Page MenuHomeVyOS Platform

mickvav (Mihail Vasiliev)
User

Projects

User does not belong to any projects.

User Details

User Since
Mar 18 2016, 8:43 PM (417 w, 3 d)

Recent Activity

Mar 15 2019

mickvav created T1300: Consider joining google's Season of Docs program in the S1 VyOS Public space.
Mar 15 2019, 5:45 PM

Jun 13 2018

mickvav added a comment to T692: TFTP server functionality.

+1 here as for small ISP.
Needed features (at least):

  • choose interface to listen on
  • choose directory to serve
  • toggle read-only/read-write access

Would-be-great features:

  • View connections log
  • View current connections
Jun 13 2018, 6:12 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

May 16 2018

mickvav added a comment to T634: Remove "service ssh allow-root".

I think it's a bad idea in case of automation scripts, which rely on general linux root shell - e.g. don't need sudo to get root access. So, anyone with this kind of integrations will need to adjust their software, if it would be not possible to make VyOS act like ordinary linux and accept (without pain) things like

ssh root@vyos arping -I eth0 12.34.56.78
May 16 2018, 9:24 AM · VyOS 1.2 Crux (VyOS 1.2.0-rc4), VyOS-1.2.0-GA

May 4 2018

mickvav created T619: LLDP package needs to be rebuild.
May 4 2018, 12:55 PM · Rejected

Apr 1 2018

mickvav added a comment to T590: openvpn config using openvpn config file.
Apr 1 2018, 7:09 AM · VyOS 1.5 Circinus
mickvav updated subscribers of T590: openvpn config using openvpn config file.

We have thing like this in dhcpd's config - there you can state something like "subnet-parameters ... include file".
I was thinkking a little bit on it and came to the following idea - may be we should implement general syntax for stanza like "hey, vyos, I have config file for this service, please use it as is, but I still need the service to be operated on by vyos CLI commands". How do you think, would it be a good option to implement @dmbaturin?

Apr 1 2018, 7:09 AM · VyOS 1.5 Circinus

Feb 16 2018

mickvav added a comment to Q125: routing (Answer 173).

Configuration and output of

dmesg

please.

Feb 16 2018, 9:49 AM
mickvav added a comment to T171: Unable to delete a firewall fule.

Can you attach output of

Feb 16 2018, 9:27 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc7)
mickvav created T547: DSA-4115-1 - quagga remote vulnerabilities..
Feb 16 2018, 9:24 AM · Rejected

Feb 8 2018

mickvav added a comment to T537: A frank conversation about Debian LTS.

Well, may be 2.0 should be Sodium though...

Feb 8 2018, 12:12 PM · Restricted Project

Feb 2 2018

mickvav added a comment to T529: Create op command to set regulatory domain.

@c-po I don's think that there is unique-one-ideal way to configure kernel modules in run time - some of them have interfaces as files in /proc or /sys filesystems, some don't and expect some ioctl on some /dev/ device or on some network device. Others, as netfilter, expect whole bunch of binary data to be pushed to kernel after being compiled by their own userspace tool.
As far as I understand, what we can do - is to make some use of sysctl to adjust the parameters that it can access. Thus, more or less generic way is to call sysctl something=somevalue in op mode and to write something=somevalue to file like /etc/sysctl.d/path_to_conf_entry.conf together with calling sysctl something=somevalue in configuration mode. This way we can get more-or-less generic way to describe sysctl's parameters in conf and op mode.

Feb 2 2018, 5:32 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Jan 30 2018

mickvav added a comment to T529: Create op command to set regulatory domain.

@c-po this thing should work already without T123, if someone can test this code on live hardware - it seems to be ready to merge.

Jan 30 2018, 6:28 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav added a comment to T529: Create op command to set regulatory domain.

@alainlamar , well done!

Jan 30 2018, 6:25 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Jan 29 2018

mickvav added a comment to T529: Create op command to set regulatory domain.

Looks like one has to run also something like

Jan 29 2018, 2:09 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Nov 16 2017

mickvav added a comment to T459: VRRP not working..

