Looks like the issue with the same host displayed multiple times is fixed in the latest FRR.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jan 26 2019
Ok, I've re-tested everything one more time to be sure. I can confirm the somewhat strange (though technically correct) behaviour of blackhole routes: they become ECMP routes if there's another route of the same distance. I would expect normal routes to override them in that case, but the kernel is following its hard and fast rule that two routes with the same distance automatically become ECMP routes, that behaviour is counter-intuitive but consistent.
@jmlccdmd I've been testing it with EPA3 and friday's nightly build.
I've built lldpd 1.0.3, much newer than that from jessie. Luckily, the maintainer keep Debian packaging in the official repository, so it wasn't much effort to do.
Ok, more interesting than that. In the latest image, the setup just works as described with RFC-compliant VRRP:
This problem is specific to RFC-compliant VRRP setups. Firewall design in VyOS is rather unfortunate in that rulesets are bound to interfaces. If you assign it to eth0, a rule with -i eth0 -j MyRuleset is created. RFC-compliant (shared MAC) VRRP uses those eth0v1 etc. interfaces, but since from netfilter's point of view eth0 and eth0v1 are different interfaces, those rules are never reached.
This issue uncovered more. The parser was written under an assumption that "bare" leaf and tag nodes at the top level are not allowed. In fact, while VyOS config never have them, it's by convention rather than by design, if you create a command definition for one (set foo bar), it works just fine. So, to be consistent with the original parser, the new parser should allow them.
I've removed the restriction on the grammar to allow them (see https://github.com/vyos/libvyosconfig/commit/1dd05b330f3adfe828ba3ca4c71db2e12b8968f6), and now run show configuration commands seems to work with "partial" configs just fine. The change appears to have no ill effects on parsing "normal" config, according to my testing.
Jan 25 2019
Jan 23 2019
I suppose I can port the fix for |commands to it.
Jan 14 2019
Jan 12 2019
Jan 5 2019
Jan 3 2019
I noticed the issue but didn't get to fixing it, applied your fix now.
Jan 2 2019
Jan 1 2019
Dec 31 2018
FRR people fixed it rather quickly!
Ok, ignore it, I decided not to be a lazy butt and test it myself. ;)
Reload is not enough, restart is needed, so the fix should be complete.
I've added SNMP restart on hostname change, it will be in the next nightly build.
Oh, you forgot metric and route-map options. Extending your patch to support them wasn's hard though, most of the work was already done.
Hey @Merijn, sorry for late reply and thanks for the patch! I've merged it in and it will be in the next nightly build.
I could reproduce it in today's FRR master. I'm reporting the issue to FRR maintainers.
I've changed it to handle the situation gracefully. Actual display of connecting SAs is another story of course... The fix will be in the next nightly build.
Yes, seems it's just forgotten sync-group. A sync-group is required for it to work, in the current implementation. The error message is confusing and bug-like though, as of me.
Dec 29 2018
Dec 26 2018
@m.cremers The fix will be in the next nightly build, please re-test.
Dec 21 2018
So far:
Dec 17 2018
Thanks for catching this! I've fixed it in the upcoming rc11.
Dec 16 2018
If we are planning firewall overhaul, the old design issues should not get in the way. It's planned for 1.3 though
That command works for me in the upcoming rc, so I assume they fixed it.
That command has been removed in rc10. "run show ipsec debug" is now mapped to "ipsec statusall", which should be detailed enough for all practical purposes.
Good catch! Fixed.
Ah , another minor incompatibility between Quagga and FRR. I've fixed it, the fix will be in the next rc.
@hagbard I've added it to all interface templates generators now, including that for QoS.
@hagbarg Sorry I haven't spotted this earlier and had to revert your commit! Please check out my commits: this is how it's been done historically. You would have to also add PBR templates so I see no reason for duplicating that, especially in light of planned firewall overhaul that will rid us from interface templates.