@tmartinson No, "vlan-id 99" is the old style. And, at that stage we don't know if it's ethernet or not.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jan 5 2017
Maybe something like this? We already know that it is an ethernet interface by the fact that it is eth0. And by adding the "vlan-id" portion we get a newer style of configuration but keep the read-ability of the configuration stanza.
@Merijn Now that you remind me of it, I think "edit interfaces tunnel; copy tun10 to tun11" or similar should be possible regardless of the config syntax. No matter how it looks in the config, internally "tunnel" is a node with children "tun0", "tun1" and so on, and there's no reason why it shouldn't be possible to use it as edit level.
A pro for me would be that i can do 'edit interfaces ethernet eth0 vif' and work with all virtual interfaces.
@dsteinkopf Not sure, we'll have to devise some rules regarding line breaks, and past some number of leaf nodes inside we are back to the original aesthetic issue (and then there can be non-leaf nodes inside too!
On a fresh look today, I'm convinced that the old tag node formatting is aesthetically superior, so myself as a user of my own project I'm probably voting no, though as a developer I want to see how many people also think it's worth it.
Maybe it's a good idea to 1. use the new syntax but 2. generate less line breaks. e.g.
interfaces { ethernet { eth0 { vif { 99 { address 192.0.2.1/24; } 101 { address 203.0.113.1/24; } } } } }
In this case the new syntax would be fine for me. (Details open for discussion.)
Jan 4 2017
In JunOS the root user enters in the shell and uses 'cli' to enter show mode followed by configure for config mode.
When i add an extra user without shell access, this user is placed directly into show mode.
The vyos user is not the root user, so the way it currently is makes perfect sense to me.
I like the separation for admin vs view. Its the same reason we have RO and RW in SNMP v2c etc. While I don't yet have hands-on experience with Junos, I specifically like the demarcation of configuration vs show commands. For those that don't like the dual approach, can't the run prefix be used to enable a flatter CLI approach?
Jan 2 2017
As long as it is simple to get to a system shell, I'd prefer the VyOS shell to be the default
Dec 31 2016
for unix shell better, but it's just because i'm more linux then network guy.
i think MOTD with how to enter into VyOS shell should be enough.
I started using VyOS because I saw Ansible gained support for configuring VyOS devices. I want all my devices in config management. I'd lie if I said I was familiar with the inner workings of the Python module that interacts with VyOS, but from my config management POV I think it makes sense to login into a normal shell and then perform 'some action'. This action could be done in a CLI tool or it could be something OS-related. So for me, I think it makes sense to login to a normal shell first. My two (possibly worthless) cents ;)
Beside Juniper, other router vendor starting with there specific cli shell. But if the JunOS approach is much easier for maintenance on the long term, take this way.
Dec 29 2016
How did you go with OFP? I can compi;e and run it on vyos platform but first I tried in on Ubuntu and found it much worse than stock linux perhaps there are some setup that is required for it to function optimally. I also tried vpp and that doubled the pps at 64bytes.
Dec 28 2016
Nightly builds are working again, need to fix web hooks next.
Dec 23 2016
Dec 22 2016
Yes, related. I was just talking to myself really, we get the CI back first, and then we can look into adding vyconf to it.
Our gateway is bad and we should feel bad. When jenkins migration to the new site is complete (we are migrating build hosts too), this should work again.
I get a 502 Bad Gateway too.
Is this related? https://phabricator.vyos.net/T222
Awesome. I don't know if it's just me but I get a 502 Bad Gateway when accessing https://ci.vyos.net/
Thanks! Unit tests pass.
Dec 21 2016
Unit tests pass for me too.
Mentioning: http://pastebin.com/yZLVRfnA
Which is an example of how would WLB work with a custom script.
@EwaldvanGeffen apply this rule on what? a WLB?
the WLB from what I understood required an interface per gateway while PBR allows me to route the traffic towards any of the gateways which can be the next-hop ie 10.0.0.100/24 or 10.0.0.101/24.
This is what I remember from vyatta and I haven't digged into the subject since I have a huge gap ahead as far as I can see.
@elico if you apply a 'source my-lan-clients, destination port-80, proto tcp' rule with gateway your proxy server + the custom testing-target script. If the proxy is up it will be routed towards it. If the target goes down, without any other policies the packet will fall onto PBR and then routing. Isn't that the behaviour you were looking for?
@EwaldvanGeffen WLB has a difference from PBR and what is required a PBR.
