Page MenuHomeVyOS Platform

Allow specifying source IP for 'add system image'
Closed, ResolvedPublicFEATURE REQUEST

Description

If your machine has multiple interfaces, the source IP of outgoing connections will be the interface of the default route:

vyos@host:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             -                                 u/u
eth0.101         10.254.0.51/24                    u/u
eth0.115         20.30.40.2/24                    u/u
                 20.30.40.1/24
lo               127.0.0.1/8                       u/u
                 ::1/128
vyos@host:~$
vyos@host:~$ show ip route 0.0.0.0
Routing entry for 0.0.0.0/0
  Known via "ospf", distance 110, metric 10, best
  Last update 16:36:34 ago
  * 10.254.0.251, via eth0.101, weight 1
  * 10.254.0.252, via eth0.101, weight 1
vyos@host:~$

When this machine connects out to the internet, it will establish a connection from eth0.101, which is the default route. However, as that's a RFC1918 address, it will not have internet connectivity unless something upstream is doing NAT.

Historically, in Cisco land, this was resolved by having a loopback interface that the device used as a source IP, but that is becoming harder and harder to manage.

A simpler option would be to an option to add system image of from (or, preferably, a system configuration parameter?) that sets the --interface and related dns params to curl:

     --dns-interface <interface> Interface to use for DNS requests
     --dns-ipv4-addr <address> IPv4 address to use for DNS requests
     --dns-ipv6-addr <address> IPv6 address to use for DNS requests
     --dns-servers <addresses> DNS server addrs to use
...
     --interface <name> Use network INTERFACE (or address)

This means that the add system image command could be something like this;

add system image https://downloads.vyos.io/rolling/current/amd64/vyos-1.3-rolling-202006141853-amd64.iso from eth0.115

However, the current curl binary itself has the --dns-interface command removed, which makes this harder.

vyos@host:~$ curl --dns-interface eth0.115 --interface eth0.115 https://downloads.vyos.io/rolling/current/amd64/vyos-1.3-rolling-202006141853-amd64.iso -O /tmp/vyos.iso
curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
vyos@host:~$

A workaround for the missing curl DNS feature issue is to hard-code the downloads.vyos.io IP address (which, admittedly, IS A TERRIBLE IDEA), and pass that as a curl param, as well:

vyos@host:~$ curl --resolve downloads.vyos.io:443:185.144.208.249 --interface eth0.115 https://downloads.vyos.io/rolling/current/amd64/vyos-1.3-rolling-202006141853-amd64.iso -o /tmp/vyos.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  314M  100  314M    0     0  10.7M      0  0:00:29  0:00:29 --:--:-- 12.0M
vyos@host:~$ ls -al /tmp/vyos.iso
-rw-r--r-- 1 vyos users 329252864 Jun 14 20:44 /tmp/vyos.iso
vyos@host:~$

Edit, with a thought later: Rather than hard-coding IP addresses (which is guaranteed to break someone in the future), dig has a 'bind' param:

vyos@host:~$ dig -bPUB.IP.ADD.RESS +short downloads.vyos.io A | awk '/^[0-9\.]+$/'
185.144.208.249
vyos@host:~$

Which means this could be used to generate the --resolve line:

dig -bPUB.IP.ADD.RESS +short download.vyos.io | awk '/^[0-9\.]+$/ { printf (!x) ? "--resolve downloads.vyos.io:443:"$0 : ","$0; x=1}'

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

Probably is can be set in a curlrc file which is populated from CLI options

c-po claimed this task.
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
erkin set Issue type to Feature (new functionality).Aug 30 2021, 5:26 AM
erkin removed a subscriber: Active contributors.