Re: [Vyatta-users] Error setting up VLANS
Let's see if it is a system issue or a XORP issue. What is the output of running the following command as root? vconfig add eth1 10 If that doesn't return an error it would help to see the whole log file. cheers, robert. Rodney Prescott wrote: Hi Robert, Thanks for the response, please find the tail of the logfile, basically states interface not recognised Help would be most appreciated! wthree:/var/log# tail messages Sep 17 09:17:58 localhost xorp_rtrmgr: [ 2007/09/17 09:17:58 ERROR xorp_rtrmgr:3935 RTRMGR +701 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc commit_pass2_done ] Commit failed: 102 Command failed Interface error on eth1.10: interface not recognized Sep 17 09:18:17 localhost xorp_fea: [ 2007/09/17 09:18:17 ERROR xorp_fea:3994 FEA +99 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/fea/ifconfig_set.cc push_config ] Interface error on eth1.10: interface not recognized Sep 17 09:18:17 localhost xorp_fea: [ 2007/09/17 09:18:17 WARNING xorp_fea XrlFeaTarget ] Handling method for ifmgr/0.1/commit_transaction failed: XrlCmdError 102 Command failed Interface error on eth1.10: interface not recognized Sep 17 09:18:17 localhost xorp_rtrmgr: [ 2007/09/17 09:18:17 ERROR xorp_rtrmgr:3935 RTRMGR +701 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc commit_pass2_done ] Commit failed: 102 Command failed Interface error on eth1.10: interface not recognized Sep 17 09:19:19 localhost login[12798]: (pam_unix) check pass; user unknown Sep 17 10:30:23 localhost kernel: bnx2: eth1 NIC Link is Down Sep 17 11:34:15 localhost kernel: bnx2: eth0 NIC Link is Down Sep 17 11:40:50 localhost xorp_fea: [ 2007/09/17 11:40:50 ERROR xorp_fea:3994 FEA +99 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/fea/ifconfig_set.cc push_config ] Interface error on eth1.10: interface not recognized Sep 17 11:40:51 localhost xorp_fea: [ 2007/09/17 11:40:50 WARNING xorp_fea XrlFeaTarget ] Handling method for ifmgr/0.1/commit_transaction failed: XrlCmdError 102 Command failed Interface error on eth1.10: interface not recognized Sep 17 11:40:51 localhost xorp_rtrmgr: [ 2007/09/17 11:40:50 ERROR xorp_rtrmgr:3935 RTRMGR +701 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/rtrmgr/master_conf_tree.cc commit_pass2_done ] Commit failed: 102 Command failed Interface error on eth1.10: interface not recognized On 18/09/2007, at 11:57 AM, Robert Bays wrote: Hi Guys, I know this response is *way* overdue... Sorry about that. FWIW, I just tried this on a freshly booted livecd and didn't see any errors. Maybe there is a clue in the /var/log/messages file? Cheers, Robert. Nick Davey wrote: Hmm, that's odd. I'm getting the same problem on eth1 on my OFR. set interfaces ethernet eth1 vif 1024 [edit] [EMAIL PROTECTED] commit [edit] Commit Failed 102 Command failed Interface error on eth1.1024 : interface not recognized I attempted to just create the VLAN interface without IPing it to see if there was some sort of race condition, but that doesn't seem to be the case. I also tried with a higher VLAN id in case that was some sort of issue. This also seems to affect the web interface, as I can't create vif's from the web interface. Maybe I'm doing something wrong though. The weird thing is is that I'm already using VLAN interfaces... Nick On 9/6/07, *Rodney Prescott* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, Trying as per the documentation set up VLANs on the Community version 2.2 So here is the problem [edit] [EMAIL PROTECTED] set interfaces ethernet eth1 vif 40 address 10.10.40.65 http://10.10.40.65 prefix-length 24 [edit] [EMAIL PROTECTED] commit [edit] Commit Failed [EMAIL PROTECTED] led Interface error on eth1.40: interface not [EMAIL PROTECTED] [edit] Does it on both the WEB interface and as above on the CLI, gets the same error message when Commit is used on the web as well HELP, as I need to have VLANs running for the Wireless Gear I am running, the multi SSIDs need unique VLANS Thanks in anticipation ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com mailto:Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] What are bridge groups in Vyatta OFR and how they work?
Hi Paco, Paco Alcantara wrote: If I have understood well, a bridge group allows the computer to work as a switch where I can create groups of interfaces that belongs to the same network domain. And I can also run spanning tree protocol in these group of interfaces. Yes. Some questions though, is it possible to assign virtual interfaces to create VLANs? VLANs are created in Vyatta by adding a vif to an ethernet interface. In case it is possible, may I create VLANs in a bridge group that has not assigned an IP address in a specific interface?? You can assign a vif to a bridge group using the bridge-group parameter. Under the current vyatta release IP addresses really should not be assigned to the member interfaces/vifs of the bridge group. And we unfortunately didn't include IP addressing on the bridge group interface itself so everything is un-numbered right now. Cheers, Robert. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vyatta xensource enterprise 4.x compatibility
Simone, We haven't tried vyatta in Xen 4, but it runs fine in Xen 3 with CPU virtualization (Intel VT). Para-virtualization requires a kernel rebuild, which isn't on our roadmap right now. Cheers, Robert. [EMAIL PROTECTED] wrote: Dear all, I need to use vyatta in xensource enterprise 4.x environment. Besides the standard cd live version I have seen a virtual appliance version availability. Vyatta_ServiceProviderVirtualization.pdf document talks about a support for xen and I’d like to know if it is xensource enterprise 4.x compatible, too. If not, could anyone tell me if it is programmed in the next releases and when? Thanks so much, Best regards. Simone ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Installation Question
