Vyos 1.5 randomly losing interfaces

Bugs
1

Running 1.5 rolling release on promox vm. Have 9 machines running, 6 of which make up a double stacked core. I had one edge unit and one NAT unit both lose interfaces at the same time. When lost, the “show interfaces” would return nothing but a line of broken code. Restarting sometimes fixed sometimes hasn’t, but seems unstable. Configs for one edge and one nat below (second end and second nat identical minus IPs).

Blockquote

Edge#1

set firewall ipv4 name DROP_INVALID rule 20 action ‘drop’
set firewall ipv4 name DROP_INVALID rule 20 state ‘invalid’
set interfaces ethernet eth0 mtu ‘9000’
set interfaces ethernet eth0 vif 19 address ‘10.11.19.2/30’
set interfaces ethernet eth0 vif 19 description ‘Management EdgeRouter’
set interfaces ethernet eth0 vif 19 disable
set interfaces ethernet eth0 vif 19 mtu ‘9000’
set interfaces ethernet eth0 vif 21 address ‘10.11.21.1/30’
set interfaces ethernet eth0 vif 21 address ‘10.11.21.5/30’
set interfaces ethernet eth0 vif 21 address ‘10.11.21.9/30’
set interfaces ethernet eth0 vif 21 description ‘Core-Edge-2 / Core-NAT-1 / Core-NAT-2’
set interfaces ethernet eth0 vif 21 disable
set interfaces ethernet eth0 vif 21 mtu ‘9000’
set interfaces ethernet eth0 vif 98 address ‘PublicIP
set interfaces ethernet eth0 vif 98 address ‘PublicIP
set interfaces ethernet eth0 vif 98 address ‘PublicIP
set interfaces ethernet eth0 vif 98 description ‘Fiber Feed 1’
set interfaces ethernet eth0 vif 98 disable
set interfaces loopback lo address ‘PublicIP
set interfaces loopback lo address ‘10.10.1.1/32’
set policy prefix-list AS-IN rule 65535 action ‘permit’
set policy prefix-list AS-IN rule 65535 le ‘0’
set policy prefix-list AS-IN rule 65535 prefix ‘0.0.0.0/0’
set policy prefix-list AS-Prefixes rule 10 action ‘permit’
set policy prefix-list AS-Prefixes rule 10 prefix ‘PublicIP
set policy prefix-list6 AS-IN rule 10 action ‘permit’
set policy prefix-list6 AS-IN rule 10 prefix ‘::/0’
set policy prefix-list6 AS-OUT rule 10 action ‘permit’
set policy prefix-list6 AS-OUT rule 10 prefix ‘PublicIP
set policy route-map AS-IN rule 10 action ‘permit’
set policy route-map AS-IN rule 10 match ip address prefix-list ‘AS-IN’
set policy route-map AS-IN rule 20 action ‘deny’
set policy route-map AS-OUT rule 5 action ‘permit’
set policy route-map AS-OUT rule 10 action ‘permit’
set policy route-map AS-OUT rule 10 match ip address prefix-list ‘AS-Prefixes’
set policy route-map AS-V6-IN rule 10 action ‘permit’
set policy route-map AS-V6-IN rule 10 match ipv6 address prefix-list ‘AS-IN’
set policy route-map AS-V6-IN rule 65535 action ‘deny’
set policy route-map AS-V6-OUT rule 10 action ‘permit’
set policy route-map AS-V6-OUT rule 10 match ipv6 address prefix-list ‘AS-OUT’
set policy route-map AS-V6-OUT rule 65535 action ‘deny’
set protocols bgp address-family ipv4-unicast network PublicIP
set protocols bgp address-family ipv6-unicast network PublicIP
set protocols bgp neighbor PublicIP address-family ipv4-unicast route-map export ‘AS-OUT’
set protocols bgp neighbor PublicIP address-family ipv4-unicast route-map import ‘AS-IN’
set protocols bgp neighbor PublicIP remote-as ‘7922’
set protocols bgp neighbor PublicIP address-family ipv4-unicast
set protocols bgp neighbor PublicIP address-family ipv6-unicast route-map export ‘AS-V6-OUT’
set protocols bgp neighbor PublicIP address-family ipv6-unicast route-map import ‘AS-V6-IN’
set protocols bgp neighbor PublicIP ebgp-multihop ‘255’
set protocols bgp neighbor PublicIP remote-as ‘7922’
set protocols bgp neighbor PublicIP address-family ipv4-unicast
set protocols bgp neighbor PublicIP address-family ipv6-unicast route-map export ‘AS-V6-OUT’
set protocols bgp neighbor PublicIP address-family ipv6-unicast route-map import ‘AS-V6-IN’
set protocols bgp neighbor PublicIP capability dynamic
set protocols bgp neighbor PublicIP remote-as ‘7922’
set protocols bgp parameters router-id ‘PublicIP
set protocols bgp system-as ‘400732’
set protocols ospf area 0.0.0.0 network ‘10.10.1.1/32’
set protocols ospf area 0.0.0.0 network ‘10.11.19.0/30’
set protocols ospf area 0.0.0.0 network ‘10.11.21.0/30’
set protocols ospf area 0.0.0.0 network ‘10.11.21.4/30’
set protocols ospf area 0.0.0.0 network ‘10.11.21.8/30’
set protocols ospf default-information originate always
set protocols ospf default-information originate metric-type ‘2’
set protocols ospf interface eth0.19 authentication md5 key-id 1 md5-key ‘
set protocols ospf interface eth0.19 network ‘point-to-point’
set protocols ospf interface eth0.19 passive disable
set protocols ospf interface eth0.21 authentication md5 key-id 1 md5-key '
set protocols ospf interface eth0.21 network ‘point-to-point’
set protocols ospf interface eth0.21 passive disable
set protocols ospf parameters abr-type ‘cisco’
set protocols ospf parameters router-id ‘10.10.1.1’
set protocols ospf passive-interface ‘default’
set protocols static route 0.0.0.0/0 next-hop PublicIP
set protocols static route PublicIP blackhole
set service ntp allow-client address ‘0.0.0.0/0’
set service ntp allow-client address ‘::/0’
set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net
set service ssh dynamic-protection
set service ssh listen-address ‘10.10.1.1’
set service ssh listen-address ‘10.11.21.1’
set service ssh listen-address ‘10.11.21.5’
set service ssh listen-address ‘10.11.21.9’
set service ssh listen-address ‘10.11.18.2’
set system config-management commit-revisions ‘100’
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed ‘115200’
set system host-name '****’
set system login user administrator authentication encrypted-password ‘$6$rounds=656000$8BGJlA/Z8LyZ3W4Y$kRwOqacDxzczIreS0.gh.pvgPBoRNPIU62nSIA2I7Y721gWqJbLC7drOrSo0i1j.A5o.sTY0xs1ZWBjFjxZvB.’
set system login user ****** authentication public-keys ****** key ‘AAAAC3NzaC1lZDI1NTE5AAAAIFXVfCtyGhgz+xBfqg0Kn1lFb1+/BktnvqEJpHW5V0/4’
set system login user **** authentication public-keys ***** type ‘ssh-ed25519’
set system login user vyos authentication encrypted-password ******
set system login user vyos authentication plaintext-password ‘’
set system name-server ‘1.1.1.1’
set system name-server ‘10.0.11.25’
set system syslog global facility all level ‘info’
set system syslog global facility local7 level ‘debug’

