Interim commit for saving changes.

1 files changed, 136 insertions, 38 deletions

diff --git a/docs/configexamples/dual-hub-dmvpn.rst b/docs/configexamples/dual-hub-dmvpn.rst
index dd265fa9..f103972e 100644
--- a/docs/configexamples/dual-hub-dmvpn.rst
+++ b/docs/configexamples/dual-hub-dmvpn.rst
@@ -10,7 +10,7 @@ and management of the newly added remote sites. There are 3 main protocols
 primarily used to implement DMVPN:
 
 * NHRP - provides the dynamic tunnel endpoint discovery mechanism (endpoint 
-registration, and endpoint discovery/lookup) 
+  registration, and endpoint discovery/lookup) 
 * mGRE - provides the tunnel encapsulation itself 
 * IPSec - protocols handle the key exchange, and crypto mechanism
 
@@ -45,17 +45,27 @@ Network Addressing and Protocol Parameters
 
 The following ip addressing schema used for the devices IPv4 connectivity:
 
-10.X1.0.0/30 - p2p Hubs to ISP networks, where X is Hub site number
-10.Y1.1.0/24 - p2p Spokes to ISP networks(DHCP), where Y is Spoke site number
-172.16.253.0/29 - tunnels addressing for Hub-1 connections
-172.16.254.0/29 - tunnels addressing for Hub-2 connections
-192.168.0.0/24 - HQ site local network
-192.168.Z.0/24 - remote sites local network, where Z is Spoke site number
++-----------------------------------------------------------------------------+
+|10.X1.0.0/30 - p2p Hubs to ISP networks, where X is Hub site number          |
++-----------------------------------------------------------------------------+
+|10.Y1.1.0/24 - p2p Spokes to ISP networks(DHCP), where Y is Spoke site number|
++-----------------------------------------------------------------------------+
+|172.16.253.0/29 - tunnels addressing for Hub-1 connections                   |
++-----------------------------------------------------------------------------+
+|172.16.254.0/29 - tunnels addressing for Hub-2 connections                   |
++-----------------------------------------------------------------------------+
+|192.168.0.0/24 - HQ site local network                                       |
++-----------------------------------------------------------------------------+
+|192.168.Z.0/24 - remote sites local network, where Z is Spoke site number    |
++-----------------------------------------------------------------------------+
 
 eBGP parameters for the routers:
 
-AS65000 - HQ (Hub-1 and Hub-2)
-AS6500X - Spokes, where X is Spoke site number
++----------------------------------------------+
+|AS65000 - HQ (Hub-1 and Hub-2)                |
++----------------------------------------------+
+|AS6500X - Spokes, where X is Spoke site number|
++----------------------------------------------+
 
 
 
@@ -65,38 +75,126 @@ Configuration
 
 
 
-Step-1: Configuring IGP and enabling MPLS LDP
-=============================================
+Step-1: Basic connectivity configuration
+========================================
 
-At the first step we need to configure the IP/MPLS backbone network using OSPF as 
-IGP protocol and LDP as label-switching protocol for the base connectivity between 
-**P** (rovider), **P** (rovider) **E** (dge) and **R** (oute) **R** (eflector) nodes:
+- Hub-1:
 
-- VyOS-P1:
+.. code-block:: none
+   
+    set interfaces ethernet eth0 address '10.11.0.1/30'
+    set interfaces ethernet eth1 address '192.168.0.1/24'
+    set protocols static route 0.0.0.0/0 next-hop 10.11.0.2
+    set system host-name 'Hub-1'
+
+- Hub-2:
+
+.. code-block:: none
+   
+    set interfaces ethernet eth0 address '10.21.0.1/30'
+    set interfaces ethernet eth1 address '192.168.0.2/24'
+    set protocols static route 0.0.0.0/0 next-hop 10.21.0.2
+    set system host-name 'Hub-2'
+
+- Spoke-1:
 
 .. code-block:: none
    
-   # interfaces 
-   set interfaces dummy dum10 address '10.0.0.3/32'
-   set interfaces ethernet eth0 address '172.16.30.1/24'
-   set interfaces ethernet eth1 address '172.16.40.1/24'
-   set interfaces ethernet eth2 address '172.16.90.1/24'
-   set interfaces ethernet eth3 address '172.16.10.1/24'
-   set interfaces ethernet eth5 address '172.16.100.1/24'
+    set interfaces ethernet eth0 address 'dhcp'
+    set interfaces ethernet eth1 address '192.168.1.1/24'
+    set system host-name 'Spoke-1'
+
+- Spoke-2:
+
+.. code-block:: none
    
