Page MenuHomeVyOS Platform
Create Task
Maniphest T6288

policy route ipv4 rule order behaviour
Closed, ResolvedPublicBUG
Actions

Description

Hello there,

I have observed a weird behaviour with policy route where packets are matched against all rules instead of the first hit and resulted at the last match. I followed the multiple-uplinks examples here: https://docs.vyos.io/en/latest/configuration/policy/examples.html#multiple-uplinks

Here is a snippet of the show policy P.S local-route section is irrelevant:

local-route {
    rule 100 {
        set {
            table 40
        }
        source {
            address 10.1.40.10
        }
    }
}
route PBR {
    default-log
    interface bond01.20
    rule 5 {
        destination {
            address 10.1.1.216
        }
        set {
            table main
        }
        source {
            address 10.1.10.101
        }
    }
    rule 10 {
        description "route to oci-syd using table 10"
        log
        set {
            table 10
        }
        source {
            address 10.1.10.101
        }
    }
}

I use an ELK stack to monitor the syslog in my homelab and it has been working well, please find the screenshot:
{F4292518}

I can't really tell the strict order of route rules the ping has gone through from ELK, but you can see it has hit all rules (default, 5 and 10) and eventually the result was the decision of rule 10.

Now I was under the impression that the packet would have hit rule 5 and the decision would be made, instead of going further down the rule chain and hit rule 10.

If anyone could enlighten me the expected policy route behaviour it would great, or there maybe configuration errors from my side too, please let me know.

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.5-rolling-202404280021
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

e.pc.yuan created this task.Wed, May 1, 3:07 AM
Viacheslav triaged this task as Normal priority.Wed, May 1, 5:31 AM
pasik added a subscriber: pasik.Wed, May 1, 8:13 AM
e.pc.yuan updated the task description. (Show Details)Wed, May 1, 9:56 PM
e.pc.yuan updated the task description. (Show Details)
Viacheslav added a subscriber: Viacheslav.Thu, May 2, 6:03 AM

@e.pc.yuan Read please https://blog.vyos.io/feature-requests-and-bug-reports-guidelines

A sequence of configuration commands or a complete configuration file is required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, and a partial config is neither! At least not until we implement a "merge from the CLI" feature that allows pasting config file chunks into a session.
e.pc.yuan added a comment.Fri, May 3, 2:12 AM

Thanks for the heads up, first time reporting an issue, keep up the great work! Here is output of show configuration commands | strip-private