NAT#1

set high-availability vrrp group Businesses address PublicIP/28
set high-availability vrrp group Businesses hello-source-address ‘10.11.21.21’
set high-availability vrrp group Businesses interface ‘eth0.21’
set high-availability vrrp group Businesses peer-address ‘10.11.21.22’
set high-availability vrrp group Businesses priority ‘100’
set high-availability vrrp group Businesses vrid ‘12’
set high-availability vrrp group Management_Devices address PublicIP/29
set high-availability vrrp group Management_Devices hello-source-address ‘10.11.21.21’
set high-availability vrrp group Management_Devices interface ‘eth0.21’
set high-availability vrrp group Management_Devices peer-address ‘10.11.21.22’
set high-availability vrrp group Management_Devices priority ‘100’
set high-availability vrrp group Management_Devices vrid ‘10’
set high-availability vrrp group Parish_Homes address PublicIP/29
set high-availability vrrp group Parish_Homes hello-source-address ‘10.11.21.21’
set high-availability vrrp group Parish_Homes interface ‘eth0.21’
set high-availability vrrp group Parish_Homes peer-address ‘10.11.21.22’
set high-availability vrrp group Parish_Homes priority ‘100’
set high-availability vrrp group Parish_Homes vrid ‘11’
set high-availability vrrp group Public_1 address PublicIP/29
set high-availability vrrp group Public_1 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_1 interface ‘eth0.21’
set high-availability vrrp group Public_1 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_1 priority ‘100’
set high-availability vrrp group Public_1 vrid ‘21’
set high-availability vrrp group Public_2 address PublicIP/29
set high-availability vrrp group Public_2 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_2 interface ‘eth0.21’
set high-availability vrrp group Public_2 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_2 priority ‘100’
set high-availability vrrp group Public_2 vrid ‘22’
set high-availability vrrp group Public_3 address PublicIP/29
set high-availability vrrp group Public_3 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_3 interface ‘eth0.21’
set high-availability vrrp group Public_3 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_3 priority ‘99’
set high-availability vrrp group Public_3 vrid ‘23’
set high-availability vrrp group Public_4 address PublicIP/29
set high-availability vrrp group Public_4 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_4 interface ‘eth0.21’
set high-availability vrrp group Public_4 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_4 priority ‘99’
set high-availability vrrp group Public_4 vrid ‘24’
set high-availability vrrp group Public_5 address PublicIP/29
set high-availability vrrp group Public_5 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_5 interface ‘eth0.21’
set high-availability vrrp group Public_5 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_5 priority ‘99’
set high-availability vrrp group Public_5 vrid ‘25’
set high-availability vrrp group Public_6 address PublicIP/29
set high-availability vrrp group Public_6 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_6 interface ‘eth0.21’
set high-availability vrrp group Public_6 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_6 priority ‘99’
set high-availability vrrp group Public_6 vrid ‘26’
set high-availability vrrp group Public_7 address PublicIP/29
set high-availability vrrp group Public_7 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_7 interface ‘eth0.21’
set high-availability vrrp group Public_7 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_7 priority ‘99’
set high-availability vrrp group Public_7 vrid ‘27’
set high-availability vrrp group Public_8 address PublicIP/29
set high-availability vrrp group Public_8 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_8 interface ‘eth0.21’
set high-availability vrrp group Public_8 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_8 priority ‘99’
set high-availability vrrp group Public_8 vrid ‘28’
set high-availability vrrp group Public_9 address PublicIP/29
set high-availability vrrp group Public_9 hello-source-address ‘10.11.21.21’