The code is not something I was looking for but an example of implementation in the configuration.
Then I will be able to look at the code and understand what might be applied to PBR compared to WLB.
Dec 20 2016
Wan-load-balance. Example is here: https://github.com/vyos/vyatta-wanloadbalance/blob/current/scripts/http_test.pl and implementation https://github.com/vyos/vyatta-wanloadbalance/blob/current/templates/load-balancing/wan/interface-health/node.tag/test/node.tag/type/node.def
@EwaldvanGeffen Can you help with giving an example of implementing this?
Like with a tiny ping that returns a status code?
(I do not know what WLB is...)
@elico it's pretty simple since WLB supports custom tests for gateway/targets. You can simply script it up to that.
@EwaldvanGeffen technically we can simplify it into a form of a script that monitors the service using http or another tcp\udp based and would flag the avaliability of the service.
The marking and forwarding rule can be automativally bypassed if the service is flagged as down.
Anyone interested working with me on this?
It's basically a simple conditional PBR.. and since WCCP is "OK" for tiny routers for beafy machines such VYOS have I believe that it would be a piece of cake to cook this up.
Dec 19 2016
Here is a howto on the openfastpath - https://www.howtoforge.com/tutorial/opendataplane-with-open-fast-path-on-ubuntu/
Dec 18 2016
Dec 17 2016
Does openfastpath really work? Have you tried it? It all looks great, and if it works reliably, we indeed should integrate it.
Would the http://www.opendataplane.org/ and http://www.openfastpath.org/index.php/service/technicaloverview/ not work better in VyOS?
Use this to create a fastpath interface and the linux OS can just that.
Dec 16 2016
Dec 14 2016
Looks like it works, and the tests pass.
Dec 6 2016
Nov 23 2016
HCL - Hardware Compatibility List
But not generic one, more like focused on VyOS (not only booting but actually working well)
There is no defined form how it should look like,
I like your variant of the page!
Good start!
Thanks for your comment. I did some refactor. It is now a table with a link to details.
http://wiki.vyos.net/wiki/Network_appliances
What you are telling is completely true.
Idea is maybe not only focus on appliances but rather build some HCL
Nov 22 2016
Pluto has changed to charon.
Nov 9 2016
Nov 7 2016
This bug is also present in the last night build
Nov 5 2016
@whiskeyalpharomeo pointed to
https://github.com/jeroennijhof/pam_tacplus
I talked with @dmbaturin and it looks like via PAM we can perform at least something basic.
@dmbaturin can you comment more ?
Nov 3 2016
Yes, waiting a bit does not hurt. We are working on version 3 of the patch to accomodate the missing features
Reviewed the discussion there - I think we have to wait at least couple of weeks until it will be at least a little bit tested there...
Oct 30 2016
Oct 29 2016
The Quagga has been provided with a patch to support Large BGP Communities. This patch is for Quagga 1.1.0 but should be easy to backport if needed.
Oct 27 2016
Oct 26 2016
Hi, I'm new and found my way here via WAR's blog post.
Big +1 for TACACS+ support.
I manage a bunch of cisco routers and now have half a dozen or so vyos routers in the mix too. I need to grant junior admins rights to these while limiting their ability to break stuff and currently use TACACS+ for this with the cisco routers we manage. I would love to do the same for the growing fleet of vyos virtual routers.
Oct 25 2016
Oct 21 2016
It would be useful, as its used in ISP networks for QOS, specifically in NZ for GPON where 802.1P is tagged by the client router connected to an ONT to access CIR bandwidth allocation for things like VoIP.
Oct 19 2016
@hmkias I think that some kind of a daemon would be required to "coordinate" between the squid machine to the VYOS.
I had an idea about it in the past but never had the chance to actually implement it with vyatta.
However I have seen that in ZEROSHELL there is a very nice feature which test for proxy IP level availability.
How complex would it be to make a condition to the policy based on a lock file?
Oct 18 2016
Why aren't you all discussing this on the Quagga mailing list? More generally, what is the VyOS project policy about work that belongs in upstream?
Oct 2 2016
Through an early allocation, IANA assigned 30 as the path attribute value for Large BGP Communities.
Sep 22 2016
I m thinking on two approaches to the problem, WCCP or patching Squid. Ultimately the complexity and time decides the way.
Sep 20 2016
@rps I think he needs a more modern version of squid with sslbump support. I wouldn't put any effort in WCCP, it seems fairly legacy to me.