Merge pull request #1 from vyos/master

Update fork

14 files changed, 3830 insertions, 0 deletions

diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst
new file mode 100644
index 00000000..8d19334c
--- /dev/null
+++ b/docs/configuration/protocols/bfd.rst
@@ -0,0 +1,133 @@
+.. include:: /_include/need_improvement.txt
+
+.. _routing-bfd:
+
+###
+BFD
+###
+
+:abbr:`BFD (Bidirectional Forwarding Detection)` is described and extended by
+the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`.
+
+In the age of very fast networks, a second of unreachability may equal millions of lost packets.
+The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast. 
+
+BFD sends lots of small UDP packets very quickly to ensures that the peer is still alive.
+
+This allows avoiding the timers defined in BGP and OSPF protocol to expires.
+
+Configure BFD
+=============
+
+.. cfgcmd:: set protocols bfd peer <address>
+
+   Set BFD peer IPv4 address or IPv6 address
+
+.. cfgcmd:: set protocols bfd peer <address> echo-mode
+
+   Enables the echo transmission mode
+
+.. cfgcmd:: set protocols bfd peer <address> multihop
+
+   Allow this BFD peer to not be directly connected
+
+.. cfgcmd:: set protocols bfd peer <address> source 
+   [address <address> | interface <interface>]
+
+   Bind listener to specifid interface/address, mandatory for IPv6
+
+.. cfgcmd:: set protocols bfd peer <address> interval echo-interval <10-60000>
+
+   The minimal echo receive transmission interval that this system is
+   capable of handling
+
+.. cfgcmd:: set protocols bfd peer <address> interval multiplier <2-255>
+
+   Remote transmission interval will be multiplied by this value
+
+.. cfgcmd:: set protocols bfd peer <address> interval 
+   [receive | transmit] <10-60000>
+
+   Interval in milliseconds
+
+.. cfgcmd:: set protocols bfd peer <address> shutdown
+
+   Disable a BFD peer
+
+
+Enable BFD in BGP
+-----------------
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address> bfd
+
+   Enable BFD on a single BGP neighbor
+
+.. cfgcmd:: set protocols bgp <asn> peer-group <group> bfd
+
+   Enable BFD on a BGP peer group
+
+
+Enable BFD in OSPF
+------------------
+
+.. cfgcmd:: set interfaces ethernet <interface> ip ospf bfd
+
+   Enable BFD for OSPF on a interface
+
+.. cfgcmd:: set interfaces ethernet <interface> ipv6 ospfv3 bfd
+
+   Enable BFD for OSPFv3 on a interface
+
+
+Enable BFD in ISIS
+------------------
+
+.. cfgcmd:: set protocols isis <name> interface <interface> bfd
+
+   Enable BFD for ISIS on a interface
+
+
+
+Operational Commands
+====================
+
+.. opcmd:: show protocols bfd peer
+
+   Show all BFD peers
+
+   .. code-block:: none
+
+      BFD Peers:
+           peer 198.51.100.33 vrf default interface eth4.100
+                   ID: 4182341893
+                   Remote ID: 12678929647
+                   Status: up
+                   Uptime: 1 month(s), 16 hour(s), 29 minute(s), 38 second(s)
+                   Diagnostics: ok
+                   Remote diagnostics: ok
+                   Local timers:
+                           Receive interval: 300ms
+                           Transmission interval: 300ms
+                           Echo transmission interval: 50ms
+                   Remote timers:
+                           Receive interval: 300ms
+                           Transmission interval: 300ms
+                           Echo transmission interval: 0ms
+
+           peer 198.51.100.55 vrf default interface eth4.101
+                   ID: 4618932327
+                   Remote ID: 3312345688
+                   Status: up
+                   Uptime: 20 hour(s), 16 minute(s), 19 second(s)
+                   Diagnostics: ok
+                   Remote diagnostics: ok
+                   Local timers:
+                           Receive interval: 300ms
+                           Transmission interval: 300ms
+                           Echo transmission interval: 50ms
+                   Remote timers:
+                           Receive interval: 300ms
+                           Transmission interval: 300ms