set high-availability vrrp group Public_9 interface ‘eth0.21’
set high-availability vrrp group Public_9 peer-address ‘10.11.21.22’
set high-availability vrrp group Public_9 priority ‘99’
set high-availability vrrp group Public_9 vrid ‘29’
set high-availability vrrp sync-group Sync_Businesses member ‘Businesses’
set high-availability vrrp sync-group Sync_Management member ‘Management_Devices’
set high-availability vrrp sync-group Sync__Homes member '_Homes’
set high-availability vrrp sync-group Sync_Public_1 member ‘Public_1’
set high-availability vrrp sync-group Sync_Public_2 member ‘Public_2’
set high-availability vrrp sync-group Sync_Public_3 member ‘Public_3’
set high-availability vrrp sync-group Sync_Public_4 member ‘Public_4’
set high-availability vrrp sync-group Sync_Public_5 member ‘Public_5’
set high-availability vrrp sync-group Sync_Public_6 member ‘Public_6’
set high-availability vrrp sync-group Sync_Public_7 member ‘Public_7’
set high-availability vrrp sync-group Sync_Public_8 member ‘Public_8’
set high-availability vrrp sync-group Sync_Public_9 member ‘Public_9’
set interfaces ethernet eth0 address ‘dhcp’
set interfaces ethernet eth0 hw-id ‘bc:24:11:29:34:ab’
set interfaces ethernet eth0 mtu ‘9000’
set interfaces ethernet eth0 vif 21 address ‘10.11.21.6/30’
set interfaces ethernet eth0 vif 21 address ‘10.11.21.14/30’
set interfaces ethernet eth0 vif 21 address ‘10.11.21.21/30’
set interfaces ethernet eth0 vif 21 address ‘PublicIP/32’
set interfaces ethernet eth0 vif 21 address ‘PublicIP/27’
set interfaces ethernet eth0 vif 21 description ‘Core-Edge-1 / Core-Edge-2 / Core-NAT-2’
set interfaces ethernet eth0 vif 21 disable
set interfaces ethernet eth0 vif 21 mtu ‘9000’
set interfaces ethernet eth0 vif 22 address ‘10.11.22.1/29’
set interfaces ethernet eth0 vif 22 description ‘LibreQoS Interface → Agg1’
set interfaces ethernet eth0 vif 22 disable
set interfaces ethernet eth0 vif 22 mtu ‘1500’
set interfaces ethernet eth0 vif 31 address ‘10.11.31.1/30’
set interfaces ethernet eth0 vif 31 description ‘Core-Agg-1’
set interfaces ethernet eth0 vif 31 disable
set interfaces ethernet eth0 vif 31 mtu ‘9000’
set interfaces ethernet eth0 vif 32 address ‘10.11.32.1/30’
set interfaces ethernet eth0 vif 32 description ‘Core-Agg-2’
set interfaces ethernet eth0 vif 32 disable
set interfaces ethernet eth0 vif 32 mtu ‘9000’
set interfaces loopback lo address ‘10.10.1.3/32’
set interfaces loopback lo address ‘PublicIP/32’
set nat source rule 10 description ‘Management Devices’
set nat source rule 10 outbound-interface ‘eth0.21’
set nat source rule 10 source address ‘10.10.0.0/16’
set nat source rule 10 translation address ‘PublicIP/29’
set nat source rule 11 description ‘Parish Homes’
set nat source rule 11 outbound-interface ‘eth0.21’
set nat source rule 11 source address ‘10.0.0.0/20’
set nat source rule 11 translation address ‘PublicIP/29’
set nat source rule 12 description ‘Businesses’
set nat source rule 12 outbound-interface ‘eth0.21’
set nat source rule 12 source address ‘10.0.96.0/20’
set nat source rule 12 translation address ‘PublicIP/28’
set nat source rule 13 description ‘Public 1’
set nat source rule 13 outbound-interface ‘eth0.21’
set nat source rule 13 source address ‘100.75.0.0/19’
set nat source rule 13 translation address ‘PublicIP/29’
set nat source rule 14 description ‘Public 2’
set nat source rule 14 outbound-interface ‘eth0.21’
set nat source rule 14 source address ‘100.75.32.0/19’
set nat source rule 14 translation address ‘PublicIP/29’
set nat source rule 15 description ‘Public 3’
set nat source rule 15 outbound-interface ‘eth0.21’
set nat source rule 15 source address ‘100.75.64.0/19’
set nat source rule 15 translation address ‘PublicIP/29’
set nat source rule 16 description ‘Public 4’
set nat source rule 16 outbound-interface ‘eth0.21’
set nat source rule 16 source address ‘100.75.96.0/19’
set nat source rule 16 translation address ‘PublicIP/29’
set nat source rule 17 description ‘Public 5’
set nat source rule 17 outbound-interface ‘eth0.21’
set nat source rule 17 source address ‘100.75.128.0/19’
