It's a classic issue. You need to create rules with "exclude" option for such networks.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Nov 3 2018
For the reference, the syntax is "set interfaces tunnel tun0 parameters ip bridge-group bridge br0". It wasn't me who designed it, and I see no reasons why it was designed that way, but that's what we've got for now. We should rework the tunnel interface CLI in general and this on in particular.
Since it does no harm, I suppose we can address it when we get to rewriting those scripts.
With the new BGP syntax where IPv4 is in its own address family just like IPv6, the no default ipv4-unicast option should work as expected. See T849.
This is best done along with IPsec scripts rewrite.
I guess this is best done along with openvpn scripts rewrite.
This would be best done along with firewall scripts rewrite.
For mellanox etc. I'm just using the kernel source package.
Oct 29 2018
Oct 28 2018
@zsdc Ah, sorry, rolling-1028. I'll take a look.
@zsdc Which version are you using? It should be fixed in rc1 already. If you are using rc1 or newer, that means the fix is incomplete.
Groups need a big overhaul, but its probably out of the 1.2.0 scope.
I've finally located the place where tag node output is handled and added quoting analogous to what was always done to leaf node values. Now saved configs should be correct.
In rc3 and rc4, it's empty for me.
By default cli-shell-api showCfg is level-aware, and the script indeed did not use the option for supressing it.
Indeed, the original script only took the first word, rather than all words after "filter".
Oct 25 2018
Oct 24 2018
Oct 21 2018
While I agree that our scripts should be less dependent on interface names, I'm not sure if we should support so called "predictable" interface names, since for the users they are anything but predictable. Definitely not in 1.2.0
bmon was always there, it's in the dependencies of vyos-1x.
I've made a workaround for it. I've also reported the root cause to FRR: https://github.com/FRRouting/frr/issues/3215
Luckily it never actually made it to 1.1.8 because the commands are badly broken. ;)
FRR appears to include this fix already, so this should be automatically fixed.
This issue appears to no longer be reproducible.
It appears to work now:
Nightly builds are not signed... for better or worse. It wouldn't be too hard to automatically sign them with the development key, but should we?
This wasn't reproducible for quite a while, retroactively moving to rc1 since it was our first milestone with an official release.
Hi Chris,
I couldn't reproduce it in rc3, as stated. Please retest, and if you still get the error, we'll need to figure out the reproducing steps.
The root cause is that Quagga and FRR 5.1-dev didn't mind changing settings for non-existent interfaces, but FRR 6.1-dev does. The "ip source-validation" should have always been affected though.
@Merijn I could not reproduce the issue with any of my configs, so I can only suggest two options: either you can make an anonymized version of your config with all AS and network values replaced with those from private ranges (but please make sure the issue is still reproducible with that config); or you can send the actual config to me privately under a promise not to share it with anyone or a formal NDA.