There are some issues with compiling keepalived on 32 bit systems recently - http://www.keepalived.org/changelog.html

Nov 16 2017, 2:31 PM · Rejected

Oct 19 2017

sebastianm awarded T426: CVE-2017-13077 - Update wpa_supplicant a Like token.
Oct 19 2017, 12:03 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), wpa

Oct 17 2017

mickvav created T426: CVE-2017-13077 - Update wpa_supplicant.
Oct 17 2017, 5:36 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), wpa

Oct 9 2017

mickvav added a comment to T414: Remove the telnet service and make sure old configs that use it still load.

Well, may be we just have to either:

Oct 9 2017, 10:46 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav added a comment to T417: Allow bonding non-ethernet interfaces.

If you have a lab to try - may be you can just copy

Oct 9 2017, 10:39 AM · VyOS 1.5 Circinus
mickvav created T418: Add html entities encoding for options field.
Oct 9 2017, 8:51 AM · VyOS 1.4 Sagitta, vyatta-cfg-system

Sep 29 2017

mickvav added a comment to T405: Add binaries for lcdproc.

Is there any possibility to test this functionality in some kind of virtualized environment? Or the developer has to own an appliance with lcd screen to check this things?

Sep 29 2017, 7:01 AM · VyOS 1.3 Equuleus (1.3.0-epa1)

Sep 22 2017

mickvav added a comment to T75: NetFlow have impact on performance.

Here you are -

- it expects to be extracted in / directory. But no warranties on any binary compatibility with current version of kernel and iptables. AT ALL.

Sep 22 2017, 1:40 PM · VyOS 1.3 Equuleus (1.3.7)
mickvav added a comment to T75: NetFlow have impact on performance.

Ups, seems I was wrong in last comment. I'll collect all the files from .deb and post them here.

Sep 22 2017, 1:36 PM · VyOS 1.3 Equuleus (1.3.7)
mickvav added a comment to T75: NetFlow have impact on performance.

Well, I don't have access to development vm, where I did this stuff today (remind me on monday, please), but I do have kernel module (the only file in .deb, actually) compiled against 4.4.15-amd64-vyos kernel.

Sep 22 2017, 1:33 PM · VyOS 1.3 Equuleus (1.3.7)

Sep 15 2017

mickvav added a comment to T379: UDP Broadcast Packet Relay.

Just wondering, if it's possible to address this problem by just addint some firewall rule like
iptables -t mangle -j TEE ...
Did anyone did some digging into xtables-addons package to elaborate, whether it's possible to use firewall for this kind of things? I think, it should be much faster to do this things in kernel, than in userspace.

Sep 15 2017, 6:18 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Aug 29 2017

mickvav added Q103: Is there a comprehensive list of all VyOS commands? (Answer 152).
Aug 29 2017, 2:20 PM
mickvav added a comment to T372: GRUB Boot Options when installing VyOS 1.2.x.

Awesome!

Aug 29 2017, 1:45 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Aug 28 2017

mickvav added a comment to T157: Remove "install system" command.

Well, I have to ask everybody to double think about the very decision to drop the support for "install system" option.
The point is - when you do "install image" - you just drop known-working OS image file to some directory, and if you want to update the OS, you just drop another one (am I correct here?).
But, If you've installed some custom .deb's on the host, you should re-install them after the OS image is updated, even if you had to install new image because of one-line security fix.
Isn't it the scenario for which all those people in debian have used package manager for decades? Isn't it better to just update one package in installed system?

Aug 28 2017, 4:25 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav closed T277: CVE-2017-6074 - linux kernel local (?) privilege escalation as Resolved.

Fine!

Aug 28 2017, 4:13 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS 1.1.x (1.1.8)
mickvav closed T172: URGENT: Fix Quagga CVE-2016-1245 as Resolved.

Fine.

Aug 28 2017, 4:11 PM · VyOS 1.1.x (1.1.8)
mickvav added a comment to T372: GRUB Boot Options when installing VyOS 1.2.x.

+1 for removal.

Aug 28 2017, 4:10 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Aug 1 2017

mickvav added a comment to T177: SSD tweaks.