set firewall global-options state-policy invalid action 'drop'
set firewall group address-group WG_TRUSTED address 'xxx.xxx.51.1'
set firewall group address-group WG_TRUSTED address 'xxx.xxx.51.2'
set firewall group network-group IOT network 'xxx.xxx.20.0/24'
set firewall group network-group IOT network 'xxx.xxx.30.0/24'
set firewall group network-group RFC1918 network 'xxx.xxx.0.0/8'
set firewall group network-group RFC1918 network 'xxx.xxx.0.0/12'
set firewall group network-group RFC1918 network 'xxx.xxx.0.0/16'
set firewall group network-group TRUSTED network 'xxx.xxx.1.0/24'
set firewall group network-group TRUSTED network 'xxx.xxx.10.0/24'
set firewall group network-group TRUSTED network 'xxx.xxx.40.0/24'
set firewall group network-group WIREGUARD network 'xxx.xxx.0.0/30'
set firewall group network-group WIREGUARD network 'xxx.xxx.0.0/30'
set firewall group network-group WIREGUARD network 'xxx.xxx.51.0/30'
set firewall group network-group WIREGUARD network 'xxx.xxx.229.0/30'
set firewall ipv4 forward filter default-action 'drop'
set firewall ipv4 forward filter rule 10 action 'accept'
set firewall ipv4 forward filter rule 10 description 'default configuration'
set firewall ipv4 forward filter rule 10 state 'established'
set firewall ipv4 forward filter rule 10 state 'related'
set firewall ipv4 forward filter rule 20 action 'accept'
set firewall ipv4 forward filter rule 20 description 'allow trusted networks'
set firewall ipv4 forward filter rule 20 source group network-group 'TRUSTED'
set firewall ipv4 forward filter rule 30 action 'accept'
set firewall ipv4 forward filter rule 30 description 'accept nanopik2-s905 to homeassistant2'
set firewall ipv4 forward filter rule 30 destination address 'xxx.xxx.1.194'
set firewall ipv4 forward filter rule 30 destination port '1883'
set firewall ipv4 forward filter rule 30 protocol 'tcp'
set firewall ipv4 forward filter rule 30 source address 'xxx.xxx.20.122'
set firewall ipv4 forward filter rule 40 action 'drop'
set firewall ipv4 forward filter rule 40 description 'drop iot to trusted networks'
set firewall ipv4 forward filter rule 40 destination group network-group 'TRUSTED'
set firewall ipv4 forward filter rule 40 log
set firewall ipv4 forward filter rule 40 source group network-group 'IOT'
set firewall ipv4 forward filter rule 50 action 'accept'
set firewall ipv4 forward filter rule 50 description 'allow iot networks'
set firewall ipv4 forward filter rule 50 source group network-group 'IOT'
set firewall ipv4 forward filter rule 60 action 'accept'
set firewall ipv4 forward filter rule 60 description 'allow wireguard network groups'
set firewall ipv4 forward filter rule 60 source group network-group 'WIREGUARD'
set firewall ipv4 input filter default-action 'drop'
set firewall ipv4 input filter rule 10 action 'accept'
set firewall ipv4 input filter rule 10 description 'default configuration'
set firewall ipv4 input filter rule 10 state 'established'
set firewall ipv4 input filter rule 10 state 'related'
set firewall ipv4 input filter rule 20 action 'accept'
set firewall ipv4 input filter rule 20 description 'allow trusted networks'
set firewall ipv4 input filter rule 20 source group network-group 'TRUSTED'
set firewall ipv4 input filter rule 30 action 'accept'
set firewall ipv4 input filter rule 30 description 'allow iot networks'
set firewall ipv4 input filter rule 30 source group network-group 'IOT'
set firewall ipv4 input filter rule 40 action 'accept'
set firewall ipv4 input filter rule 40 description 'allow wireguard networks'
set firewall ipv4 input filter rule 40 source group network-group 'WIREGUARD'
set firewall ipv4 output filter default-action 'accept'
set interfaces bonding bond01 address 'xxx.xxx.1.1/24'
set interfaces bonding bond01 description 'Bonding SFP+ To CRS309'
set interfaces bonding bond01 hash-policy 'layer3+4'
set interfaces bonding bond01 member interface 'eth2'
set interfaces bonding bond01 member interface 'eth3'
set interfaces bonding bond01 vif 20 address 'xxx.xxx.10.1/24'
set interfaces bonding bond01 vif 20 description 'UAP'
set interfaces bonding bond01 vif 50 address 'xxx.xxx.20.1/24'
set interfaces bonding bond01 vif 50 description 'UAPIOT'
set interfaces bonding bond01 vif 70 address 'xxx.xxx.30.1/24'
set interfaces bonding bond01 vif 70 description 'UAP_IOT'
set interfaces ethernet eth2 disable-flow-control
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:c8'
set interfaces ethernet eth3 disable-flow-control
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:c9'
set interfaces ethernet eth4 address 'dhcp'
set interfaces ethernet eth4 description 'WAN'
set interfaces ethernet eth4 hw-id 'xx:xx:xx:xx:xx:d1'
set interfaces ethernet eth5 address 'xxx.xxx.40.1/24'
set interfaces ethernet eth5 description 'LAN_10G'
set interfaces ethernet eth5 hw-id 'xx:xx:xx:xx:xx:d0'
set interfaces loopback lo
set interfaces wireguard wg0 address 'xxx.xxx.0.2/24'
set interfaces wireguard wg0 description 'oci-mel'
set interfaces wireguard wg0 ip adjust-mss 'clamp-mss-to-pmtu'
set interfaces wireguard wg0 peer oci-mel address 'xxx.xxx.xxx.xxx'
set interfaces wireguard wg0 peer oci-mel allowed-ips 'xxx.xxx.0.1/32'
set interfaces wireguard wg0 peer oci-mel allowed-ips 'xxx.xxx.1.0/24'
set interfaces wireguard wg0 peer oci-mel allowed-ips 'xxx.xxx.10.0/24'
set interfaces wireguard wg0 peer oci-mel allowed-ips 'xxx.xxx.0.0/0'
set interfaces wireguard wg0 peer oci-mel persistent-keepalive '25'
set interfaces wireguard wg0 peer oci-mel port '51860'
