afics (Armin Fisslthaler)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Feb 16 2016, 6:57 PM (83 w, 6 d)
Availability
Available

Recent Activity

Wed, Sep 6

afics added a comment to T171: Unable to Delete Rule.

Tried on → 999.201706052137

Wed, Sep 6, 1:45 PM · VyOS 1.2.x

Apr 26 2017

afics added a comment to Q50: Any hope for DPDK?.

I tried doing some basic routing with ofp and it seemed to work but the shipped dpdk version does not compile for my kernel (4.10), so I can't test that.

Apr 26 2017, 9:13 PM · VyOS 1.2.x, VyOS 2.0.x

Mar 3 2017

afics created T281: Add https support to the load command..
Mar 3 2017, 8:45 AM · VyOS 1.2.x

Feb 26 2017

afics added a watcher for VyConf: afics.
Feb 26 2017, 7:06 PM

Feb 12 2017

afics created T268: Add support for multiple ospv/ospfv3 routing processes.
Feb 12 2017, 12:11 PM · VyOS 1.2.x

Jan 19 2017

afics created T260: Redirect traffict between two L3 interfaces.
Jan 19 2017, 4:52 PM

Sep 17 2016

afics added a comment to T158: Implement HA-Proxy.

Just to voice my opinion, I vote strongly against implementing haproxy support. In my opinion this is feature bloat, we should be striving to do networking, not application level load balancing.
Also puppet/ansible/favourite-cf-management-system modules for haproxy exist. My guess is none of the existing users of haproxy would convert and with vyos 1.x it is difficult to support any kind of automation, so I doubt someone validating plain haproxy configuration with the help of a configuration management system would decide for vyos.

Sep 17 2016, 7:03 PM · VyOS 1.2.x

Sep 15 2016

rps awarded T35: Add IPv6 firewall network groups a Like token.
Sep 15 2016, 10:19 AM · VyOS 1.2.x (VyOS 1.2.0 beta 3)
rps awarded T105: VRRPv3 support (VRRP for IPv6) a Like token.
Sep 15 2016, 10:16 AM · VyOS 1.2.x

Sep 14 2016

afics added a comment to T37: Add openvpn IPv6 support to cli..

Someone created a duplicate of this task, T149.

Sep 14 2016, 7:23 AM · VyOS 1.1.x (1.1.8)

Sep 4 2016

afics added a comment to T31: Add VRF support.

@whiskeyalpharomeo you can do that already with the existing CLI.

Sep 4 2016, 6:02 PM · VyOS 1.2.x

Aug 10 2016

afics added a comment to T124: Policy route pmtu option fail.

Can you please post the corresponding iptables error?

Aug 10 2016, 6:43 PM · VyOS 1.2.x

Jul 24 2016

afics added a comment to T105: VRRPv3 support (VRRP for IPv6).

Ah, good to know. So if we add a switch like transport ipv4/ipv6 to the cli which is only valid for VRRPv3 (add a switch for that too) and then exclude either all v4 or all v6 addresses, would that work?

Jul 24 2016, 8:43 PM · VyOS 1.2.x
afics added a comment to T105: VRRPv3 support (VRRP for IPv6).

Does it work, if you use virtual_ipaddress_excluded? Also I don't really understand how this would solve the problem? Could you please explain it?

Jul 24 2016, 8:05 PM · VyOS 1.2.x
afics added a comment to T105: VRRPv3 support (VRRP for IPv6).

@jbrown This only works for you because your keepalived versions are old enough.
This got "fixed" (well, at least they're standards compliant now ;)) in 1.2.20 I believe.
See https://github.com/acassen/keepalived/issues/375#issuecomment-230148110 for more information.

Jul 24 2016, 7:30 PM · VyOS 1.2.x

Jul 23 2016

afics added a comment to T105: VRRPv3 support (VRRP for IPv6).
[root@test ~]# cat /etc/keepalived/keepalived.conf 
vrrp_instance VI_1 {
    state MASTER
    interface ens3
    virtual_router_id 51
    priority 200
    advert_int 1
    vrrp_version 3
    native_ipv6
    authentication {
        auth_type ah
        auth_pass 1111
    }
    virtual_ipaddress {
        3ffa::1/64
        192.168.100.200/24 
    }
}

Does only work for the v6 address with this configuration.