AFAIK, no one at Vyatta has tried a WRAP, but we have tried other Geode based boards. You should be a able to make it work, but the limited memory is definitely a factor for BGP. The kernel is currently configured for 486/SMP not Geode. However, the Geode random, frame buffer, and crypto drivers are compiled as kernel modules in the current image. Good Luck. Cheers, Robert. Aubrey Wells wrote: You're going to have an interesting time running BGP on a wrap board. IIRC, the last time I used a WRAP platform they maxed out at 266Mhz CPU and 128MB of RAM. A full BGP feed won't fit into 128M of ram, and a 266Mhz proc is going to have a hard time keeping up with the BGP Scanner process every time there's a table update. If it were me, I wouldn't try to run BGP on that device. All that being said, Vyatta will *probably* run on the WRAP platform, but I haven't tried it. I have successfully run other Linux variants on WRAP boards, so the support is there if its enabled in the Vyatta kernel. You'll have to install it by hand though, as I don't think you can boot a wrap board over a usb cdrom drive. I'm sure someone from Vyatta will chime in here soon with a more definitive answer. Good luck! * * *--* *Aubrey Wells* /Senior Engineer/ Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Sep 20, 2007, at 5:27 PM, Ryan MacDonald wrote: Hello, I’m a complete newbie to Vyatta so I have a few questions. I’m currently running a similar firewall based on OpenBSD. My reason for switching is that our current system doesn’t support BGP. Aside from that, I was wondering if there are any instructions or if it is even possible to install Vyatta on a WRAP platform. We would like to make the change without new hardware if possible. I appreciate any advice. Thanks in advance, Ryan MacDonald [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Ambient Technical Group, LLC 8101 Oak Dr Palmetto, FL 34221 Phone: (941)-782-6217 Fax: (941)-782-6218 ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com mailto:Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vyatta login
Mike, Did you try appending pci=biosirq to your kernel boot parameters? It looks like the kernel is having a hard time allocating interrupts which could prevent the eth driver from accessing the hardware which in turn could prevent router manager from loading. If you haven't already, at the livecd boot prompt type Vyatta pci=biosirq and hit enter. Another option would be to go into the BIOS and change your IRQ settings... I don't remember off the top of my head what I used to have to do to get this to work, but if there is an option specifying OS type try changing it to other/non-windows. Cheers, Robert. silvertip257 wrote: Justin, sure -- didn't I attach my /var/log/messages to the email I sent to the list? ah well, here they are anyhow. Also like I told Marat, I was just trying to boot from my livecd, so I had no configuration any different than would be customary for the live environment. These are the whole thing/files: var_log_mesg.txt is the /var/log/messages file right after the livecd booted. v_l_msg_updt.txt is the /var/log/messages file after I tried to run xorpsh as root user. For just the last entry or so of v_l_msg_updt.txt (AFTER trying to use 'xorpsh'), here it is: /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/rtrmgr/xorpsh_main.cc wait_for_xrl_router_ready ] XrlRouter failed. No Finder? Sep 21 15:52:07 vyatta xorpsh: [ 2007/09/21 15:52:07 ERROR xorpsh:4891 RTRMGR +890 /home/autobuild/builds/master/2007-08-23-1113/ofr/xorp/xorp/rtrmgr/xorpsh_main.cc main ] xorpsh exiting due to an init error: Failed to connect to the router manager Sep 21 15:52:30 vyatta login[4894]: (pam_unix) check pass; user unknown Here's part of the file var_log_mesg.txt (BEFORE I started do various things to get the xorp shell running): Failed 10 times to connect to finder.sock: No such file or directory Sep 21 15:00:36 vyatta login[4764]: (pam_unix) check pass; user unknown Sep 21 15:00:55 vyatta login[4764]: (pam_unix) check pass; user unknown Sep 21 15:03:49 vyatta login[4788]: (pam_unix) check pass; user unknown Sep 21 15:04:04 vyatta login[4788]: (pam_unix) check pass; user unknown Sep 21 15:05:45 vyatta login[4802]: (pam_unix) check pass; user unknown Sep 21 15:05:51 vyatta login[4802]: (pam_unix) check pass; user unknown Hopefully this helps. Thanks for your interest, Mike On 9/21/07, *Justin Fletcher* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Well, piffle. If xorpsh didn't start the CLI, tends to indicate that there are other problems. Can you cut and paste the last log entries when you get a chance, and post it to the list as well? Best, Justin On 9/21/07, silvertip257 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Justin, I tried xorpsh and it didn't seem to get me anywhere. When I took a look at /var/log/messages again after running that cmd, I think there was another error message logged to the file. I'll have to check on that later. But vyatta/vyatta isn't getting me into the LiveCD system. Time to go to work, but I'll update this as I find something new. Thanks, Mike On 9/21/07, Justin Fletcher [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: vyatta/vyatta should certainly be correct. Since you can log in as root/vyatta, just run xorpsh as root; it'll put you in the Vyatta CLI. As Marat pointed out, there may be useful information in /var/log/messages, or show log from the CLI to help solve the issues logging as vyatta. Best, Justin On 9/21/07, silvertip257 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I know this will seem to be a rather stupid post, but I cannot seem to get into my vyatta after booting Live from CD. I've got both the VC2 and 2.2 versions on livecd and have not changed a thing - I'm booting Live. My main goal is to use Camarillo ( 2.2 ) so I'm as up-to-date as possible. I type vyatta and vyatta for username and password, respectively. I get Login Incorrect. Despite that user, root and vyatta for username and password work fine. I've watched the screencast on the vyatta site, so I'm not missing anything that I need to know. I also have all the user/help manuals for vyatta, so I have resources and did my homework. Please help me out, as I've finally eliminated the hardware issues I had before. Thanks, Mike ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com mailto:Vyatta-users@mailman.vyatta.com
Re: [Vyatta-users] How firewalls work using Vyatta OFR
