Age | Commit message (Collapse) | Author |
|
The following list shows the mapping of VyOS tunnel encapsulation modes to the
corresponding Linux modes.
VyOS Linux
gre gre
gre-bridge gretap
ipip ipip
ipip6 ipip6
ip6ip6 ip6ip6
ip6gre ip6gre
sit sit
Besides gre-bridge this is pretty consistent. As bridge interfaces are also
called tap interfaces gre-bridge will be renamed to gretap to make the
post-processing much easier.
This means (in detail) that there are no more child classes of _Tunnel and
there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
|
|
|
|
|
|
When moving from Quagga to FRR the BGP address-family was extended by an
invalid peer-group statement. FRR always moved a configured peer-group
from the AFI level down to the neighbor level.
With the migration to FRR reload we must take care about this by ourselves.
|
|
|
|
|
|
|
|
|
|
|
|
Commit 0f8beae7426 ("system: T2486: migrate disable-dhcp-nameservers to
name-servers-dhcp") added a migration script for moving the name-servers.
A small glitch was introduced when referencing vif-c interfaces unter a vif-s
interface where a variable got referenced which was not defined.
|
|
If the RPKI cache name equals the configured address, renaming is not possible,
as rename expects the new path to not exist.
|
|
new CLI
|
|
|
|
When per interface OSPF configuration is migrated into "protocols ospf interface"
we should cleanup and empty ip {} node unter the individual interface. This
makes the config look more nicely.
|
|
(cherry picked from commit 32822d5e1831dff5cd904c0cb5886f7d737afab6)
|
|
|
|
interface"
For easier maintenance and operability move the interface specific protocol
setting of OSPF to the OSPF protocol section. This is now also in-line with IS-IS.
This means to migrate:
ethernet eth0 {
vif 202 {
ip {
ospf {
authentication {
md5 {
key-id 10 {
md5-key vyosvyos
}
}
}
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
}
}
to
protocols {
ospf {
interface eth0.201 {
authentication {
md5 {
key-id 10 {
md5-key vyosvyos
}
}
}
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
|
|
This commit provides the implementation of the OSPF CLI with a Jinja2 template
that is loaded by FRR reload.
|
|
|
|
|
|
|
|
|
|
Migrate from
ethernet eth1 {
offload-options {
generic-receive on
generic-segmentation on
scatter-gather on
tcp-segmentation on
udp-fragmentation on
}
}
to
ethernet eth1 {
offload {
ufo
tso
sg
gso
gro
}
}
|
|
|
|
|
|
|
|
IPv6 enable can be considered once the ipv6 node is present!
|
|
When VyOS boots the first time with the default configuration there it actually
no "interface ethernet" node present in the config, thus we must exit the
migrator.
Without this change vyos.configtree.ConfigTreeError: Path [b'interfaces ethernet']
doesn't exist will be thrown.
|
|
By design a CLI node should not be named by its plural but rather describe it
as singular.
|
|
After migrating the ethernet interfaces from the good old Perl days the
smp-affinity node yet has no effect anymore as the code is still missing (my
bad, sorry).
Drop the smp-affinity node and rather use tuned instead with the
network-throughput or network-latency profile.
- network-throughput: Profile for throughput network tuning. It is based on the
throughput-performance profile. It additionaly increases kernel network buffers.
- network-latency: Profile for low latency network tuning. It is based on the
latency-performance profile. It additionaly disables transparent hugepages,
NUMA balancing and tunes several other network related sysctl parameters.
I'd set network-throughput as the default on a new set system option performance
<throughput | latency> CLI node which is present in the default configuration.
https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
|
|
definition
|
|
|
|
As VyOS vrux (1.2.7) requires a mirgator (1-to-2) for the MPPE node change
(T2829) we need to shift all other migrators in 1.3 by one.
As migrators probe the existance of nodes no negative side-effects are
expected.
|
|
|
|
A test statement was still present in the production code introduced in commit
efeac80f8 ("pppoe-server: T2829: migrate 'ppp-options mppe' to leafNode").
This has been fixed.
|
|
Required to get a common CLI for all services provided by Accel-PPP. Once the
CLI for each service is consitent - Jinja2 templates can be reused together
with get_config_dict().
|
|
* move "network-settings gateway-address" to "gateway-address"
* move "network-settings client-ip-settings" to "client-ip-pool"
|
|
Preparation before using get_config_dict() and common Jinja2 templates.
|
|
In order to reuse as much as possible before migrationg to get_config_dict()
and re-use Jinja2 snippets the name-server node must be moved one level up to
'set vpn sstp name-server'.
|
|
|
|
|
|
|
|
|
|
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use
different CLI nodes for the same functionality. PPPoE has "connect-on-demand"
to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose.
Rename WWAN "ondemand" node to "connect-on-demand".
|
|
In the past we had to provide the ethertype value used for the VLAN
protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q).
This should be changed to a more user friendly CLI node (protocol over
ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in
presenting RAW information from the ethernet header to the user. Also iproute2
calls it protocol which makes way more sense over the "raw" value.
|
|
|
|
The current CLI did not support multiple prefix-delegations per interface. Some
ISPs only send one /64 to a client per prefix-delegation request, but they
allow the customer to request multiple prefixes.
The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a
tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0).
In the past the user needed to know what prefix will be assigned and required
to calculate the sla-len by himself. The 'sla-len' node was dropped and is now
calculated in the background from the 'dhcpv6-options pd 0 length' node.
It is no longer mandatory to supply the 'sla-id' node, if sla-id is not
specified it is 'guessed' by counting upwards.
Example configuration:
----------------------
ethernet eth1 {
address dhcpv6
dhcpv6-options {
pd 0 {
length 56
interface eth2 {
address 1
}
}
}
}
This will request a /56 assignment from the ISP and will delegate a /64 network
to interface eth2. VyOS will use the interface address ::1 on the delegate
interface (eth2) as its local address.
|
|
Migration files on the storage should be done one time by a migration script
instead of every time the configuration changes. Moving this to an older
migration script is fine as this is around for a long time and all rolling
releases are already up2date. It only affects updates from VyOS 1.2 series.
|
|
As of now when adding new credentials for any SNMPv3 user we submit the
credential either plaintext or encrypted. A plaintext credential will be hashed
by SNMPd in the background and then passed back into the CLI so it's not stored
in cleartext. This feels like the wrong way in changing the CLI content with
data produced by a 3rd party daemon which implements the service.
It feels like the tail wiggles the entire dog.
This should be changed in the following way:
- After retrieving the plaintext password from CLI, use Python to hash the key
in advance
- Re-populate the encrypted key into the CLI and drop the plaintext one
- Generate service configuration and continue startup of SNMPd
This also fixes a race condition when SNMPd started up but not properly
provided the hasehd keys in the configuration resulting in a ConfigurationError.
Now as we also support binding SNMPd to a VRF this fixes a deadlock situation
on bootup as we can only bind late to the VRF and require up to 5 restarts of
the service - but the service will never start.
|
|
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear
if the user specified "info" as loglevel instead of "INFO". There was no input
validation done in 1.2 but this is now enforced in 1.3.
In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the
config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If
an invalid loglevel is found it will be set to info.
|