Page MenuHomeVyOS Platform

Add VRF support to the add system image command
Closed, ResolvedPublicFEATURE REQUEST



I often find myself in the need for upgrading to the latest rolling release (e.g. to mitigate bugs or add new features). I often have setups where management (ssh, ntp) is in a VRF and the default VRF has no internet access. It would be very useful to be able to do "add system image vrf management" (or maybe place the vrf before the URL? I don't have a stron opinion on where to place it).

I think this should be quite easy to implement since it shouldn't take much more than adding something like "ip vrf exec {{ vrf }}" infront of the curl/wget.


Difficulty level
Normal (likely a few hours)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

@moepman can you check command?

curl --interface eth0 --url --output  /home/vyos/vyos.iso

Where eth0 vrf interface...

It does work (eth0 is actually my management vrf interface) if I put the IP for into my /etc/hosts (I guess using a vrf for outgoing DNS requests would be even trickier but this workaround is okay for me, especially since I have a local update mirror reachable via static IP):

vyos@vyos1:~$ grep /etc/hosts
vyos@vyos1:~$ curl --interface eth0 --url --output  /home/vyos/vyos.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  317M  100  317M    0     0  30.0M      0  0:00:10  0:00:10 --:--:-- 33.1M

@moepman can you please try if the change introduced in T2651 is already sufficient for your usecase?

EveNG lab tests have shown its not working as expected (yet)


When connected via SSH to the router in question every command is run inside the VRF, thus a regular add system image will already run in the VRF. Nevertheless it would make sense to execute the command from another VRF.

c-po changed the task status from Open to In progress.Aug 1 2020, 12:07 PM
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

@moepman please checkout the next rolling ISO - at least it works as expected in my LAB

$ add system image <URL> vrf <VRFNAME>

Works fine on latest rolling, thx!

erkin set Issue type to Feature (new functionality).Aug 29 2021, 1:54 PM
erkin removed a subscriber: Active contributors.