Sorry for the late reply everyone. Been out of town for a while. I will try to summarize a few answers for this thread into one email. Hope it's clear. Vyatta uses iptables/netfilter for our firewall implementation. For discussion refer to the following diagram... This is pulled from section 3.2 of the Linux Netfilter Hacking HOWTO. http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-3.html ---PRE--[ROUTE]---FWD--POST-- Conntrack| Mangle ^Mangle Mangle | Filter |NAT (Src) NAT (Dst)||Conntrack (QDisc) | [ROUTE] v| IN Filter OUT Conntrack | Conntrack ^ Mangle | Mangle| NAT (Dst) v| Filter This diagram shows the order of netfilter hooks and what actions happen in each one. For example, in the NF_IP_PRE_ROUTING hook, all conntrack functions take place followed by mangle and dest NAT. Iptables allows the user to populate the input (NF_IP_LOCAL_IN hook), output (NF_IP_LOCAL_OUT), and forward (NF_IP_FORWARD) filter tables. In Vyatta, an in firewall populates the forward table with --in-interface implicitly added to the rules. An out firewall populates the forward table with an implicit --out-interface added to the rules. A local firewall populates the in table. We can see from this diagram that dest NAT happens before filtering and source NAT happens after filtering for traffic forwarded through the device. Also, NAT and firewall rules are connected to completely different netfilter hooks in the kernel (for forwarding). Specifying a NAT rule will not open any ports on the firewall. AFAIK, reflexive access lists were implemented in Cisco IOS because ACLs are not stateful. So if I have an ACl like access-list 101 permit tcp any 10.0.0.0 0.0.0.255 established I can get through the filter by sending packets with the headers faked to look like an established session because the router has no way to associate this session with a real outbound one. It simply trusts the packet when the packet tells it that it is part of an established session. This usually means the host will respond to the spoofed packet in some way and that allows me to gather information about the host like system type, services running, etc. (Or I can DOS you.) However, if the user implements a reflexive list, when an outbound packet is sent from the LAN a corresponding inbound ACL is dynamically created on the port. This means I don't have to use an established rule. The system is then not open to the world, only the IPs that the outbound requests were sent to. Using the established keyword in Vyatta turns the firewall into a stateful firewall. When an outbound request is sent from the LAN, a conntrack entry is created that tracks all further packets associated with that flow both inbound and outbound. When a spoofed packet comes in from the Internet a lookup is done in that conntrack table. If there is no existing session the packet is dropped. If you setup your filter as described by Allan, your LAN is protected from spoofed packets. Stateful filtering does away with the need for reflexive lists. Either way, reflexive or stateful, to allow sessions initiated from outside your network you have to punch holes in the firewall. Both reflexive and stateful require an outbound session before a hole is opened. So if you want to provide services (http, ssh, ftp, etc.) you have to explicitly open the associated ports so the initial session packets can reach your server. This is where your tcp/new filter comes in. So in the case of the border router, I would apply an in filter to my WAN interface that first permits established. Then if I were providing services, http for example, I would open up port 80/new. Continue to add services as required. Hope that helps. Cheers, Robert. Allan Leinwand wrote: Hi Tony, Thanks for the clarification. I have definitely heard of reflexive access-lists in IOS :) I'm not an expert on iptables, but what you say makes sense when considering a DoS SYN attack. That being said, I'm not entirely sure if we can do exactly what this IOS feature can do, but I do know we can rate limit TCP SYN handling with the syn-cookies enable command. Maybe Robert can save me from myself here - ummm... Robert? You can vote for new features at http://www.vyatta.com/twiki/bin/view/Community/TopEnhancements and we always take time to review this community input regularly. Take care, allan - Original Message - From: Tony Cratz [EMAIL PROTECTED] To: Allan Leinwand [EMAIL PROTECTED], [EMAIL PROTECTED] Sent: Thursday, October 4, 2007 5:59:59 PM (GMT-0800) America/Los_Angeles Subject: Re: [Vyatta-users] How firewalls work using Vyatta OFR Allan Leinwand wrote: Hi Tony, Thanks for the comments
Re: [Vyatta-users] Running Vyatta in RAID 1 setup? Performancemonitoring?
Daren, The following repository config works fine for me using livecd vc2-2: system { package { repository community { component: main url: http://archive.vyatta.com/vyatta; } repository etch { component: main url: http://http.us.debian.org/debian; } } } from rootsh, apt-get update apt-get install mdadm Daren Tay wrote: Hi guys, need to revisit this issue again I've tried to get mdadm using apt-get but it gave me errors... when I boot from LiveCD. In fact, so far I've not been able to update using the default Vyatta repository for apt-get. I had to add the other line to get what I need: in /etc/apt/sources.list deb http://ftp.de.debian.org/debian etch main Is that normal? Should that be the case, since this seems to be pointing to default debian packages.. may or may not be suitable for Vyatta? On the matter, is there anyone who did RAID 1 setup for their Vyatta router? Should I just use 2 partition, a 10MB one (config) and a 450MB (main partition)? What are your recommended partitions? Thanks! Daren -Original Message- From: Robert Bays [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 12, 2007 3:24 AM To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Running Vyatta in RAID 1 setup? Performancemonitoring? Given that software RAID takes up processor cycles, yes expect some performance hit. Since it's not something we regularly test though I can't guess as to how much to expect. Daren Tay wrote: So I will need to create the device when I run Vyatta from LiveCD, then do the installation? Think I should give that try.. but would I experience a performance hit? Daren -Original Message- From: Robert Bays [mailto:[EMAIL PROTECTED] Sent: Wednesday, 29 August 2007 02:28 To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Running Vyatta in RAID 1 setup? Performancemonitoring? It's possible, but untested. You would need to apt-get mdadm from the repository and create the raid device before you run install-system. Cheers, Robert. Daren Tay wrote: Anyone knows if it is possible? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay Sent: Monday, 27 August 2007 10:50 To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Running Vyatta in RAID 1 setup? Performancemonitoring? Hi guys, how do I install Vyatta in a Linux Software RAID environment? So far, I think it doesn't... because I wasn't prompt during installation. The installation was too easy (hahaha!) Also, what softwares/methods can I use to monitor Vyatta raid performance? Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] New router using CF for boot
