This check interferes with the commit.
https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/interfaces-vxlan.py#L163
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Mar 29 2020
vyos@vyos# show interfaces ethernet eth3 address 192.168.3.1/24 vrf red
vyos@vyos# show protocols static route 192.168.3.0/24 next-hop 192.168.3.1 { next-hop-interface eth3 next-hop-vrf red }
vyos@vyos# run show ip route | match 192.168.3.0 S>* 192.168.3.0/24 [1/0] via 192.168.3.1, eth3(vrf red), 00:01:05
I created a network diagram for "l2vpn evpn" implementation.
I used this instruction vxlan-bgp-vpn
Mar 28 2020
It requires a migration of the VTI interface to python first.
Well - making all IPv6 stuff a noop is not coded into VyOS. Can you show real life examples of increased attack surface?
it's enabled by default.
It's useful when the user is sure he doesn't want IPv6, as it lessens the attack surface, especially if the user doesn't know he needs to configure a IPv6 firewall separately to the IPv4 firewall. Even link-local addresses can be used to launch attacks in the absence of a firewall config.
IMO the configured interface addresses and v6 nodes should become no-ops, possibly print a warning on commit.
On the other hand, leaving IPv6 enabled, would be better to move in the direction of v6 adoption. Personally, I'd prefer this, and leave v6 enabled by default.
in my opinion it should be always enabled
Actually why do you wan't to disbale IPv6 on the system? I think this is a huge workpackage.
Downloaded the latest rolling, the only thing I have done with the rolling was installing it on a fresh Proxmox VM. I created two firewall groups with the same name - one for address-group and the other is for port-group.
@c-po this is operation commands, as I understand you propose to write py script with return_effective_ , correct?
data |
can you try to reproduce in rolling, please?
Regarding the reference counter for changes. It can also be implemented by storing in an Interface specific class level dictionary the last know state of the interface.
However, should multiple instances of the class be run by multiple programs then this could become problematic and this limitation should be kept in mind.
The recent change in implementation have changed the code from "if/else" to data-driven.
For example, every class now has a "definition" dictionary which indicates what the interface can/cannot do, for example, be bonded or not or it it supports vlan.
Thanks for the quick fix - I was to blind finding it on my own :/
There this three types of functions which as class can have:
- "normal" when the first argument is "self"
- classmethod (using the @classmethod decorator before the function). In that case self replaced from an instance of the class by a reference to the class itself (often called cls, in that case InterfaceClass)
- staticmethod (where the function does not need class data and is jus placed under the class) can be called with InterfaceClass.func()
Mar 27 2020
DFLT_BGP_IMPORT_CHECK can only be set by changing the profile? It can't be set directly? We don't need to change the default timers, just this parameter.
We don't can do it as default behavior.
Frr documentation, frr has profiles
Fix will be in any rolling release after vyos-1.3-rolling-202003270650-amd64.iso
While you are working on this I'd suggest the default behavior to be to check if IGP routes exist by default. The reason most implementations check IGP is described in my initial bug submission along with diagrams. Since advertising unconditionally breaks dynamic routing it may make sense to make this a default.
@jestabro Create it please.
Thanks, @Viacheslav. We will need to add a migration script for the previous setting; that is simple in this case, since, as you observed, it was a no-op, and can just be dropped. If you are busy, I can add it.
@jestabro I fixed commit to
There is a Pull Request available to correct this: https://github.com/vyos/vyatta-cfg-quagga/pull/45