diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-04-22 18:08:46 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-22 18:08:46 +0200 |
commit | 7fbc9d0a5df03b2cceac72cb81a2de8c76377f39 (patch) | |
tree | c338ed2511bec93b511a6c2b95174e7f12d21853 /docs/_locale/de/configuration.pot | |
parent | 4642a4f07dd768402fdd4e37af1e729eaada52b4 (diff) | |
parent | 6cbaef0527b74ea03193abc9976d4b53b399f3e7 (diff) | |
download | vyos-documentation-7fbc9d0a5df03b2cceac72cb81a2de8c76377f39.tar.gz vyos-documentation-7fbc9d0a5df03b2cceac72cb81a2de8c76377f39.zip |
Merge pull request #1399 from vyos/update-translations-current
Github: update translations
Diffstat (limited to 'docs/_locale/de/configuration.pot')
-rw-r--r-- | docs/_locale/de/configuration.pot | 299 |
1 files changed, 240 insertions, 59 deletions
diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index 15fcb065..d7052f25 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Already-selected external check**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." @@ -105,6 +105,7 @@ msgstr "**Applies to:** Outbound Traffic." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -437,6 +438,10 @@ msgstr "**Queueing discipline** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." @@ -580,6 +585,10 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2180,6 +2189,10 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from `<origin>`." +msgstr "Allow cross-origin requests from `<origin>`." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2431,7 +2444,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2691,7 +2704,7 @@ msgstr "Authentication" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2936,7 +2953,7 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." @@ -3155,6 +3172,10 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -3797,10 +3818,14 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3853,7 +3878,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -4636,6 +4661,10 @@ msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reachin msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4856,6 +4885,10 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." @@ -4974,10 +5007,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5267,10 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5481,10 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." @@ -5488,6 +5533,10 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `<member>` interface to bond `<interface>`." msgstr "Enslave `<member>` interface to bond `<interface>`." @@ -5747,7 +5796,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Example Configuration" @@ -5789,7 +5838,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6138,6 +6187,30 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." @@ -6341,7 +6414,7 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." @@ -6379,6 +6452,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." @@ -6553,7 +6630,7 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6654,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Global parameters" @@ -6590,6 +6667,10 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6627,6 +6708,10 @@ msgstr "HTTP basic authentication username" msgid "HTTP client" msgstr "HTTP client" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -7859,6 +7944,10 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." @@ -8520,7 +8609,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8540,7 +8629,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8552,7 +8641,7 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -9859,7 +9948,7 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" @@ -10039,7 +10128,7 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10506,10 @@ msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -10523,7 +10616,7 @@ msgstr "Port Groups" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" @@ -10809,7 +10902,7 @@ msgstr "Publish a port for the container." msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11116,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11055,7 +11148,7 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11495,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11414,11 +11507,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11537,7 +11630,7 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11857,6 +11950,10 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11974,7 @@ msgstr "Set a limit on the maximum number of concurrent logged-in users on the s msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." @@ -11904,7 +12001,7 @@ msgstr "Set action for the route-map policy." msgid "Set action to take on entries matching this rule." msgstr "Set action to take on entries matching this rule." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." @@ -12309,6 +12406,14 @@ msgstr "Set the address of the backend port" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12345,6 +12450,10 @@ msgstr "Set the global setting for invalid packets." msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" @@ -12361,6 +12470,10 @@ msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can re msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." @@ -12429,6 +12542,10 @@ msgstr "Set the routing table to forward packet with." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." msgstr "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." @@ -12459,6 +12576,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" @@ -12683,7 +12812,7 @@ msgstr "Show a list of installed certificates" msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12701,7 +12830,7 @@ msgstr "Show bridge `<name>` mdb displays the current multicast group membership #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12874,7 @@ msgstr "Show detailed information about the underlaying physical links on given #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12906,7 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" @@ -12895,7 +13024,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13475,7 +13604,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13524,6 +13653,10 @@ msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." #: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + +#: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13976,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13879,7 +14012,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -13923,7 +14056,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14040,7 +14173,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14181,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14254,7 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" @@ -14397,7 +14530,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14413,11 +14546,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14751,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -16161,11 +16294,15 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16665,7 +16802,7 @@ msgstr "This will show you a statistic of all rule-sets since the last boot." msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16915,7 +17052,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17188,6 +17325,10 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -18192,7 +18333,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19405,7 @@ msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log- msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" @@ -19432,11 +19573,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19464,6 +19605,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19528,7 +19673,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19724,6 +19869,10 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" @@ -20292,6 +20441,10 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -20775,6 +20928,18 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +20989,10 @@ msgstr "``throughput``: A server profile focused on improving network throughput msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." @@ -21249,10 +21418,18 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." @@ -21647,6 +21824,10 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," |