Both tmpfs and unionfs are available in vc3. I wouldn't put all of var under tmpfs unless you never plan on using packages upgrades of any sort. However to change /var/log and /tmp to tmpfs file systems you should edit your /etc/fstab to add something like the following lines... Make sure you have enough r tmpfs /tmp tmpfs nosuid,nodev 0 0 tmpfs /var/log tmpfs nosuid,nodev 0 0 This is safe enough. Obviously, make sure you have enough RAM to handle your log files... The more complicated solution would be to install the system to boot using a union. In order to do that you would need to boot the livecd. Next create a partition and an ext3 file system on a local disk using parted or fdisk and mke2fs. Then mount the new partition and copy /live_media/ to the partition. Finally you will have to setup grub by hand on that partition. Create your partition/boot/grub/menu.lst file and run grub-install. These are not exact the exact steps, but the outline should provide enough pointers to get you going. this will create the root union using tmpfs. You can make writable union partitions by editing the fstab on the installed system after the first boot. Cheers, Robert. James Chapman wrote: Michael Steinhart wrote: Thanks for a good starting point. tmpfs / unionfs looks promising. Is tmpfs available on this distribution? Both are in the standard kernel.org sources, though I don't have VC3 to hand right now to check if they're configured in the Vyatta kernels. Even if they were enabled in the Vyatta kernel, startup scripts would need to be modified so you'd need to build the OFR from scratch to do this. While doing research on this issue I stumbled across aufs witch looks like the proper way to go. Can aufs be implemented with Vyatta? aufs is still in development. For sure, you could patch the Vyatta kernel with it, but I think unionfs would be fine for /tmp, /var. On Sun, 25 Nov 2007 17:02:53 + James Chapman [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: I am putting together a new router using VC3 to replace a Cisco 7507. We no longer need the advanced routing of the 7507 so I am putting together a basic / high performance router. I have installed VC3 to a CF card as the boot device. my thought was that the system would install to a ram disk on boot-up. This dos not appear to be the case. It looks like the CF is being accesses after the load. If it were assessed in read only mode there would be no concern but it seems that the log files are being written to the disk. This is an issue due to the limited number of erase/write cycles such devices have before failure. Flash memory specifications generally allow 10,000 to 1,000,000 write cycles The internal wear leveling of SD will increase the life of the flash to many more than 1,000,000 writes. However, I agree that writing log files and temporary files to flash will shorten flash life. Many Embedded Linux products put /var, /tmp, /dev and sometimes /etc in RAM using tmpfs / unionfs in order to minimize or eliminate flash writes during normal operation. Files written under those directories would of course be lost on reboot. But remote syslog could be used to store the router's log files on a remote server. Would configuring remote syslog eliminate most flash writes? An install-time option to put /var, /dev and /tmp into RAM would be ideal. -- James Chapman Katalix Systems Ltd http://www.katalix.com Catalysts for your Embedded Linux software development ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Bridge IP address
Hi Troopy, Attached is a new VC3 interfaces template file that should do what you want. Just put it in /opt/vyatta/share/xorp/templates/ and reboot. It will add an address parameter to the bridge interface. It doesn't add the IP to XORP unfortunately. (I tried that but couldn't get it to work for some reason. Have to do more digging...) But it should allow you to put the ip in the config and configure the interface on reboot. Give it a try and let me know if it fixes your issue... Cheers, Robert. Troopy . wrote: Hello, I didn't find any possibility to set a bridge IP address at the Vyatta platform level. What I did: configure the bridge at the Vyatta level and set an IP address at the Linux level. Vyatta level: set interface bridge br0 set interface ethernet eth0 bridge-group bridge br0 set interface ethernet eth1 bridge-group bridge br0 Linux level: ifconfig br0 10.9.0.222 netmask 255.255.255.0 Result: it works fine but it would be better to be able to add the IP address at the Vyatta level. REgards Troopy -- Original Message -- From: Troopy . [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 27 Nov 2007 10:00:48 +0100 Hello, The BGP base study link was wrong, here is the good one: http://openmaniak.com/vyatta_case4.php OM Team -- Original Message -- From: Troopy . [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 27 Nov 2007 08:55:45 +0100 Hello, We released a little case study about Vyatta Packages. http://openmaniak.com/vyatta_case_package.php Our BGP tutorial is still pending: http://openmaniak.com/vyatta_case_bgp.php REgards OM Team __ Désirez vous une adresse éléctronique @suisse.com? Visitez la Suisse virtuelle sur http://www.suisse.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users __ Désirez vous une adresse éléctronique @suisse.com? Visitez la Suisse virtuelle sur http://www.suisse.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users __ Désirez vous une adresse éléctronique @suisse.com? Visitez la Suisse virtuelle sur http://www.suisse.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users interfaces { targetname: txt = fea; restore:bool = false; loopback @: txt { description:txt = ; address @: ipv4 { prefix-length: u32; broadcast: ipv4; multicast-capable: bool; disable:toggle = false; } address @: ipv6 { prefix-length: u32; broadcast: ipv6; multicast-capable: bool; disable:toggle = false; } } ethernet @: txt { disable:toggle = false; discard:toggle = false; description:txt = ; mac:macaddr; hw-id: macaddr; mtu:u32; duplex: txt = auto; speed: txt = auto; address @: ipv4 { prefix-length: u32; broadcast: ipv4; multicast-capable: bool; disable:toggle = false; } address @: ipv6 { prefix-length: u32; broadcast: ipv6; multicast-capable: bool; disable:toggle = false; } bridge-group { bridge: txt; cost: u32; priority: u32; } vif @: txt { disable:toggle = false; description:txt = ; address @: ipv4 { prefix-length: u32; broadcast: ipv4; destination:ipv4; multicast-capable: bool; point-to-point: bool; loopback: bool; disable:toggle = false; } address @: ipv6 { prefix-length: u32; broadcast: ipv6; destination:ipv6; multicast-capable: bool; point-to-point: bool; loopback: bool;
Re: [Vyatta-users] How to implement various Routing Discipline in Vyatta ?
