@c-po If I want to be an interface-ethernet.xml.in Add custom configuration actions (such as proxy NDP) with certain extensibility (its configuration can be extended in other places). What should I do?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Sep 20 2020
In T2898#75677, @jack9603301 wrote:I also take into account the specific situation of the ndp proxy, the configuration of this link prompts, the configuration format of the ndp proxy is like this.
https://manpages.debian.org/buster/ndppd/ndppd.conf.5.en.html
Sep 19 2020
Interesting post: https://serverfault.com/questions/152363/bridging-wlan0-to-eth0
I also take into account the specific situation of the ndp proxy, the configuration of this link prompts, the configuration format of the ndp proxy is like this.
No arp proxy option is found in the configuration path, ndp proxy can manage multiple address rules under one interface
vyos@vyos# set interfaces ethernet eth0 ip Possible completions: arp-cache-timeout ARP cache entry timeout in seconds disable-arp-filter Disable ARP filter on this interface enable-arp-accept Enable ARP accept on this interface enable-arp-announce Enable ARP announce on this interface enable-arp-ignore Enable ARP ignore on this interface enable-proxy-arp Enable proxy-arp on this interface > ospf Open Shortest Path First (OSPF) parameters proxy-arp-pvlan Enable private VLAN proxy ARP on this interface > rip Routing Information Protocol (RIP) source-validation Policy for source validation by reversed path, as specified in RFC3704
Although I intended to think that it is easier to write scripts under the protocol, but from an intuitive point of view, it seems that this path is also a good choice (users can use the same command line as the arp proxy to configure) I have written it A sample, then only need to decide how to modify the cli
In T2898#75670, @Cheeze_It wrote:In T2898#75656, @jack9603301 wrote:set interfaces ethernet eth0 ip proxy-arp
The more suitable position may be set protocol ndp-proxy
I...really would like to not put it under "protocols" but to put it under the interface. It's *much* easier and more intuitive to see it under the interface/sub-interface than to see it in its' own stanza under "protocol" node.
Also, I'd argue it would be reasonable to separate ARP proxy and NDP proxy. That way one can pick and choose. Of course ARP proxy can't work without an IP address configured. NDP proxy can't be configured without an IPv6 address configured (those could be used as checks against configuring it on an empty interface).
If possible, give your suggested cli path for my reference
In T2898#75656, @jack9603301 wrote:set interfaces ethernet eth0 ip proxy-arp
The more suitable position may be set protocol ndp-proxy
I can't find how to enable ipv6 connection tracking. Recompiling and modifying the linux kernel switch does not seem to see the module loaded. I think the current nat66 has completed 90%, and only need to implement ndp proxy to make it work normally.
set interfaces ethernet eth0 ip proxy-arp
I think we do need it, we can’t let users manage all IP manually unless we implement stateful NAT66
set interfaces ethernet eth0 ip proxy-arp. Isn‘t the Kernel sysctl interface enough? Do we really need a daemon?
Beeing stateless or statefull both should work. We can add a CLI node for the proxy.ndp option like we have for proxy arp on ipv4, no big deal.
Sep 18 2020
Let's check and table "local"
PR for rolling https://github.com/vyos/vyatta-cfg-vpn/pull/37
@Viacheslav, I am unsure if you're able to finish the template and/or work on it more but if you guys ever choose to complete it and add it into rolling then I can test it out in my lab.
In T2518#75586, @c-po wrote:Beeing stateless or statefull both should work. We can add a CLI node for the proxy.ndp option like we have for proxy arp on ipv4, no big deal.
Beeing stateless or statefull both should work. We can add a CLI node for the proxy.ndp option like we have for proxy arp on ipv4, no big deal.
This is a milestone, which means we have to decide whether to use stateful or stateless
I worked with @jack9603301 and discovered [1] that stateless NAT66 depends on IPv6 neighbor proxy, otherwise VyOS will not respond to IPv6 neighbor discovery broadcasts.
Tested in LTS 1.2.5 and latest rolling release, where it is not allowing to add the AA:NN along with Additive
It is confirmed that there is a bug in the implementation, but no solution has been found yet. In the nat66 rule, the prefix translation is indeed performed in the expected behavior, but the upstream device cannot return the data packet from the specific prefix. If the community has a good solution, please let me know
Marked as resolved
Sep 17 2020
Thanks, let's merge it only after 1.2.6 release
No objection as its a minor enhancement
Can we add this implementation for crux in the old style?
https://github.com/DmitriyEshenko/vyatta-cfg-system/commit/0adc41a62b6d532da7c4b47cb5da920d1ed39664
The main reason for such issues is missing a good one instructions on how to build a proper one image.
@jack9603301 Here is R1
Please give the configuration of R1 so that I can immediately test your topology in the simulation environment
Sep 16 2020
Hey guys, I am testing nat66 from @jack9603301 which @c-po provided the ISO for me today (VyOS 1.3-nat66-202009161808)
set interfaces bridge br0 member interface wlan0
Duplicate T2539
Add a smoketest to check if the required config options are present in the kernel configuration to prevent this in the future.