We've learned plenty of lessons running this in production, so we've wrapped up our changes and brought them to v0.2:
prevent route-leaks with "bgp parameters default no-ipv4-unicast" (see T1148 for more information)
support default-originate
for each address-family
for a BGP neighbor
add -LONG-
variants hphr-DFZ-LONG-IPv4
, hphr-DFZ-DEFAULT-LONG-IPv4
, hphr-DFZ-LONG-IPv6
, hphr-DFZ-DEFAULT-LONG-IPv6
as prefix-lists for e.g. transit customers who should receive "longer than usual" prefixes from your AS
add most-specific
boolean to prefix-lists auto-generated by bgpq3 so that e.g. you can accept more specifics from downstream customers to whom you provide multiple transit links
change netflow sampling to be done by iptables -m statistic
rather than sending all packets to uacctd, which has a marked improvement on CPU usage
use iptables --nflog-size 64
where --nflog-range 64
is deprecated
We are running this release in production at AS41495, across multiple datacentres with transit, peering, core links, and downstream customers all speaking to our hphr-powered VyOS routers. You can find out more about our deployment:
We were originally scheduled to speak about hphr at UKNOF46 in April. This has been postponed till 26th October 2020.
Published by maznu over 4 years ago
This release is based off the version of vyos.conf.j2
we use in our private repository, but with a cobbled-together set of example pillar data.
We use this in production at AS41495 aka FAELIX but for now I am marking this as a pre-release as it comes with no warranty — if it breaks your network, you get to keep all the pieces.