Hi Saptarshi, You can't change the queue type in the config right now. We are shooting for a Q1 release that will allow you to do that. Take a look at the following application note for now. It should give you some idea of how to do what you are looking for. http://www.vyatta.com/documentation/general/Vyatta_VOIPQOS_App_Note.pdf Cheers, Robert. saptarshi moitra wrote: Hi Everyone Does anyone have the idea if the Routing disciplines of the Vyatta router can be changed in its configuration file? Suppose I want to implement various queuing and packet scheduling disciplines like FIFO, FQ, WFQ, RR in my router how do I go about doing it ? Thanks in advance for the help ! Saptarshi ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] vyatta on soekris or alix platform
Mathias, We have installed on Soekris net4801 successfully before. Worked well for a very low end system. Cheers, Robert. Mathias Houngbo wrote: Hi Everybody are there someone who successfull install vyatta software on Soekris or Pcengines Alix platform ? thanks -- Mathias HOUNGBO +229 97.07.63.02 http://97.07.63.02 +33(0)4.88.00.85.50 - fixe cotonou et ca marche bien http://mathias.houngbo.net/ ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta Router Test Unsucessful last night
What kind of circuit is it? Do you need to clone your old MAC address? Short of that it would help to be able to see the config. Shane McKinley wrote: I attempted the throw from Cisco to Vyatta last night, and failed. From what I can see, the Vyatta configuration is comparable to the Cisco's configuration with the exception of the subnets on the interface being class C since Vyatta cannot create routes directed toward an interface through the CLI. The problem: I could not ping my ISP's router (Vyatta's default route). I am pretty sure they are running Cisco equipment. Everything on our side worked fine (routes, etc). Could it be possible that they would need to clear arp cache or something similar? I am really stumped on this one. I even set an address on my laptop in the same subnet of the Vyatta up side, and it talked to my laptop. If anyone has seen a similar senario and has any tips please let me know, OR if you would like to see the cisco config and the Vyatta config to take a look, I am willing to provide. Thanks, Shane McKinley Habersham EMC ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Managing different subnet with different gateway
Daren, If I am understanding you correctly you want to route the first local interface out one gateway and the second local interface out the second gateway. You would need to use source based routing to do what you are looking for. That's not currently supported in the cli, but you can do it from the linux command prompt using the ip tool. Something like this should work for you. #ip route add default via 10.0.0.1 dev eth0 tab 1 #ip route add default via 10.1.0.1 dev eth1 tab 2 #ip rule add from 192.168.16.0/24 tab 1 priority 500 #ip rule add from 192.168.17.024 tab 2 priority 600 Cheers, Robert. Daren Tay wrote: Hi there, my intention is just to use one router to handle 2 subnet. But each subnet has their own gateway, so how do I specify the different gateway on the router? Thanks! Daren -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of *Nick Davey *Sent:* Thursday, January 03, 2008 11:25 PM *To:* Daren Tay *Cc:* vyatta-users@mailman.vyatta.com *Subject:* Re: [Vyatta-users] Managing different subnet with different gateway I don't know if I'm understanding this right. You want to add a second subnet on a second interface of the Vyatta router? In that case, yes it will work fine, without much extra configuration (you may need to modify your NAT/firewall rules). That's a pretty straight forward setup though. If you are looking to add a second router to your network, with a second network behind that router you would need to add static routes for the network behind the second router, and a default route on the second router. Alternatively you could use a simple routing protocol like RIP. Make sense? On Jan 3, 2008 3:13 AM, Daren Tay [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi guys, happy 2008 wherever you guys are! I have a question: Currently my vyatta router is handling one subnet with one gateway, using NAT for the servers. SO basically its just static routing. I now need to add another subnet (different project) into the picture, which has its own gateway. Can the vyatta router handle 2 different subnet, each with its own gateway? Do advice ;) Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com mailto:Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Managing different subnet with different gateway
Daren, Yep. The tool is the standard linux ip command. The ip rule from part tells the system that anything from this address should go to table n. Each table has a separate default route. XORP *shouldn't* kill these routes since they aren't in the master table. YMMV. As Aubrey correctly pointed out, you will want to add these commands to your startup files so they are added at each boot. As for tracking bandwidth, you could also poll interface stats using SNMP and rrdtool/mrtg. (ifOutOctets) Good Luck! Cheers, Robert. Daren Tay wrote: Hi guys, yeah I want to route them out different gateway. what is this ip tool you are refering to? you mean the standard 'ip' command over the linux kernel? And if I issue these command, won't xorp override it everytime i do a commit within it? I thought Vyatta overrides any routing/settings the kernel has.. so base on what you are advicing me, #ip route add default via 10.0.0.1 dev eth0 tab 1 #ip route add default via 10.1.0.1 dev eth1 tab 2 #ip rule add from 192.168.16.0/24 tab 1 priority 500 #ip rule add from 192.168.17.024 tab 2 priority 600 say my subnet 1 is 192.168.16.0/24 subnet 2 is 192.168.17.0/24 by add the above, i can define the default gateway out? And as my original question mention, will it interfere with Vyatta's settings (static routing etc), or vice versa? On a side note, am I able to track bandwidth usage on each of this interface? Thanks! Daren -Original Message- From: Aubrey Wells [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 6:19 AM To: Robert Bays Cc: Daren Tay; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Managing different subnet with different gateway hmmm I did not know you could do that with ip in linux. very interesting. you just solved a problem for me as well, thanks. :-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 3, 2008, at 1:14 PM, Robert Bays wrote: Daren, If I am understanding you correctly you want to route the first local interface out one gateway and the second local interface out the second gateway. You would need to use source based routing to do what you are looking for. That's not currently supported in the cli, but you can do it from the linux command prompt using the ip tool. Something like this should work for you. #ip route add default via 10.0.0.1 dev eth0 tab 1 #ip route add default via 10.1.0.1 dev eth1 tab 2 #ip rule add from 192.168.16.0/24 tab 1 priority 500 #ip rule add from 192.168.17.024 tab 2 priority 600 Cheers, Robert. Daren Tay wrote: Hi there, my intention is just to use one router to handle 2 subnet. But each subnet has their own gateway, so how do I specify the different gateway on the router? Thanks! Daren -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of *Nick Davey *Sent:* Thursday, January 03, 2008 11:25 PM *To:* Daren Tay *Cc:* vyatta-users@mailman.vyatta.com *Subject:* Re: [Vyatta-users] Managing different subnet with different gateway I don't know if I'm understanding this right. You want to add a second subnet on a second interface of the Vyatta router? In that case, yes it will work fine, without much extra configuration (you may need to modify your NAT/firewall rules). That's a pretty straight forward setup though. If you are looking to add a second router to your network, with a second network behind that router you would need to add static routes for the network behind the second router, and a default route on the second router. Alternatively you could use a simple routing protocol like RIP. Make sense? On Jan 3, 2008 3:13 AM, Daren Tay [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi guys, happy 2008 wherever you guys are! I have a question: Currently my vyatta router is handling one subnet with one gateway, using NAT for the servers. SO basically its just static routing. I now need to add another subnet (different project) into the picture, which has its own gateway. Can the vyatta router handle 2 different subnet, each with its own gateway? Do advice ;) Thanks! Daren ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com mailto:Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users