Trim is a good point, may be we can but I will emphasize these things here:

  1. DO NEVER install vyos or any other linux, intended for running 24x7 on cheap usb flash. I did it. Don't repeat my mistakes.
  2. /var/log in tmpfs is generally a very bad idea, as you will have no logs to examine system failures post-mortem.
  3. It's a good idea to monitor your ssd's health, and it's a good idea to include smartctl in VyOS default package list, but ssds have different vendor-specific SMART flags for their health indication, so it's up to user to specify the correct ones for his or her equipment.
  4. There is a damn dirty and simple solution to address trim issue without any modifications to running image:
tune2fs -o discard /dev/sdXY

but one has to make sure that device supports trim BEFORE doing this :)

Aug 1 2017, 12:49 PM · VyOS 1.3 Equuleus (1.3.7)

Jun 28 2017

mickvav closed T46: Add support for extended community lists. as Resolved.

Actually merged year ago.

Jun 28 2017, 9:44 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav closed T153: Deal with web gui as Resolved.

Merged in october.

Jun 28 2017, 9:37 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS TestLab
mickvav added a comment to T172: URGENT: Fix Quagga CVE-2016-1245.

Pull request - https://github.com/vyos/vyatta-quagga/pull/5
Anybody tested this .debs?

Jun 28 2017, 8:20 AM · VyOS 1.1.x (1.1.8)
mickvav closed T53: Serial console - related code needs to be adjusted from inittab to systemctl as Resolved.

Seems to be OK.

Jun 28 2017, 8:16 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS 2.0.x

May 29 2017

mickvav added a comment to T316: Latest Nightly build (vyos-999.201705242137-amd64) is not booting.

Do you have BIOS or UEFI boot mode in your motherboard setup selected?
To all - there was some reason why I've included grub-pc in my image, but I'not sure that it will help in this case.

May 29 2017, 5:51 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

May 24 2017

mickvav changed Why the issue appeared? from none to design-mistake on T315: dhcp server config fixup.
May 24 2017, 1:56 PM
mickvav created T315: dhcp server config fixup.
May 24 2017, 1:55 PM

Mar 29 2017

mickvav added a comment to T160: Support NAT64.

@dsummers jool seems to be kernel-level and tayga seems to be userspace-level. The first one should be faster, and I expect package loss in the second one on high packet rate.

Mar 29 2017, 12:54 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
mickvav added a comment to T160: Support NAT64.

Well, I think I can some day do some things on adding this to CLI, if someone points me to known-working config for this feature. Am I right that this IPv4 - IPv6 NAT can not be implemented by iptables/ip6tables stuff? If netfilter already can do it - it's much better to do this things in kernel (as netflow, in my opinion).

Mar 29 2017, 12:49 PM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus

Mar 10 2017

mickvav added a comment to T289: unable to boot from software raid .

It seems to me that it should be linked with removal of in-kernel raid autodetection in recent kernels. We should employ user-space autodetect. Those people at gentoo have something on it here: https://wiki.gentoo.org/wiki/Custom_Initramfs#Software_RAID We should do something similar.

Mar 10 2017, 9:04 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Mar 2 2017

mickvav added a comment to T75: NetFlow have impact on performance.

Well, I take vyos-kernel, iptables, build them in packages directory, and put ipt-netflow from here: https://github.com/mickvav/ipt-netflow-code as git submodule in the same packages directory, build it there and get working .deb package containing module, crafted for current vyos kernel. I have no CLI integration for it though I use my own firewall-messing scripts. But in general, you jest have to do modprobe the module with right parameters (where to send collected data) and add somewhere in firewall the rule with "-j NETFLOW" to trigger, which packets to take into account.

Mar 2 2017, 1:17 PM · VyOS 1.3 Equuleus (1.3.7)

Feb 23 2017

mickvav created T277: CVE-2017-6074 - linux kernel local (?) privilege escalation.
Feb 23 2017, 9:48 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS 1.1.x (1.1.8)

Feb 16 2017

mickvav added a comment to T222: Make jenkins build nightly builds again.

Great, thanks!