-   # protocols ospf+ldp
-   set protocols mpls interface 'eth1'
-   set protocols mpls interface 'eth2'
-   set protocols mpls interface 'eth3'
-   set protocols mpls interface 'eth5'
-   set protocols mpls interface 'eth0'
-   set protocols mpls ldp discovery transport-ipv4-address '10.0.0.3'
-   set protocols mpls ldp interface 'eth0'
-   set protocols mpls ldp interface 'eth1'
-   set protocols mpls ldp interface 'eth2'
-   set protocols mpls ldp interface 'eth3'
-   set protocols mpls ldp interface 'eth5'
-   set protocols mpls ldp router-id '10.0.0.3'
-   set protocols ospf area 0 network '0.0.0.0/0'
-   set protocols ospf parameters abr-type 'cisco'
-   set protocols ospf parameters router-id '10.0.0.3
+    set interfaces ethernet eth0 address 'dhcp'
+    set interfaces ethernet eth1 address '192.168.2.1/24'
+    set system host-name 'Spoke-2'
+    
+- Spoke-3:
+
+.. code-block:: none
+   
+    set interfaces ethernet eth0 address 'dhcp'
+    set interfaces ethernet eth1 address '192.168.3.1/24'
+    set system host-name 'Spoke-3'
+    
+- ISP-1:
+
+.. code-block:: none
+   
+    set interfaces ethernet eth0 address '10.11.0.2/30'
+    set interfaces ethernet eth1 address '10.21.0.2/30'
+    set interfaces ethernet eth2 address '10.31.1.1/24'
+    set interfaces ethernet eth3 address '10.21.1.1/24'
+    set interfaces ethernet eth4 address '10.11.1.1/24'
+    set service dhcp-server shared-network-name SPK-1 authoritative
+    set service dhcp-server shared-network-name SPK-1 subnet 10.11.1.0/24 default-router '10.11.1.1'
+    set service dhcp-server shared-network-name SPK-1 subnet 10.11.1.0/24 range 1 start '10.11.1.10'
+    set service dhcp-server shared-network-name SPK-1 subnet 10.11.1.0/24 range 1 stop '10.11.1.100'
+    set service dhcp-server shared-network-name SPK-2 authoritative
+    set service dhcp-server shared-network-name SPK-2 subnet 10.21.1.0/24 default-router '10.21.1.1'
+    set service dhcp-server shared-network-name SPK-2 subnet 10.21.1.0/24 range 1 start '10.21.1.10'
+    set service dhcp-server shared-network-name SPK-2 subnet 10.21.1.0/24 range 1 stop '10.21.1.100'
+    set service dhcp-server shared-network-name SPK-3 authoritative
+    set service dhcp-server shared-network-name SPK-3 subnet 10.31.1.0/24 default-router '10.31.1.1'
+    set service dhcp-server shared-network-name SPK-3 subnet 10.31.1.0/24 range 1 start '10.31.1.10'
+    set service dhcp-server shared-network-name SPK-3 subnet 10.31.1.0/24 range 1 stop '10.31.1.100'
+    set system host-name 'ISP1'
+
+
+
+Step-2: VRRP configuration for HQ Local network redundancy
+==========================================================
+
+Here we are using VRRP as a local redundancy protocol between Hub-1 and Hub-2.
+Initially, Hub-1 operates as an Active and Hub-2 as a Standby router.
+Additionally, health-check and script are used to track uplinks and properly 
+switch mastership between Hub nodes based on the upstream router 
+reachability (ISP-1). **Note, that before adding local paths to the scripts into 
+configuration, you have to create and make them executable first**.
+
+Hub-1 and Hub-2 VRRP health-check script:
+_________________________________________
+
+* /config/scripts/vrrp-check.sh
+
+.. code-block:: none
+    
+    TBC
+
+**Note**: some parts of the script might be dependent on your network topology 
+and connectivity. Be careful before using it on your own devices.
+
+
+Hub-1 and Hub-2 VRRP configuration:
+___________________________________
+
+* Hub-1
+
+.. code-block:: none
+   
+    set high-availability vrrp group HQ health-check failure-count '3'
+    set high-availability vrrp group HQ health-check interval '1'
+    set high-availability vrrp group HQ health-check script '/config/scripts/vrrp-check.sh'
+    set high-availability vrrp group HQ interface 'eth1'
+    set high-availability vrrp group HQ no-preempt
+    set high-availability vrrp group HQ priority '200'
+    set high-availability vrrp group HQ rfc3768-compatibility
+    set high-availability vrrp group HQ virtual-address '192.168.0.254/24'
+    set high-availability vrrp group HQ vrid '1'
+
+* Hub-2:
+
+.. code-block:: none
+    
+    set high-availability vrrp group HQ health-check failure-count '3'
+    set high-availability vrrp group HQ health-check interval '1'
+    set high-availability vrrp group HQ health-check script '/config/scripts/vrrp-check.sh'
+    set high-availability vrrp group HQ interface 'eth1'
+    set high-availability vrrp group HQ no-preempt
+    set high-availability vrrp group HQ priority '100'
+    set high-availability vrrp group HQ rfc3768-compatibility
+    set high-availability vrrp group HQ virtual-address '192.168.0.254/24'
+    set high-availability vrrp group HQ vrid '1'