set nat source rule 17 translation address ‘PublicIP/29’
set nat source rule 18 description ‘Public 6’
set nat source rule 18 outbound-interface ‘eth0.21’
set nat source rule 18 source address ‘100.75.160.0/19’
set nat source rule 18 translation address ‘PublicIP/29’
set nat source rule 19 description ‘Public 7’
set nat source rule 19 outbound-interface ‘eth0.21’
set nat source rule 19 source address ‘100.75.192.0/19’
set nat source rule 19 translation address ‘PublicIP/29’
set nat source rule 20 description ‘Public 8’
set nat source rule 20 outbound-interface ‘eth0.21’
set nat source rule 20 source address ‘100.75.224.0/19’
set nat source rule 20 translation address ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘10.10.1.3/32’
set protocols ospf area 0.0.0.0 network ‘10.11.21.4/30’
set protocols ospf area 0.0.0.0 network ‘10.11.21.12/30’
set protocols ospf area 0.0.0.0 network ‘10.11.31.0/30’
set protocols ospf area 0.0.0.0 network ‘10.11.32.0/30’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/28’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘PublicIP/29’
set protocols ospf area 0.0.0.0 network ‘10.11.21.20/30’
set protocols ospf area 0.0.0.0 network ‘10.11.22.0/29’
set protocols ospf interface eth0.21 authentication md5 key-id 1 md5-key ‘
set protocols ospf interface eth0.21 dead-interval ‘40’
set protocols ospf interface eth0.21 hello-interval ‘10’
set protocols ospf interface eth0.21 network ‘point-to-point’
set protocols ospf interface eth0.21 passive disable
set protocols ospf interface eth0.21 priority ‘1’
set protocols ospf interface eth0.21 retransmit-interval ‘5’
set protocols ospf interface eth0.21 transmit-delay ‘1’
set protocols ospf interface eth0.22 authentication md5 key-id 1 md5-key '
set protocols ospf interface eth0.22 cost ‘10’
set protocols ospf interface eth0.22 network ‘broadcast’
set protocols ospf interface eth0.22 passive disable
set protocols ospf interface eth0.31 authentication md5 key-id 1 md5-key ‘
set protocols ospf interface eth0.31 cost ‘200’
set protocols ospf interface eth0.31 dead-interval ‘40’
set protocols ospf interface eth0.31 hello-interval ‘10’
set protocols ospf interface eth0.31 network ‘point-to-point’
set protocols ospf interface eth0.31 passive disable
set protocols ospf interface eth0.31 priority ‘1’
set protocols ospf interface eth0.31 retransmit-interval ‘5’
set protocols ospf interface eth0.31 transmit-delay ‘1’
set protocols ospf interface eth0.32 authentication md5 key-id 1 md5-key '
set protocols ospf interface eth0.32 cost ‘200’
set protocols ospf interface eth0.32 dead-interval ‘40’
set protocols ospf interface eth0.32 hello-interval ‘10’
set protocols ospf interface eth0.32 network ‘point-to-point’
set protocols ospf interface eth0.32 passive disable
set protocols ospf interface eth0.32 priority ‘1’
set protocols ospf interface eth0.32 retransmit-interval ‘5’
set protocols ospf interface eth0.32 transmit-delay ‘1’
set protocols ospf parameters abr-type ‘cisco’
set protocols ospf parameters router-id ‘10.10.1.3’
set protocols ospf passive-interface ‘default’
set service ntp allow-client address ‘0.0.0.0/0’
set service ntp allow-client address ‘::/0’
set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net
set service ssh dynamic-protection
set service ssh listen-address ‘10.11.21.6’
set service ssh listen-address ‘10.11.21.14’
set service ssh listen-address ‘10.11.21.21’
set service ssh listen-address ‘10.11.31.1’
set service ssh listen-address ‘10.11.32.1’
set service ssh listen-address ‘10.10.1.3’
set service ssh listen-address ‘10.10.10.122’
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system host-name ‘’
set system login user vyos authentication encrypted-password ‘$6$ps0jfJo6uPyNE/g5$OznKWSsfgzwsx9q9EA…Vp.4.rn2XMSnTW3hjG6hQR/TooXpm39szz.0M6ZaZd6yC.gZDFks6IAF5vnVVXuK8.’
set system login user vyos authentication plaintext-password ‘’
set system name-server ‘10.0.11.25’
set system name-server ‘1.1.1.1’
set system option performance ‘latency’
set system syslog global facility all level ‘info’
set system syslog global facility local7 level ‘debug’
set system time-zone ‘America/New_York’