Feb 16 2017, 5:35 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS 2.0.x

Jan 9 2017

mickvav added a comment to T172: URGENT: Fix Quagga CVE-2016-1245.

@Alexis , I've got my build environment up and running and created .deb's for this issue. Feel free to test.

Jan 9 2017, 2:57 PM · VyOS 1.1.x (1.1.8)
mickvav added a comment to V2: Should VyOS-specific shell be the login shell in VyOS 2.0?.

For me the current defaults is fine for router-like device. But it's a good idea to have this option in user config, e.g.

Jan 9 2017, 8:03 AM · VyOS 2.0.x
mickvav added a comment to V3: Tag node syntax for VyOS 2.0.

Well, my vote is "No", because if for small configs it's OK to have just intent-expressed syntax, if you have huge one, e.g. several pages - if you omit prefix before, say, 55, you will have to guess from context, if it is a vlan or preffix list entry, or VRRP group or whatever.

Jan 9 2017, 7:54 AM · VyOS 2.0.x, VyConf

Dec 19 2016

mickvav created T222: Make jenkins build nightly builds again.
Dec 19 2016, 12:09 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS 2.0.x
mickvav added a comment to T221: Pmmact bug .

Well, I am not sure I can do this fast, as I am using different approach in flow collection - https://github.com/mickvav/ipt-netflow-code and have no idea on what do do with sflow. If you have someone else to assign this job to - do it.

Dec 19 2016, 12:04 PM · Invalid

Nov 19 2016

mickvav added a comment to Q56: nDPI integration, what is required?.

Well, just to make things clear - nDPI is actually a userspace software, that performs DPI analisis of data flow (from pcap-ed interface in real time or from .pcap file). It's interface to netfilter goes through ndpi-netfilter package, which actually opens kernel-userspace socket to forward some packets throug nDPI in userspace. If I am right in brief, we have two important steps:

  1. Make userspace software compile and work.

I thing, this should require almost no vyos-specific coding - just original package should be compiled on vyos vuild system into .deb

  1. Make netfilter-related package integrate into vyos iptables configuration.

Here we need to create some package like vyos-ndpi-netfilter, which fetches and compiles ndpi-netfilter, handles vyos configuration templates and creates correctly working .deb with all this stuff.
vyos-ndpi-netfilter.deb should depend on ndpi.deb

Nov 19 2016, 12:00 PM · VyOS 1.1.x (1.1.8)

Nov 18 2016

mickvav added a comment to Q56: nDPI integration, what is required?.

How exactly can we help you?

Nov 18 2016, 4:58 AM · VyOS 1.1.x (1.1.8)

Nov 10 2016

mickvav added a comment to T172: URGENT: Fix Quagga CVE-2016-1245.

Sent pull request. This thing is really trivial. @Alexis, would be so kind to that resulting package is ok? My building appliance is somewhat disabled right now and I have only a tiny amount of time to do recreate it, so I will be able to test that everything is ok next week only, sorry.

Nov 10 2016, 1:38 PM · VyOS 1.1.x (1.1.8)

Nov 3 2016

mickvav added a comment to T143: Add support for Large BGP Community.

Reviewed the discussion there - I think we have to wait at least couple of weeks until it will be at least a little bit tested there...

Nov 3 2016, 2:41 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc3)

Sep 30 2016

mickvav added a comment to T63: Physical Lab.

Well, than it seems to me that the reasonable starting idea is to start with the following configuration:

  1. make tree-like control pane topology on some stupid switch, for example.
  2. make "basic" configuration for every device, where only control pane interfaces are up and running
  3. make your jenkins or some other automated tool able to upload configuration into all these devices.
  4. make full-graph cabling between existing devices with some reasonable background logic

(e.g. "port 1 of any device always goes to hp,
port 2 of any device always goes to srx240
port 3 of any device always goes to ASA
port 4 always goes to Mikrotik)

Sep 30 2016, 5:19 AM · Rejected

Sep 29 2016

mickvav added a comment to T63: Physical Lab.

@syncer , do you have any drawing on network topology, that you are going to implement? If you do and it's not a secret, please share.

