I’ve been trying to setup a vyos with 2x VRF’s to setup a ddos-detection/mitigation lab that would be leveraging xFlow data, but it seems when i try to set the interface to be a vlan subinterface that belongs to a VRF the process cant start.
bad scenario config:
admin@vyos# show system flow-accounting
interface eth1.509
sflow {
sampling-rate 1
server 10.49.1.109 {
}
}
admin@vyos# show interface ethernet eth1
hw-id 00:0c:29:97:9e:ba
vif 101 {
}
vif 509 {
address 192.168.59.1/24
vrf ddos-client
}
results in sflow not starting:
admin@vyos# run show flow-accounting
flow-accounting is not active
errors from show log:
Nov 09 18:29:26 commit[4881]: Successful change to active configuration by user admin on /dev/pts/0
Nov 09 18:30:10 sudo[5109]: admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/sh -c /usr/sbin/vyshim /usr/libexec/vyos/conf_mode/flow_accounting_conf.py
Nov 09 18:30:10 sudo[5109]: pam_unix(sudo:session): session opened for user root(uid=0) by admin(uid=1003)
Nov 09 18:30:10 vyos-configd[669]: Received message: {“type”: “init”}
Nov 09 18:30:11 vyos-configd[669]: config session pid is 2613
Nov 09 18:30:11 vyos-configd[669]: Received message: {“type”: “node”, “data”: “/usr/libexec/vyos/conf_mode/flow_accounting_conf.py”}
Nov 09 18:30:11 vyos-configd[669]: Sending response 8
Nov 09 18:30:14 systemd[1]: Stopping ulog accounting daemon…
Nov 09 18:31:03 systemd[1]: Starting Cleanup of Temporary Directories…
Nov 09 18:31:03 systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
Nov 09 18:31:03 systemd[1]: Finished Cleanup of Temporary Directories.
Nov 09 18:31:44 systemd[1]: uacctd.service: State ‘stop-sigterm’ timed out. Killing.
Nov 09 18:31:44 systemd[1]: uacctd.service: Killing process 4839 (uacctd) with signal SIGKILL.
Nov 09 18:31:44 systemd[1]: uacctd.service: Main process exited, code=killed, status=9/KILL
Nov 09 18:31:44 systemd[1]: uacctd.service: Failed with result ‘timeout’.
Nov 09 18:31:44 systemd[1]: Stopped ulog accounting daemon.
Nov 09 18:31:44 systemd[1]: Starting ulog accounting daemon…
Nov 09 18:31:44 systemd[1]: Started ulog accounting daemon.
Nov 09 18:31:44 sudo[5109]: pam_unix(sudo:session): session closed for user root
Nov 09 18:31:44 systemd[2403]: opt-vyatta-config-tmp-new_config_2613.mount: Succeeded.
Nov 09 18:31:44 systemd[1]: opt-vyatta-config-tmp-new_config_2613.mount: Succeeded.
Nov 09 18:31:45 kernel: uacctd[5132]: segfault at 6 ip 00007ff49e63877e sp 00007ffd4bf33e98 error 4 in libc-2.31.so[7ff49e5b6000+14b000]
Nov 09 18:31:45 kernel: Code: 4c 8d 0c 16 4c 39 cf 0f 82 63 01 00 00 48 89 d1 f3 a4 c3 80 fa 08 73 12 80 fa 04 73 1e 80 fa 01 77 26 72 05 0f b6 0e 88 0f c3 <48> 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b
restarting but using a subinterface not associated to a VRF:
admin@vyos# del system flow-accounting interface eth1.509
[edit]
admin@vyos# set system flow-accounting interface eth1.101
[edit]
admin@vyos# commit
[edit]
admin@vyos# run show flow-accounting
IN_IFACE SRC_MAC DST_MAC SRC_IP DST_IP SRC_PORT DST_PORT PROTOCOL TOS PACKETS FLOWS BYTES
[edit]
regular ethernet 1:
admin@vyos# del system flow-accounting interface eth1.101
[edit]
admin@vyos# set system flow-accounting interface eth1
[edit]
admin@vyos# commit
[edit]
admin@vyos# run show flow-accounting
IN_IFACE SRC_MAC DST_MAC SRC_IP DST_IP SRC_PORT DST_PORT PROTOCOL TOS PACKETS FLOWS BYTES
[edit]
returning to VRF subinterface:
admin@vyos# del system flow-accounting interface eth1
[edit]
admin@vyos# set system flow-accounting interface eth1.509
[edit]
admin@vyos# commit
[edit]
admin@vyos# run show flow-accounting
flow-accounting is not active
new to Vyos, but I didn’t see any extra notes in the document about flow-accounting and VRF’s, was there a command missing for the process to start?