Blockquote

Blockquote

1 Like
2

You say you run this as VM-guest in Proxmox.

Any logs from the Proxmox server?

Which version of Proxmox?

How is the network setup for the VM-guest (as in Proxmox settings)?

3

Proxmox just updated. Loaded with one interface, multique (8). Mtu 9000 no logs in proxmox either.

4

Do these configs work if you roll back to an earlier release? I understand there are syntax changes so maybe you can’t just roll back.

5

If you didnt change the config on your own and the system install remains of the older version then you can perfectly fine rollback (select during boot) the older version.

The config as it were at time of update will then show up since each system image have its own persistent directory in VyOS.

For example (the path below is just an example since I dont remember the exact path) if you have 1.3.4 installed then what that see as its root (“/”) is the squashfs as base and then whatever is changed from /path/persistent/1.3.4/ is used as an overlay.

Then when you install for example 1.3.6 a new persistent dir will be created such as /path/persistent/1.3.6/ and stuff from /config and I think /home will be copied to this new persistent directory and finally the box is rebooted into 1.3.6.

This way when migration scripts are runned on first boot and you later on add/remove config that will only affect whats placed physically at /path/persistent/1.3.6/config/config.boot.

The one from 1.3.4 over at /path/persistent/1.3.4/config/config.boot is untouched.

This gives if you later on boots back to 1.3.4 (as long as you didnt remove that system image through cli command) you are then back to how the config looked like with 1.3.4 at the time of the update.

This is a VERY nice feature by VyOS compared to other vendors who doesnt have this persistent overlay directory and it would be tricky with those vendors to just boot back to the older version since in their cases the config would then be from the newer image which might have changed stuff or reordered sections. So in their cases you must go back to a physical backup you have made yourself of the config.

2 Likes
6

That explains the config management between versions very well. Thank you!