Sep 29 2016, 1:10 PM · Rejected

Sep 26 2016

mickvav added a comment to Q56: nDPI integration, what is required?.

@elico, have a look at https://github.com/mickvav/ipt-netflow-code - it's my vyos/debian repackage for ipt-netflow - another iptables target module which I've ported (and use in production) on my own vyos repackage. If you take it's "debian/" folder, put in your repo, than we can fork it and maintain as submodule.

Sep 26 2016, 12:45 PM · VyOS 1.1.x (1.1.8)
mickvav added a comment to Q56: nDPI integration, what is required?.

Well, I think, I can try to make this thing work on VyOS, especially if the community is interested.
@elico, it seems to me to be that if you have this thing working with ubuntu you already have some debian folder which produces .deb's on dpkg-buildpackage correctly, or you mean that after just "make && make install" on running system, it installs and works?

Sep 26 2016, 10:14 AM · VyOS 1.1.x (1.1.8)

Sep 19 2016

mickvav added a comment to T160: Support NAT64.

The last one seems to be really interesting - it's a kernel module, should be fast and so on.

Sep 19 2016, 10:59 AM · VyOS 1.4 Sagitta, VyOS 1.5 Circinus
mickvav added a comment to Q50: Any hope for DPDK?.

It's an interesting idea, I've even tried this stuff couple of days ago, but it seems to be under heavy development, although seems to be a motion in right direction - snippets of code in documentation doesn't work, things which they demonstrate in videos are already moved in another modules and so on. So to make these things importable into vyos, they should first be made workable.
Thus, if someone needs this stuff to be integrated into vyos, he has to achive some simple goals:

Sep 19 2016, 8:15 AM · VyOS 1.2 Crux, VyOS 2.0.x

Sep 16 2016

mickvav added a comment to Q50: Any hope for DPDK?.

Ok, @Caesar305, than I'll ask another stupid question - why do you think that if someone will implement FULL linux bridging/routing/firewall stack with DPDK, he will get some significant profit from this decision? May be I miss something, but if all these things are already implemented in kernel, they are just already there, so DPDK seems to be extremely effective if you make it do specific things by throwing away all unneeded things, if you implement everything in userspace application instead of kernel you will benefit only on simplicity of debugging, am I right?

Sep 16 2016, 12:59 PM · VyOS 1.2 Crux, VyOS 2.0.x
mickvav added a comment to Q50: Any hope for DPDK?.

Well, I think this question can't be correctly answered until it is correctly stated. So I suggest waiting @Caesar305 for some clarifications. @rps 's answer implies that "support" means "ALL the routing stack works over dpdk" which seems to be really far now. But another option is the ability to run specific dpdk software on dedicated ports (e.g. traffic generator software for load testing of external equipment or high performance network sniffer) - this task seems to be achievable, if it's requested and donated for :)

Sep 16 2016, 10:40 AM · VyOS 1.2 Crux, VyOS 2.0.x

Sep 15 2016

mickvav updated the task description for T154: monitor feature strange message.
Sep 15 2016, 9:25 AM · Rejected
mickvav created T154: monitor feature strange message.
Sep 15 2016, 9:25 AM · Rejected
mickvav created T153: Deal with web gui.
Sep 15 2016, 7:50 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS TestLab

Sep 12 2016

mickvav added a comment to Q50: Any hope for DPDK?.

Hm, I belive it should be relatively easy to make vyos "forget" about some interfaces, on which you plan to use your separate dpdk-enabled software and to just compile dpdk into main distribution. Is it enough for your needs, @Caesar305 or you need some specific application or you are talking about making all firewall stuff work over dpdk (which sounds like A VERY VERY HUGE task)?

Sep 12 2016, 9:48 AM · VyOS 1.2 Crux, VyOS 2.0.x
mickvav added a comment to Q52: Integrate Vyos with standalone web filtering device?.

And if you have any other known https destinations with different port numbers - redirect corresponding traffic explicitly.