set interfaces wireguard wg0 peer oci-mel preshared-key 'rMxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg0 peer oci-mel public-key 'Jkxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg0 private-key xxxxxx
set interfaces wireguard wg2 address 'xxx.xxx.0.2/24'
set interfaces wireguard wg2 description 'aws-us-west-2-virmig'
set interfaces wireguard wg2 ip adjust-mss 'clamp-mss-to-pmtu'
set interfaces wireguard wg2 peer aws-us-west-2 address 'xxx.xxx.xxx.xxx'
set interfaces wireguard wg2 peer aws-us-west-2 allowed-ips 'xxx.xxx.0.1/32'
set interfaces wireguard wg2 peer aws-us-west-2 allowed-ips 'xxx.xxx.1.0/24'
set interfaces wireguard wg2 peer aws-us-west-2 allowed-ips 'xxx.xxx.10.0/24'
set interfaces wireguard wg2 peer aws-us-west-2 allowed-ips 'xxx.xxx.0.0/0'
set interfaces wireguard wg2 peer aws-us-west-2 persistent-keepalive '25'
set interfaces wireguard wg2 peer aws-us-west-2 port '51830'
set interfaces wireguard wg2 peer aws-us-west-2 preshared-key 'Xnxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg2 peer aws-us-west-2 public-key 'wUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg2 private-key xxxxxx
set interfaces wireguard wg4 address 'xxx.xxx.51.2/24'
set interfaces wireguard wg4 description 'oci-syd'
set interfaces wireguard wg4 ip adjust-mss 'clamp-mss-to-pmtu'
set interfaces wireguard wg4 peer oci-syd address 'xxx.xxx.xxx.xxx'
set interfaces wireguard wg4 peer oci-syd allowed-ips 'xxx.xxx.0.0/0'
set interfaces wireguard wg4 peer oci-syd allowed-ips 'xxx.xxx.51.1/32'
set interfaces wireguard wg4 peer oci-syd allowed-ips 'xxx.xxx.10.0/24'
set interfaces wireguard wg4 peer oci-syd allowed-ips 'xxx.xxx.1.0/24'
set interfaces wireguard wg4 peer oci-syd persistent-keepalive '20'
set interfaces wireguard wg4 peer oci-syd port '51870'
set interfaces wireguard wg4 peer oci-syd preshared-key 'vuxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg4 peer oci-syd public-key 'dbxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg4 private-key xxxxxx
set interfaces wireguard wg5 address 'xxx.xxx.229.2/24'
set interfaces wireguard wg5 description 'aws-eu-west-2-virmig'
set interfaces wireguard wg5 ip adjust-mss 'clamp-mss-to-pmtu'
set interfaces wireguard wg5 peer aws-eu-west-2 address 'xxx.xxx.xxx.xxx'
set interfaces wireguard wg5 peer aws-eu-west-2 allowed-ips 'xxx.xxx.0.0/0'
set interfaces wireguard wg5 peer aws-eu-west-2 persistent-keepalive '25'
set interfaces wireguard wg5 peer aws-eu-west-2 port '51820'
set interfaces wireguard wg5 peer aws-eu-west-2 preshared-key 'tExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg5 peer aws-eu-west-2 public-key '0Oxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
set interfaces wireguard wg5 private-key xxxxxx
set nat source rule 100 outbound-interface name 'eth4'
set nat source rule 100 source address 'xxx.xxx.1.0/24'
set nat source rule 100 translation address 'masquerade'
set nat source rule 110 outbound-interface name 'eth4'
set nat source rule 110 source address 'xxx.xxx.10.0/24'
set nat source rule 110 translation address 'masquerade'
set nat source rule 120 outbound-interface name 'eth4'
set nat source rule 120 source address 'xxx.xxx.20.0/24'
set nat source rule 120 translation address 'masquerade'
set nat source rule 130 outbound-interface name 'eth4'
set nat source rule 130 source address 'xxx.xxx.30.0/24'
set nat source rule 130 translation address 'masquerade'
set nat source rule 140 outbound-interface name 'eth4'
set nat source rule 140 source address 'xxx.xxx.40.0/24'
set nat source rule 140 translation address 'masquerade'
set nat source rule 150 outbound-interface name 'wg0'
set nat source rule 150 translation address 'masquerade'
set nat source rule 160 outbound-interface name 'wg4'
set nat source rule 160 translation address 'masquerade'
set nat source rule 170 outbound-interface name 'wg2'
set nat source rule 170 translation address 'masquerade'
set nat source rule 180 outbound-interface name 'wg5'
set nat source rule 180 translation address 'masquerade'
set policy local-route rule 100 set table '40'
set policy local-route rule 100 source address 'xxx.xxx.40.10'
set policy route PBR default-log
set policy route PBR interface 'bond01.20'
set policy route PBR rule 5 destination address 'xxx.xxx.1.216'
set policy route PBR rule 5 log
set policy route PBR rule 5 set table 'main'
set policy route PBR rule 5 source address 'xxx.xxx.10.101'
set policy route PBR rule 10 description 'route to oci-syd using table 10'
set policy route PBR rule 10 log
set policy route PBR rule 10 set table '10'
set policy route PBR rule 10 source address 'xxx.xxx.10.101'
set protocols static table 10 description 'oci-syd'
set protocols static table 10 route xxx.xxx.0.0/0 next-hop xxx.xxx.51.1 interface 'wg4'
set protocols static table 20 description 'oci-mel'
set protocols static table 20 route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1 interface 'wg0'
set protocols static table 30 description 'aws-us-west-2'
set protocols static table 30 route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1 interface 'wg2'
set protocols static table 40 description 'aws-eu-west-2'
set protocols static table 40 route xxx.xxx.0.0/0 next-hop xxx.xxx.229.1 interface 'wg5'
set service dhcp-server dynamic-dns-update
set service dhcp-server hostfile-update
