In the vyos-1x Git current and equuleus branches, verify_dhcpv6() in python/vyos/configverify.py raises a ConfigError when there is more than one VLAN interface configured to receive a DHCPv6 PD prefix. Specifically, on line 196, sla_id is assigned None because dict_search() splits on the VLAN interface period; the duplicate check then catches the multiple None values.
To reproduce, boot vyos-1.3-rolling-202101061750-amd64.iso and configure as follows:
set interfaces ethernet eth0 vif 10 set interfaces ethernet eth0 vif 11 set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0.10 sla-id 0 set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0.11 sla-id 1 commit
Results:
Site-Level Aggregation Identifier (SLA-ID) must be unique per prefix-delegation! [[interfaces ethernet eth0]] failed Commit failed
verify_dhcpv6() raises a ConfigError when more than one interface is auto-assigned an SLA-ID. data/templates/dhcp-client/ipv6.tmpl handles the auto-assigning of SLA-IDs on lines 39, 46, and 52.
To reproduce, boot vyos-1.3-rolling-202101061750-amd64.iso and configure as follows:
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth2 commit
Results:
Site-Level Aggregation Identifier (SLA-ID) must be unique per prefix-delegation! [[interfaces ethernet eth0]] failed Commit failed
verify_dhcpv6() fails to raise a ConfigError when one interface is auto-assigned an SLA-ID and another is configured with the same SLA-ID.
To reproduce, boot vyos-1.3-rolling-202101061750-amd64.iso and configure as follows:
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth2 sla-id 0 commit cat /run/dhcp6c/dhcp6c.eth0.conf
Results:
### Autogenerated by interface.py ### # man https://www.unix.com/man-page/debian/5/dhcp6c.conf/ interface eth0 { send ia-pd 0; # prefix delegation #0 }; id-assoc pd 0 { prefix ::/64 infinity; prefix-interface eth1 { sla-len 0; sla-id 0; }; prefix-interface eth2 { sla-len 0; sla-id 0; }; };
Note the duplicate sla-id.
Fixes are already written; I will comment with a GitHub PR shortly.