Sep 12 2016, 9:41 AM · VyOS 2.0.x, VyOS 1.1.x (1.1.8)

Sep 4 2016

mickvav created T142: DSA-3659-1.
Sep 4 2016, 6:27 PM · VyOS 1.1.x (1.1.8)

Aug 24 2016

mickvav added a comment to T91: Memory leak in the Perl bindings for CStore (Vyatta::Config).

I can suggest trying to do fork() on before line 139 and exit this forked child later - this should keep parent daemon's memory footprint constant.

Aug 24 2016, 12:24 PM · VyOS 1.2 Crux (VyOS 1.2.0-rc1)

Aug 22 2016

mickvav added a comment to T132: Allow route-map to set "src".

Can you push your recent changes to github?

Aug 22 2016, 3:27 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc2)
mickvav added a comment to T132: Allow route-map to set "src".

You need "create" section in your templates/policy/route-map/node.tag/rule/node.tag/set/src/node.def to make things survive reboots, I think.

Aug 22 2016, 2:29 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc2)

Jul 15 2016

mickvav added a comment to T103: DHCP server prepends shared network name to hostnames.

May be you can run tcpdump -nvvv port bootps on your host to catch your client's requests to make sure that clients request hostnames without prefixes?

Jul 15 2016, 1:06 PM · VyOS 1.2 Crux (VyOS 1.2.6)

Jun 1 2016

mickvav added a comment to T75: NetFlow have impact on performance.

Hm, as ipt-netflow is actually a firewall target, it looks like it's configuration logic should be slightly different from pmacct's one.
Looks like there should be some service level config tree, specifying module load parameters, like

Jun 1 2016, 4:26 PM · VyOS 1.3 Equuleus (1.3.7)

May 31 2016

mickvav added a comment to T75: NetFlow have impact on performance.

I had to disable dkms there
https://github.com/mickvav/ipt-netflow-code
And if anyone is interested - I also have xtables-addons compilable against vyos kernel (it has several interesting firewall features - such as geoip and ipmark) - https://github.com/mickvav/xtables-addons

May 31 2016, 4:12 PM · VyOS 1.3 Equuleus (1.3.7)
mickvav added a comment to T75: NetFlow have impact on performance.

Well, I have ipt-netflow on self-rebuilt vyos kernel, no problems with performance. But I have no vyos-related scripts for interaction with this module.

May 31 2016, 4:03 PM · VyOS 1.3 Equuleus (1.3.7)

May 30 2016

mickvav added a comment to T74: Fix VRRP in nightly development builds.

And some more, on the machine with working config:

May 30 2016, 11:52 AM · VyOS 1.1.x (1.1.8)
mickvav added a comment to T74: Fix VRRP in nightly development builds.

Ok, now works, but I've got some strange notices on "show vrrp" :

May 30 2016, 11:01 AM · VyOS 1.1.x (1.1.8)
mickvav created T74: Fix VRRP in nightly development builds.
May 30 2016, 6:30 AM · VyOS 1.1.x (1.1.8)

May 21 2016

mickvav added a comment to T69: Kill off floppy support..

Why should we remove support for obsolete features, which do not break anything?

May 21 2016, 2:35 PM · VyOS 2.0.x, VyOS 1.1.x (1.1.8)

May 18 2016

mickvav added a comment to T38: Add no-ipv4-unicast option.

I think it leads to incompatibilities with other device's default behavior - cisco, for example, exports/imports everything, if another behavior not stated explicitly, AFAIR.

May 18 2016, 8:20 AM · Rejected

May 13 2016

mickvav added a comment to T63: Physical Lab.

Would be great - with some make target for this it's possible to arrange nightly builds with these images.

May 13 2016, 11:31 AM · Rejected

May 12 2016

mickvav added a comment to T63: Physical Lab.

Hm, looks like it has 1gbe port working, am I right?
Do you have your .img creating procedure described or scripted somewhere?

May 12 2016, 9:48 PM · Rejected
mickvav added a comment to T63: Physical Lab.

You mean, I can order a board, take sd, put some image onto it and get working vyos on this board?

May 12 2016, 1:17 PM · Rejected
mickvav added a comment to T63: Physical Lab.

