Page MenuHomeVyOS Platform
Create Task
Maniphest T3943

"netflow source-ip" prevents image upgrades if IP address does not exist locally
Closed, ResolvedPublicBUG
Actions

Description

If I have set this configuration, and upgrade from 1.2.7 to 1.3.0-epa2, the router will boot up with an error message saying

...
migrate rl-system firewall
configure failed!
vyos-config configuration error

This is the offending configuration.
If I delete it before upgrading, I get no errors on upgrade.
If I keep this config before upgrade, it does not show up in the actual configuration.

set system flow-accounting interface 'eth0.1854'
set system flow-accounting interface 'eth1.40'
set system flow-accounting interface 'eth1.42'
set system flow-accounting interface 'eth1.62'
set system flow-accounting interface 'eth1.65'
set system flow-accounting interface 'eth1.72'
set system flow-accounting interface 'eth1.241'
set system flow-accounting interface 'eth1.287'
set system flow-accounting interface 'eth1.1851'
set system flow-accounting interface 'eth1.2001'
set system flow-accounting interface 'eth1.1852'
set system flow-accounting netflow sampling-rate '128'
set system flow-accounting netflow server 172.18.42.31 port '4739'
set system flow-accounting netflow source-ip '172.18.69.143'
set system flow-accounting netflow version '10'
set system flow-accounting syslog-facility 'daemon'

Details

Difficulty level
Unknown (require assessment)
Version
1.3.0-epa2
Why the issue appeared?
Design mistake
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

olofl created this task.Oct 26 2021, 7:35 AM
pasik added a subscriber: pasik.Oct 26 2021, 9:20 AM
c-po claimed this task.Oct 29 2021, 5:29 PM
c-po added a comment.EditedOct 29 2021, 5:43 PM
[email protected]# commit
[ system flow-accounting ]
Your "netflow source-ip" does not exist in the system

[[system flow-accounting]] failed
Commit failed

Hi @olofl,

can you verify that the source IP address 172.18.69.143 exists on your system?

The migrator could be changed to not set the source-ip at all when it is not locally attached to prevent this error on upgrade.

c-po changed the task status from Open to In progress.Oct 29 2021, 5:43 PM
c-po triaged this task as Normal priority.
c-po edited projects, added VyOS 1.3 Equuleus (1.3.0-epa3), VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
c-po renamed this task from VyOS 1.2.7 upgrade to 1.3.0-epa2 config error if flow-accounting is set to "netflow source-ip" prevents image upgrades if IP address does not exist locally.Oct 31 2021, 1:43 PM
c-po closed this task as Resolved.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa3) board.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.