Jul 23 2016, 10:39 AM · VyOS 1.2.x
afics added a comment to T105: VRRPv3 support (VRRP for IPv6).

I tested with keepalived version 1.2.22 on Fedora and it didn't seem to work. I'll test again.

Jul 23 2016, 10:27 AM · VyOS 1.2.x

Jul 17 2016

afics updated subscribers of T105: VRRPv3 support (VRRP for IPv6).

TODO:

  • check if our keepalived version supports VRRPv3, if not, upgrade to a newer version.
  • implement cli support + config generation
Jul 17 2016, 1:04 PM · VyOS 1.2.x
afics created T105: VRRPv3 support (VRRP for IPv6).
Jul 17 2016, 11:12 AM · VyOS 1.2.x

Jun 30 2016

afics added a comment to T85: Python management library is not Python3 compatible.

Your core dependecy exscript is not compatible with python3. It seems like someone started working on it but didn't finish and abandoned the port. I guess you don't want to port it, so I guess python3 support is on hold for now :/

Jun 30 2016, 7:59 AM · Python Management Library

Jun 17 2016

afics added a comment to T80: Upgrade OpenVPN to latest version.

OpenVPN 2.2.3 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 2 2015 on 1.2.0-beta1.

Jun 17 2016, 11:52 AM · VyOS 1.2.x

Jun 10 2016

afics added a comment to T82: packets leak un-natted.

@mdsmds Yes, that should work, but if you do that, you force all traffic to be tracked by conntrack, which might not be what you what. Whereas if you apply it only to in on your internal NIC, you don't have to track all traffic, assuming you have multiple (internal) interfaces and you don't NAT all of them.

Jun 10 2016, 1:13 PM · VyOS 1.1.x (1.1.8)
afics added a comment to T82: packets leak un-natted.

I guess we should add this to the user guide.

Jun 10 2016, 8:33 AM · VyOS 1.1.x (1.1.8)
afics added a comment to T82: packets leak un-natted.

Yes, that should do the trick.

Jun 10 2016, 8:24 AM · VyOS 1.1.x (1.1.8)
afics added a comment to T82: packets leak un-natted.

The important part is to discard any packets with conntrack state invalid on the internal interface. What you are seeing occurs because netfilter forwards instead of NATs packages it does not know about. see https://bugzilla.netfilter.org/show_bug.cgi?id=693#c11.

Jun 10 2016, 7:44 AM · VyOS 1.1.x (1.1.8)

Jun 9 2016

afics added a comment to T82: packets leak un-natted.

This is normal behaviour. You need to add a firewall rule to only allow established and related connections and another to drop invalid packets.

Jun 9 2016, 1:45 PM · VyOS 1.1.x (1.1.8)

Jun 3 2016

afics closed T79: as path prepending as Resolved.

Basically create a route-map like below and apply it as the peerings export route-map.
Also please create a question instead of a task next time.

route-map EXPORT-PREPEND {
     rule 10 {
         action permit
         set {
             as-path-prepend "<your as no> <your as no> <your as no>"
         }
     }
Jun 3 2016, 1:28 PM

Jun 1 2016

afics added a comment to T75: NetFlow have impact on performance.

Related/duplicate: T33.

Jun 1 2016, 1:55 PM · VyOS 1.2.x, VyOS 2.0.x

May 30 2016

afics added a comment to T66: IPSec v6 over v6 support.

I've tested IPsec + Ip6Ip6, everything works flawlessly for two weeks now. I suggest, we remove the check.

May 30 2016, 11:41 AM · VyOS 1.2.x

May 25 2016

afics reopened T70: Prefix lists, allow le==ge as "Open".
May 25 2016, 11:34 AM

May 23 2016

afics created T70: Prefix lists, allow le==ge.
May 23 2016, 4:45 PM

May 15 2016

afics added a comment to T66: IPSec v6 over v6 support.

First tests haven't shown obvious problems, everything seem's to work. I'll do some more testing.

