface eth1
|
|
|
|
|
|
Within this example a MGMT VRF is used to administer the system, thus also move
the NTP portion into that VRF.
|
|
Private VLAN, also known as port isolation, is a technique in computer
networking where a VLAN contains switch ports that are restricted such that
they can only communicate with a given "uplink". The restricted ports are
called "private ports".
Each private VLAN typically contains many private ports, and a single uplink.
The uplink will typically be a port (or link aggregation group) connected to a
router, firewall, server, provider network, or similar central resource.
Q: https://en.wikipedia.org/wiki/Private_VLAN
|
|
When we leak routes to a VRF it is verified that the target VRF actually
exists.
|
|
|