Well, you was discussing hardware here, and I know that mikrotiks used to be bootable into debian, so I've concluded that you are planing to port vyos on mikrotik's hardware. But clearfrog is also interesting idea.

May 12 2016, 12:57 PM · Rejected
mickvav added a comment to T63: Physical Lab.

Is there some place, where you track current work on mikrotik port? May I help it somehow?

May 12 2016, 11:36 AM · Rejected
mickvav added a comment to T46: Add support for extended community lists..

Steel need someone with known working quagga MPLS confgiuration to test. @afics ?

May 12 2016, 8:43 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav added a comment to T46: Add support for extended community lists..

- update - i've found minor bug.
May be we need some kind of lint-ing on scripts during package build process?

May 12 2016, 8:42 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

May 10 2016

mickvav added a comment to T46: Add support for extended community lists..

Created pull request - https://github.com/vyos/vyatta-cfg-quagga/pull/9 to track changes, related to this ticket.

May 10 2016, 9:18 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav added a comment to T46: Add support for extended community lists..

@dmbaturin @syncer should we keep configuration syntax in sync with brocade?

May 10 2016, 9:05 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav added a comment to T46: Add support for extended community lists..

What is vRouter 5600?

May 10 2016, 8:58 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav added a comment to T46: Add support for extended community lists..

Well, looks like pre-alpha is here:


N.B. It's completely untested. And I can't test one as I have no working MPLS config for clean quagga.

May 10 2016, 8:57 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav updated subscribers of T46: Add support for extended community lists..

@afics I think keyword route is unnecessary in your suggested syntax - we have all options right under "set policy" tree. @syncer , @dmbaturin what will you say?

May 10 2016, 7:58 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
mickvav added a comment to T46: Add support for extended community lists..

Well, it's somewhat more complicated than expected, but possible. I'll try do it today, but not 100% sure that I'll have enough time...

May 10 2016, 7:12 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

May 9 2016

mickvav added a comment to T46: Add support for extended community lists..

I think, I can. Need two things - url to docs to check semantics and readyness to test.

May 9 2016, 10:37 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)

May 5 2016

mickvav created T61: Consider idea of obtaining CII Best Practices badge.
May 5 2016, 9:49 PM · Ideas

May 4 2016

mickvav added a comment to T59: Inspect action still exists in firewall and should be removed.

Did you run into some trouble with snort? Are there any discussion on this topic somewhere?

May 4 2016, 3:09 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc5)

Apr 28 2016

mickvav added a comment to T53: Serial console - related code needs to be adjusted from inittab to systemctl.

About systemd there is another point - if you look into systemd default setup (/lib/systemd/system/[email protected]), you can find that it's default setup is rather clever - it takes advantage from agetty's ability to automatically select console baud rate. But current vyos configuration scheme insists on some fixed baud rate. So, we also have options:

  1. (simple) Remove speed option or ignore it. + allows usage of upstream systemd configuration
  2. Alter systemd configuration to use fixed speed from config.
  3. Modify speed to accept list of possible speeds, e.g.
speed "9600[,38400...]"
Apr 28 2016, 12:32 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS 2.0.x
mickvav created T53: Serial console - related code needs to be adjusted from inittab to systemctl.
Apr 28 2016, 10:49 AM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS 2.0.x
mickvav added projects to T52: Q26 pull request seems to be tested at least.: VyOS 2.0.x, VyOS 1.1.x, VyOS TestLab.

Looks like this simple patch is ready for production. Backing idea - quagga has route-map to filter routes, going to be installed from ospf into kernel table, but we had no way to install it in vyos config. This patch creates 'router ospf route-map NAME' vyos configuration command, which maps into 'ip protocol ospf route-map NAME' quagga configuration mode command. The development was discussed under Q26.

Apr 28 2016, 10:03 AM · VyOS 1.1.x (1.1.8)

Apr 27 2016

mickvav added a comment to T49: Kernel NFS server support.

Well, I think that anyone, who really needs some specific feature set, nfs server, samba server, whatever, can make and maintain his own fork of vyos-build and it has (almost) no problem to build a speific iso himself.

Apr 27 2016, 6:49 AM · Rejected