Re: [Vyatta-users] Managing different subnet with different gateway
Daren, I would still setup a global default route in the router to handle traffic not explicitly source routed. Cheers, Robert. Daren Tay wrote: Hi guys, one more question: say I do the below mentioned way to have multi-gateway setup, but there'll still be a default gateway set in xorpsh yeah? Will this affect how traffic is routed out? Or should I just do away with the default gateway setup? Thanks! Daren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daren Tay Sent: Saturday, January 05, 2008 12:32 PM To: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Managing different subnet with different gateway Ah silly me, the obvious Thanks! Daren -Original Message- From: Robert Bays [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 7:00 AM To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Managing different subnet with different gateway Running traceroute from a system on each subnet should show you different paths. cheers. Daren Tay wrote: Cool guys :) I'm gonna give the ip rule a test when I head back to office on monday, but how do I determine that it is working? Once that is done, I'll look into the bandwidth throttling. Daren -Original Message- From: Robert Bays [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 5:17 AM To: Daren Tay Cc: vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Managing different subnet with different gateway Daren, Yep. The tool is the standard linux ip command. The ip rule from part tells the system that anything from this address should go to table n. Each table has a separate default route. XORP *shouldn't* kill these routes since they aren't in the master table. YMMV. As Aubrey correctly pointed out, you will want to add these commands to your startup files so they are added at each boot. As for tracking bandwidth, you could also poll interface stats using SNMP and rrdtool/mrtg. (ifOutOctets) Good Luck! Cheers, Robert. Daren Tay wrote: Hi guys, yeah I want to route them out different gateway. what is this ip tool you are refering to? you mean the standard 'ip' command over the linux kernel? And if I issue these command, won't xorp override it everytime i do a commit within it? I thought Vyatta overrides any routing/settings the kernel has.. so base on what you are advicing me, #ip route add default via 10.0.0.1 dev eth0 tab 1 #ip route add default via 10.1.0.1 dev eth1 tab 2 #ip rule add from 192.168.16.0/24 tab 1 priority 500 #ip rule add from 192.168.17.024 tab 2 priority 600 say my subnet 1 is 192.168.16.0/24 subnet 2 is 192.168.17.0/24 by add the above, i can define the default gateway out? And as my original question mention, will it interfere with Vyatta's settings (static routing etc), or vice versa? On a side note, am I able to track bandwidth usage on each of this interface? Thanks! Daren -Original Message- From: Aubrey Wells [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 6:19 AM To: Robert Bays Cc: Daren Tay; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Managing different subnet with different gateway hmmm I did not know you could do that with ip in linux. very interesting. you just solved a problem for me as well, thanks. :-) -- Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Jan 3, 2008, at 1:14 PM, Robert Bays wrote: Daren, If I am understanding you correctly you want to route the first local interface out one gateway and the second local interface out the second gateway. You would need to use source based routing to do what you are looking for. That's not currently supported in the cli, but you can do it from the linux command prompt using the ip tool. Something like this should work for you. #ip route add default via 10.0.0.1 dev eth0 tab 1 #ip route add default via 10.1.0.1 dev eth1 tab 2 #ip rule add from 192.168.16.0/24 tab 1 priority 500 #ip rule add from 192.168.17.024 tab 2 priority 600 Cheers, Robert. Daren Tay wrote: Hi there, my intention is just to use one router to handle 2 subnet. But each subnet has their own gateway, so how do I specify the different gateway on the router? Thanks! Daren -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of *Nick Davey *Sent:* Thursday, January 03, 2008 11:25 PM *To:* Daren Tay *Cc:* vyatta-users@mailman.vyatta.com *Subject:* Re: [Vyatta-users] Managing different subnet with different gateway I don't know if I'm understanding this right. You want to add a second subnet on a second interface of the Vyatta router? In that case, yes it will work fine, without much extra configuration (you may need to modify your NAT
Re: [Vyatta-users] latency tool
Hi Troopy, You want to look at netperf... http://www.netperf.org/ Cheers, Robert. Troopy . wrote: Hello, i have a question not directy related to Vyatta but more to networking. I am looking for a tool that is able to measure the (one-way) latency or delay. From what i know ping or traceroute are only able to measure the RTT. Thanks Troopy __ Désirez vous une adresse éléctronique @suisse.com? Visitez la Suisse virtuelle sur http://www.suisse.com ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] NetFlow
Max, Are you looking for an x-flow collector or are you looking for the Vyatta to be a flow exporter? Cheers, Robert. Peter Wohlers wrote: netflow == nice sflow == better (imho, at least) sflow is open, and gives L2 info as well as full bgp path stats rather than just srcAS and peerAS info. Or you could totally blow our socks off and do both ;) But then again, you don't *really* wanna be writing royalty checks to crisco now, do you? --Peter Max wrote: Wooo! Very nice! Man Vyatta sure is going to be one power house of a router here soon :D On Jan 17, 2008 1:23 PM, Dave Roberts [EMAIL PROTECTED] wrote: Are there any plans to build NetFlow support into Vyatta? Yup. It's something we're looking at over the next three releases or so. Don't hold me to this, but hopefully sometime in the summer timeframe. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] NetFlow