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option default-router 'xxx.xxx.1.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option name-server 'xxx.xxx.1.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 range 0 start 'xxx.xxx.1.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 range 0 stop 'xxx.xxx.1.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.1.225'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:4b'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.1.194'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:64'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.1.226'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:0d'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 subnet-id '1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 option default-router 'xxx.xxx.40.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 option name-server 'xxx.xxx.40.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 range 0 start 'xxx.xxx.40.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 range 0 stop 'xxx.xxx.40.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 subnet-id '2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 description 'UAP'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 lease '43200'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 option default-router 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 option domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 option domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 option name-server 'xxx.xxx.10.49'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 start 'xxx.xxx.10.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 stop 'xxx.xxx.10.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:f5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 subnet-id '3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 description 'UAPIOT'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 lease '43200'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 option default-router 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 option name-server 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 start 'xxx.xxx.20.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 stop 'xxx.xxx.20.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 subnet-id '4'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 description 'UAP_IOT'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 lease '43200'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 option default-router 'xxx.xxx.30.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 option name-server 'xxx.xxx.30.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 range 0 start 'xxx.xxx.30.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 range 0 stop 'xxx.xxx.30.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 subnet-id '5'
set service dns forwarding allow-from 'xxx.xxx.40.0/24'
set service dns forwarding allow-from 'xxx.xxx.10.0/24'
set service dns forwarding allow-from 'xxx.xxx.20.0/24'
set service dns forwarding allow-from 'xxx.xxx.30.0/24'
set service dns forwarding allow-from 'xxx.xxx.1.0/24'
set service dns forwarding allow-from 'xxx.xxx.51.0/30'
set service dns forwarding listen-address 'xxx.xxx.40.1'
set service dns forwarding listen-address 'xxx.xxx.10.1'
set service dns forwarding listen-address 'xxx.xxx.20.1'
set service dns forwarding listen-address 'xxx.xxx.30.1'
set service dns forwarding listen-address 'xxx.xxx.1.1'
set service monitoring telegraf prometheus-client xxxxxx 'xxx.xxx.1.0/24'
set service monitoring telegraf prometheus-client xxxxxx 'xxx.xxx.1.1'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0'
set service ntp allow-client xxxxxx '::/0'
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ssh listen-address 'xxx.xxx.40.1'
set service ssh listen-address 'xxx.xxx.1.1'
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system host-name xxxxxx
set system login banner post-login 'vyos router at home 🚀⚔️  think twice before commit 😄'
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication public-keys [email protected] key xxxxxx
set system login user xxxxxx authentication public-keys [email protected] type ssh-xxx
set system login user xxxxxx authentication public-keys [email protected] key xxxxxx
set system login user xxxxxx authentication public-keys [email protected] type ssh-xxx
set system name-server 'xxx.xxx.1.1'
set system option performance 'throughput'
set system sflow agent-address 'xxx.xxx.1.1'
set system sflow agent-interface 'bond01'
set system sflow interface 'bond01'
set system sflow interface 'bond01.20'
set system sflow interface 'bond01.50'
set system sflow interface 'bond01.70'
set system sflow interface 'eth4'
set system sflow polling '2'
set system sflow sampling-rate '1000'
set system sflow server xxxxx.tld port '6343'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.1.49'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.1.46'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.1.46'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.1.42'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
set system syslog host xxx.xxx.1.46 facility all level 'info'
set system syslog host xxx.xxx.1.46 port '5044'
set system syslog host xxx.xxx.1.46 protocol 'tcp'
set system time-zone 'Pacific/Auckland'
n.fort added a subscriber: n.fort.Mon, May 6, 11:31 AM

Can you try with newver version?
New fixes were applied.
You can check this tasks:
https://vyos.dev/T6269
https://vyos.dev/T6191

e.pc.yuan closed this task as Resolved.Tue, May 7, 10:12 PM
e.pc.yuan claimed this task.

Yes this is indeed resolved after switching to 1.5-rolling-202405070019, thank you so much @n.fort and @Viacheslav

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.Wed, May 8, 6:16 AM