I have been using VRFs on my Linux routers for some time. While the idea of it sounds pretty good, the actual implementation is pure pain and suffering. If you want to do firewalling, for example, you will quickly find out that the source interface information is lost when that traffic is in a VRF. Nftables rules with iifname where the interface is within a VRF, will not match, because the interface name will be the VRF interface instead. ...

The problem This week at work while upgrading a hypervisor from Bullseye to Bookworm, the automatic provisioning failed. Upon closer inspection, it became clear the failure was caused by the machine not having network connectivity after the first step of provisioning. Upon closer inspection, things became clearer: the predictable interface names had changed. On a Bullseye host of the same model we have: 2: enp65s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000 link/ether f8:f2:1e:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet6 fe80::faf2:1eff:xxxx:xxxx/64 scope link valid_lft forever preferred_lft forever 3: enp65s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000 link/ether f8:f2:1e:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet6 fe80::faf2:1eff:xxxx:xxxx/64 scope link valid_lft forever preferred_lft forever On the Bookworm host we have: ...

A simple and easy way to share your OpenPGP keys with the world

At work, building Linux VMs is a fully automated process, done with a single command. FreeBSD VMs on the other hand, were never automated, as we install them very rarely. As it happens rarely, the few times I needed to install a FreeBSD VM, I would scramble around to find how to mount an ISO on the VM (maybe I should have documented it the first time I needed?). Anyway, now it’s properly documented, here. ...

If there is one thing that the YoloCloud is made out of, is Yoloed things. In the very beginning, one of the needs I had was distributing a Debian package to my Debian hosts containing a couple of custom monitoring checks as well as a backported version of Strongswan together with the required libs. Aptly and Reprepro do a good job at managing repositories, but were way overkill for my simple need of distributing a few packages. ...