There are methods for doing this in kernel using ip_conntrack_netlink and ulogd2, but last time I looked they weren't incredibly mature. I should probably browse the code again and see what the current state of the state is. Until then, you can add userspace applications that use libpcap to generate flow information. Check out ntop or netramet. Both of these applications will require more processor and memory than your average Vyatta router. Ntop should include nProbe which allows you to export the flow data. Ntop is available as a debian package. Just add the debian lenny repo to your config, apt-get update, apt-get install ntop to check it out. As a bonus, it generates pretty graphs... Max wrote: I am looking for Vyatta to be an exporter. Right now I just have a span/mirror port configured on a switch that gives me pretty good visibility, but I rather work in flows right off the router. All of our routers send flow data out to one of our collectors at the moment. On Jan 17, 2008 1:41 PM, Robert Bays [EMAIL PROTECTED] wrote: Max, Are you looking for an x-flow collector or are you looking for the Vyatta to be a flow exporter? Cheers, Robert. Peter Wohlers wrote: netflow == nice sflow == better (imho, at least) sflow is open, and gives L2 info as well as full bgp path stats rather than just srcAS and peerAS info. Or you could totally blow our socks off and do both ;) But then again, you don't *really* wanna be writing royalty checks to crisco now, do you? --Peter Max wrote: Wooo! Very nice! Man Vyatta sure is going to be one power house of a router here soon :D On Jan 17, 2008 1:23 PM, Dave Roberts [EMAIL PROTECTED] wrote: Are there any plans to build NetFlow support into Vyatta? Yup. It's something we're looking at over the next three releases or so. Don't hold me to this, but hopefully sometime in the summer timeframe. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] VLAN PROBLEM
Erwin, What does show interfaces system say? Does the following command sequence make any difference in the outcome? set interfaces ethernet eth1 vif 20 commit set interfaces ethernet eth1 vif 20 address 10.10.20.24 prefix-length 24 commit cheers, robert. Erwin kobe Tolentino wrote: I Configure my Vyatta as a router with a VLAN my configuration is set interfaces ethernet eth1 vif 20 address 10.10.20.24 prefix-length 24 but once i commit there's a error 102 command failed Interfaces error on eth1.20: interface not recognized pls. anyone can help me Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Weird Routing problem on VC2
Comments inline... As you can see, the router seats in front of the load balancer. First... generally whenever I plug out the network cable from the router, and insert it back later, everything will fail to route. Its as if the route table cannot get the new info on its own.. I have to reset the box to get back the settings. The link state monitor in VC3 is a little fickle. You may be seeing artifacts of that. It has been drastically improved in the glendale release. I wouldn't suggest trying out the alpha in production, but it should fix that issue if you want to play around with it in the lab. secondly, I just add another webserver to the cluster (3rd one). Interestingly, after adding it, I can't ping the new server nor ssh it from the router. In fact, from the router, I can't ping the load balancer. But I can ping the existing 2 web servers perfectly. The entire website is still running. Some thoughts... I'm going to assume your subneting is setup correctly. What does your arp cache on the router say about the new host? You don't say what kind of load balancer you are using, but is it hiding th web server from the router? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Restricting access to default route
comments inline... Michel van Horssen wrote: Thing is, those messages talk about the IP command on the shell prompt, there are also policies possible in the cli. Are those the same? No. Policy routing is not included in the CLI right now. You must use the ip command in the linux shell. Our situation is as follows: eth0: 192.168.1.0/24 interface adres is 192.168.1.1 eth1: 192.168.10.0/24 interface adres is 192.168.10.1 eth2: 192.168.254.0/24 interface adres is 192.168.254.2 (router on the other end with 192.168.254.1) The default next hop to the firewall would be 192.168.1.2 this should be restricted to a few computers in the 192.168.10.0/24 segment. What I've read so far is that the cli can't handle it and I would have to do it on the root shell with the IP command. The first rule would be: ip route add default via 192.168.1.2 dev eth0 tab 1 But then I'm stuck because the servers and a few clients who would be allowed access to that default route aren't all in a nice string of addresses. What I would like is to tell that the range from 192.168.10.10:192.168.10.50 and 192.168.10.155 etc etc wuld be allowed to go to that next hop. You will have to break that range into smaller ranges for your ip rule statements. For example, the first range of 10.10 to 10.50 would be something like this... ip rule add from 192.168.10.10/31 tab 1 ip rule add from 192.168.10.12/30 tab 1 ip rule add from 192.168.10.16/28 tab 1 ip rule add from 192.168.10.32/28 tab 1 ip rule add from 192.168.10.48/31 tab 1 ip rule add from 192.168.10.50/32 tab 1 Cheers, Robert. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Installation Problem - booting hangs
One other thing to look into... Make sure you're not using the RAID functionality of the SIS964. Robert Bays wrote: Stefan, Looks like grub isn't loading stage 1.5. One thing to check... In the BIOS there may be a setting that switches the disk mode from normal to LBA. It should be set to LBA... Cheers, Robert. Stefan Leippert wrote: Hello List, trying to install Vyatta community edition 3, installation suceeded ok, but booting hangs: GRUB Loading stage1.5 GRUB loading, please wait. Then nothing more happens. I tried following things: loaded new image and installed from this. tried different harddisks SATA and PATA. before install-system, I tried dd /dev/zero /dev/hda count=1, but doesnt't help. Hardware is a small Barebone-PC with SIS964, Intel Celeron 220, 512 MB RAM. Found some strange messages in /var/log/messages, when booting again from CD. vyatta kernel: copy_e820_map() start ... size 09fc00 end 9fc00 type: 1 Enabling APIC mode: Flat: Using 0 I/O APICs BIOS bug, no explicit IRQ entries using default mptable Cannot allocate resource for EISA slot 1 Cannot allocate resource for EISA slot 2 hdb: _NEC DV-5800, Atapi CD/DVD-ROM ide0 at 0x1f0-0x1f7, 0x3f6 on irq 14 ATA: abnormal status 0x7F on port 0x2367 Registering unionfs 2.0 agpgart: Unuspported SiS chipset (device id: 0662) Any tips or information ? ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale First Impressions
Hi Nick, Thanks for the great feedback! We love to see this kind of input from the community. It's incredibly helpful. Glendale has undergone a huge number of changes and some of them, such as the CLI, are revolutionary as opposed to evolutionary. The goal is to have Glendale's new features be useful as opposed to just different. External feedback helps to keep us honest to that goal. Comments inline.. Nick Davey wrote: - top doesn't take you to the top of the command line hierarchy, it runs the shell top program. For example if you edit interfaces ethernet eth3, make changes and then type top it runs the top program. This was bug 2616 and has been fixed. It will be available in the next release. -Right now it appears you can't edit service dhcp-server. The command line hierarchy was one of the best features of this CLI, it should be added to everything. I know it's a new command line and I hope this is something you guys are working on. Not sure, but this may be related to 2614 which was fixed and should be in the next release. - I think I saw this about the previous release, however it appears to be the same in Glendale. Even if an interface description is set in the command line SNMP returns the following values for interface description: Found item [ifDescr='eth0'] index: 2 [from value]. Interface descriptions are a big deal in the service provider arena; it should be very easy to indentify interfaces by description. Descriptions should show up in the output of show interface system. If you get a second would you take a look at bug 369 and submit some feedback? - You don't seem to be able to use run to execute some