Hello there,
is there the way to implement VRF-aware config-archive?
I tried to set source address for config-archive to address of interface in VRF but I’m getting the error:
[Errno 99] Cannot assign requested address
run-parts: /etc/commit/post-hooks.d/02vyos-commit-archive exited with return code 1
I’m using latest rolling version for now:
vyos@vyos:~$ show version
Version: VyOS 1.5-rolling-202404090019
Release train: current
Built by: [email protected]
Built on: Tue 09 Apr 2024 02:26 UTC
Build UUID: 5bf1b1b0-2f07-4e59-9fe7-d5b2595b2584
Build commit ID: f32d9fa78b8ccb
Architecture: x86_64
Boot via: installed image
System type: KVM guest
Hardware vendor: QEMU
Hardware model: Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID: 9ca6408d-f557-493e-bd94-b89d2a70320d
Copyright: VyOS maintainers and contributors
Thanks in advance!
1 Like
Could you share the full configuration , is difficult to understand what is going on .
Sure, here it goes (it’s lab environment but with some real IPs so I changed them):
interfaces {
ethernet eth0 {
address "192.168.1.170/24"
description "--- BVPN ---"
hw-id "50:00:00:07:00:00"
vrf "BVPN"
}
ethernet eth1 {
address "X.X.X.A/29"
description "--- ID ---"
hw-id "50:00:00:07:00:01"
}
ethernet eth2 {
hw-id "50:00:00:07:00:02"
}
ethernet eth3 {
hw-id "50:00:00:07:00:03"
}
loopback lo {
}
tunnel tun0 {
address "10.200.200.17/30"
encapsulation "gre"
remote "X.X.X.B"
source-interface "eth1"
vrf "BVPN"
}
}
nat {
source {
rule 100 {
disable
outbound-interface {
name "eth0"
}
protocol "all"
translation {
address "masquerade"
}
}
}
}
protocols {
bgp {
system-as "65077"
}
static {
route 0.0.0.0/0 {
next-hop X.X.X.Z {
}
}
}
}
service {
ntp {
allow-client {
address "0.0.0.0/0"
address "::/0"
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
ssh {
port "22"
}
}
system {
config-management {
commit-archive {
location "scp://test:[email protected]/VyTEST"
source-address "192.168.1.170"
}
commit-revisions "100"
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed "115200"
}
}
login {
user vyos {
authentication {
encrypted-password "$6$rounds=656000$Eo5.XeHTeuRPhZrO$0vJRDPy5fl7OJrPoHsk5vmT8Pm0bJN/qWKZIT2sTw4nVAVUpRUH5udMWu1K71sTd57jOYMq2B1xgzRL7d7OKZ/"
plaintext-password ""
}
}
}
syslog {
global {
facility all {
level "info"
}
facility local7 {
level "debug"
}
}
}
}
vrf {
bind-to-all
name BVPN {
protocols {
bgp {
address-family {
ipv4-unicast {
redistribute {
static
}
}
}
neighbor 10.200.200.18 {
address-family {
ipv4-unicast {
soft-reconfiguration {
inbound
}
}
}
remote-as "65005"
}
system-as "65077"
}
static {
route 0.0.0.0/0 {
next-hop 192.168.1.1 {
}
}
}
}
table "100"
}
}
I do understand that I can make archive work using route leaking, but that’s not the best design IMO.