VyOS Platform Blog

VyOS 1.2.2 maintenance release

Written by Daniil Baturin | July 15, 2019 4:04:25 PM Z

VyOS 1.2.2 maintenance release is now available. Our customers and active contributors who have a subscription can download the images from the support portal, and everyone can also build it from the crux branch of the vyos-build repository.

 

Cloud images are taking a bit longer to complete, but they also will be available in a couple of days.  Images for Amazon EC2 and Microsoft Azure are already available.

 

We are also introducing VyOS on the Packet Cloud with this release.

New features

Options for MSS clamping

There are now options for per-interface MSS clamping. For example:

  • set firewall options interface eth0 adjust-mss 1300
  • set firewall options interface eth0 adjust-mss6 1300

New BGP options

  • Extended next-hop capability: set protocols bgp 65535 neighbor 192.0.2.10 capability extended-nexthop
  • Relaxed multipath option (consider paths with equal length multipath candidates): set protocols bgp 65535 parameters bestpath as-path multipath-relax
  • Internal an external options for "remote-as" (accept any AS as long as it's the same to this router or different, respectively): set protocols bgp 65535 neighbor 192.0.2.10 remote-as <internal|external>
  • "Unnumbered" (interface-based) BGP peers: set protocols bgp 64840 neighbor 192.0.2.10 interface [v6only] <remote-as ...|peer-group ...>
  • Not prepending local AS for non-local routes: set protocols bgp 64800 neighbor 191.0.2.10 local-as 64800 no-prepend
  • Additive BGP community option (add rather than replace): set policy route-map Test rule 10 set community additive

OSPFv3 options

  • Network type option: set interfaces ethernet eth0 ipv6 ospfv3 network <broadcast|point-to-point>

Custom arguments for VRRP scripts

Due to an oversight, VRRP scripts could not use arguments, so you couldn't easily reuse the same script in multiple groups. That's no longer the case. You can pass any arguments to those scripts now:

# show high-availability 
 vrrp {
     group Test {
         health-check {
             script "/config/scripts/pinger.sh 192.0.2.100"
         }
         interface eth0
         transition-script {
             backup "/config/scripts/vrrp-state.sh backup 192.0.2.10"
             master "/config/scripts/vrrp-state.sh master 192.0.2.10"
         }
         virtual-address 192.0.2.10/24
         vrid 10
     }
 }

A script for querying values from config files.

The new config parser could originally be used only from OCaml and Python programs, but now its capabilities are also available to shell scripts through the vyos-config-file-query utility.

If you want to add some kind of a custom initialization procedure, you can call your script in /config/scripts/vyos-preconfig-bootup.script. We are not aware of anyone doing that yet, but if you make something interesting, let us know.

vyos@vyos# /usr/bin/vyos-config-file-query --file /config/config.boot --return-value --path "system host-name" 
vyos

vyos@vyos# /usr/bin/vyos-config-file-query --help
usage: vyos-config-file-query [-h] -p PATH -f FILE [-s SEPARATOR] [-j]
                              (--return-value | --return-values | --list-nodes | --exists)

optional arguments:
  -h, --help            show this help message and exit
  -p PATH, --path PATH  VyOS config node, e.g. "system config-management
                        commit-revisions"
  -f FILE, --file FILE  VyOS config file, e.g. /config/config.boot
  -s SEPARATOR, --separator SEPARATOR
                        Value separator for the plain format
  -j, --json
  --return-value        Return a single node value
  --return-values       Return all values of a multi-value node
  --list-nodes          List children of a node
  --exists              Check if a node exists

Resolved issues

  • Linux kernel 4.19.54, including a fix for the TCP SACK vulnerability
  • VRRP health-check scripts now can use arguments (T1371)
  • DNS server addresses coming from a DHCP server are now correctly propagated to resolv.conf (T1497)
  • Domain-specific name servers in DNS forwarding are now used for recursive queries (T1469)
  • “run show dhcpv6 server leases” now display leases correctly (T1433)
  • Deleting “firewall options” node no longer causes errors (T1461)
  • Correct hostname is sent to remote syslog again (T1458)
  • Board serial number from DMI is correctly displayed in “show version” (T1438)
  • Multiple corrections in remote syslog config (T1358, T1355, T1294)
  • Fixed missing newline in /etc/hosts (T1255)
  • “system domain-name” is correctly included in /etc/resolv.conf (T1174)
  • Fixed priority inversion in “interfaces vti vtiX ip” settings (T1465)
  • Fixed errors when installing with RAID1 on UEFI machines (T1446)
  • Fixed an error on disabling an interfaces that has no address (T1387)
  • Fixed deleting VLAN interface with non-default MTU (T1367)
  • vyos.config return_effective_values() function now correctly returns a list rather than a string (T1505)