May 15 2016, 12:10 PM · VyOS 1.2.x

May 11 2016

afics updated the task description for T66: IPSec v6 over v6 support.
May 11 2016, 9:37 PM · VyOS 1.2.x
afics created T66: IPSec v6 over v6 support.
May 11 2016, 9:36 PM · VyOS 1.2.x

May 10 2016

afics added a comment to T46: Add support for extended community lists..

B rocade vyatta.

May 10 2016, 8:58 AM · VyOS 1.2.x
afics added a comment to T46: Add support for extended community lists..

I propose adding support for named extended-community-lists, see T64.

May 10 2016, 8:55 AM · VyOS 1.2.x
afics changed Difficulty level from easy to normal on T64: Add support for named {,extended} community-lists.
May 10 2016, 8:54 AM · VyOS 1.1.x (1.1.8)
afics created T64: Add support for named {,extended} community-lists.
May 10 2016, 8:54 AM · VyOS 1.1.x (1.1.8)
afics added a comment to T46: Add support for extended community lists..

@mickvav On vRouter 5600, it would be like I posted. I vote for adding directly under policy.

May 10 2016, 8:52 AM · VyOS 1.2.x
afics added a comment to T46: Add support for extended community lists..

@syncer Sure.
@mickvav [1] Docs. What else do you need?

May 10 2016, 6:10 AM · VyOS 1.2.x

Apr 11 2016

afics created T46: Add support for extended community lists..
Apr 11 2016, 11:06 AM · VyOS 1.2.x

Apr 7 2016

afics closed T42: Support all of dnsmasqs server syntax. as Resolved.

Sorry, I just didn't see, the feature was there :O

Apr 7 2016, 7:02 PM · VyOS 1.1.x

Apr 5 2016

afics updated the task description for T42: Support all of dnsmasqs server syntax..
Apr 5 2016, 10:53 AM · VyOS 1.1.x
afics created T42: Support all of dnsmasqs server syntax..
Apr 5 2016, 10:52 AM · VyOS 1.1.x

Mar 31 2016

afics added a member for VyOS 1.1.x: afics.
Mar 31 2016, 6:15 PM
afics added a member for VyOS 2.0.x: afics.
Mar 31 2016, 6:15 PM
afics created T38: Saner BGP default configuration..
Mar 31 2016, 6:10 PM · VyOS 1.2.x (VyOS 1.2.0 beta 3)
afics added a comment to T31: Add VRF support.

I will look into it. I think it is feasible to add to 1.x, but we have to think about the cli. We have to treat the default VRF in a way, so it doesn't come in the way of users who don't want/need to use VRFs.

Mar 31 2016, 5:49 PM · VyOS 1.2.x
afics created T37: Add openvpn IPv6 support to cli..
Mar 31 2016, 5:46 PM · VyOS 1.1.x (1.1.8)
afics created T36: Add $ reset ip{,v6} bgp all soft command.
Mar 31 2016, 5:30 PM · VyOS 1.2.x
afics updated the task description for T31: Add VRF support.
Mar 31 2016, 5:29 PM · VyOS 1.2.x
afics created T35: Add IPv6 firewall network groups.
Mar 31 2016, 5:27 PM · VyOS 1.2.x (VyOS 1.2.0 beta 3)
afics created T34: Extend ospfv3 cli to be feature equivalent to ospf..
Mar 31 2016, 5:26 PM · VyOS 1.2.x (VyOS 1.2.0 beta 3)
afics created T33: Add support for ipt-netflow, a faster/high performance Netflow collector.
Mar 31 2016, 5:25 PM · VyOS 1.1.x (1.1.8)
afics created T32: Make BGP AFI configuration more userfriendly by clearly differentiating between v4/v6.
Mar 31 2016, 5:24 PM · VyOS 1.2.x (VyOS 1.2.0 beta 3)
afics renamed T31: Add VRF support from Add VRFs support to Add VRF support.
Mar 31 2016, 5:23 PM · VyOS 1.2.x
afics created T31: Add VRF support.
Mar 31 2016, 5:23 PM · VyOS 1.2.x