commands from inside config mode. Just like do in Cisco IOS, run in this CLI is an essential tool that simplifies troubleshooting new configs In config you should be able to just type in the command. For example... [edit] [EMAIL PROTECTED] ping 1.1.1.1 will work. - There doesn't seem to be a way to run OSPF of VIFs. Please tell me I'm crazy and this is not the case. This looks like it has been fixed in the latest nightly build. - I don't mind the new CLI, however I REALLY miss the ? and the space auto completion. If there is any way we can work to getting that back I would be over the moon. I know there has been some discussion about this, but I figured I'd voice my opinion as well, as late as it is. I've talked with An-Cheng about ? help. I think we agreed that he would set it up that ? would bind to help by default, but that it could be turned on or off on a per user basis. I need to follow up with him on that. Space completion has been submitted as bug 2771. Can we use the clear ip ospf to reset the ospf process built into Quagga in the shell? - show ospf4 database self-originate is one of the best commands to troubleshoot ospf with, can we please work towards adding it? I will open bugs on these and let you know what the bug numbers are. Thanks again! Cheers, Robert. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Vyatta Wan capacities
Hi Venkat, In my experience the handoff depends largely on your carrier, the facilities in your building, and where you are in the world. I would start out by finding out what the facilities look like at your site and that will go a long way towards answering what your options are. A quick walk through the building's telco closet can tell you a lot. Some carriers do provide an onsite device that will terminate serial/optical lines and handoff as ethernet so that may be an option for you. If not, Vyatta only supports a T3 wan interface right now. We don't have support for an OC3 card yet. But I think I just rephrased what you originally said. Did that answer the question? Cheers, Robert. Venketesan wrote: Hi, We are trying to determine what sized deployment can we use a Vyatta router. Our concern is that Vyatta can support a max of T3 WAN lines and not beyond like oc-12 etc. We had a few questions if someone could answer: 1. The link from the ISP to a enterprise site, is it usual for the ISP to drop a T3\OC-12 line at the site ina layer 1 transmission equipment and the enterprise is expected to take up the T3\OC-12 line into the router? If this is the case we can use Vyatta only upto T3 speeds? OR 2. Is it common network deployment method for an ISP to drop an Etherenet line at the enterprise site via a layer 2 switch capable of receive T3 and OC12 lines? The enterprise then takes the the 802.3 ethernet out of the switch into the router. If this is the case we are good in using Vyatta routers upto Gb speeds. Thanks, Venkat ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Impressions on Glendale
Hi Brandon, Thanks again for the response. I just wanted to make one quick comment. We do try to submit all of our changes and patches back to the upstreams. It makes our lives much easier on the integration side. If we don't submit something it's through an oversight as opposed to anything else. Like all open source developers, sometimes our patches are accepted and sometimes they aren't. OSS is an amazing, wonderful, and often painful process... Cheers, Robert. Brandon Bennett wrote: Thank you for the very detailed response and you have made some of my first impressions fears fade away. Great to hear that you are planning on providing customization to vbash. It is not a bad shell, it just seems odd to combine bash with my router configuration. I was afraid of tab-completion issues and accedental commands being ran (or overlapping) I can understand about XORP, but my understanding was that vyatta was going to help groom XORP and submit patched back up stream like many commercial to OSS projects do. I too am looking for a router to handle large BGP configs so this is a good step in the right direciton. I am just going to miss the JunOS type polices and am not looking forward route-maps, OSPF/BGP network statements, etc. I thought XORP had done that part right. It seems like a ugly pig (IOS/Quagga) with lipstick on (JunOS type stanzas). Again I really appreciate the quick and detailed response and will be following the development closely. Thanks again, Brandon On Wed, Feb 27, 2008 at 12:50 PM, Robert Bays [EMAIL PROTECTED] wrote: Hi Brandon, Sorry to hear your first impression of Glendale was not up to expectations. Could you help us to understand your reactions a little better so we can improve on the next milestone? Specifically, which parts of the vbash shell didn't you care for? Was it a look and feel issue or was it more of an issue with the configuration syntax or something else entirely? The goal of vbash was to have the user interface be configurable to have either a bash look and feel or a Juniper like look and feel based on user preference. We accomplish this by allowing the user to set an environment variable in the shell that changes the help and auto completion to limit their output and set a user level that limits execution privileges to router commands only. There are a few areas we need to work on, such as space auto completion, but we hope to get it to the point where there is no visual difference between a Juniper like shell and the vbash shell if you choose to setup your user that way. Could you let us know, in your opinion, what else we need to do to reach that goal? As related to the routing protocol stack, the decision was made to change after extensive analysis of the potential to scale XORP in large routing topologies. Many of our users are running big, complicated BGP networks and we ran into some fundamental limits with the existing code base. We did spend a significant amount of time optimizing that code with some success before hitting a fundamental performance limit. It was at that time that we had to weigh options. The decision to switch was not taken lightly and was based on testing results looking into a combination of factors; primarily stability and scale and only secondarily feature differences. It would help us if you give a configuration example of what you liked in the previous release that the current release falls short on or a feature comparison where there are deficiencies. Maybe we can craft the next release more in line with those expectations. IMHO, in the end it shouldn't matter what routing protocol stack is being used as the underlying technology as long as it is fast, scalable, stable, easy to use, and has the features that satisfy the topology requirements of the installation. We made the switch after extensive analysis of the fast, scalable, stable, features requirements. Maybe we can change the presentation to better help with the easy to use requirement. Cheers, Robert. Brandon Bennett wrote: I have been following the the development of Vyatta over the course of about the past year and have been really excited to see it progress. As a Network Engineer for that last 7 years I have been brought up on IOS and over the past 2 years or so I have been learning JunOS. Initially with previous Vyatta releases I was very excited to see the JunOS like XORP engine being used along with it's powerful policies, elegant configurations solutions, and overall ease of use. After reading the release notes for Glendale (VC4 Alpha 2) I was very excited about the new features and loaded it up in a VMWare as soon as I could. Lets just say I was more than disappointed once it loaded up. 1) The new vbash interface. I love the fact that there is a UNIX interface to my