+                           Echo transmission interval: 0ms
+
+
diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst
new file mode 100644
index 00000000..6b6605a6
--- /dev/null
+++ b/docs/configuration/protocols/bgp.rst
@@ -0,0 +1,1179 @@
+.. _bgp:
+
+###
+BGP
+###
+
+:abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols
+and the de facto standard interdomain routing protocol. The latest BGP version
+is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858`
+adds multiprotocol support to BGP.
+
+VyOS makes use of :abbr:`FRR (Free Range Routing)` and we would like to thank
+them for their effort!
+
+Basic Concepts
+==============
+
+.. _bgp-autonomous-systems:
+
+Autonomous Systems
+------------------
+
+From :rfc:`1930`:
+
+   An AS is a connected group of one or more IP prefixes run by one or more
+   network operators which has a SINGLE and CLEARLY DEFINED routing policy.
+
+Each AS has an identifying number associated with it called an :abbr:`ASN
+(Autonomous System Number)`. This is a two octet value ranging in value from 1
+to 65535. The AS numbers 64512 through 65535 are defined as private AS numbers.
+Private AS numbers must not be advertised on the global Internet. The 2-byte AS
+number range has been exhausted. 4-byte AS numbers are specified in
+:rfc:`6793`, and provide a pool of 4294967296 AS numbers.
+
+The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of
+BGP. BGP is a distance vector routing protocol, and the AS-Path framework
+provides distance vector metric and loop detection to BGP.
+
+.. _bgp-address-families:
+
+Address Families
+----------------
+
+Multiprotocol extensions enable BGP to carry routing information for multiple
+network layer protocols. BGP supports an Address Family Identifier (AFI) for
+IPv4 and IPv6.
+
+.. _bgp-route-selection:
+
+Route Selection
+---------------
+
+The route selection process used by FRR's BGP implementation uses the following
+decision criterion, starting at the top of the list and going towards the
+bottom until one of the factors can be used.
+
+1. **Weight check**
+
+   Prefer higher local weight routes to lower routes.
+
+2. **Local preference check**
+
+   Prefer higher local preference routes to lower.
+
+3. **Local route check**
+
+   Prefer local routes (statics, aggregates, redistributed) to received routes.
+
+4. **AS path length check**
+
+   Prefer shortest hop-count AS_PATHs.
+
+5. **Origin check**
+
+   Prefer the lowest origin type route. That is, prefer IGP origin routes to
+   EGP, to Incomplete routes.
+
+6. **MED check**
+
+   Where routes with a MED were received from the same AS, prefer the route
+   with the lowest MED.
+
+7. **External check**
+
+   Prefer the route received from an external, eBGP peer over routes received
+   from other types of peers.
+
+8. **IGP cost check**
+
+   Prefer the route with the lower IGP cost.
+
+9. **Multi-path check**
+
+   If multi-pathing is enabled, then check whether the routes not yet
+   distinguished in preference may be considered equal. If
+   :cfgcmd:`bgp bestpath as-path multipath-relax` is set, all such routes are
+   considered equal, otherwise routes received via iBGP with identical AS_PATHs
+   or routes received from eBGP neighbours in the same AS are considered equal.
+
+10. **Already-selected external check**
+
+    Where both routes were received from eBGP peers, then prefer the route
+    which is already selected. Note that this check is not applied if
+    :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can
+    prevent some cases of oscillation.
+
+11. **Router-ID check**
+
+    Prefer the route with the lowest `router-ID`. If the route has an
+    `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is
+    used, otherwise the `router-ID` of the peer the route was received from is
+    used.
+
+12. **Cluster-List length check**
+
+    The route with the shortest cluster-list length is used. The cluster-list
+    reflects the iBGP reflection path the route has taken.
+
+13. **Peer address**
+
+    Prefer the route received from the peer with the higher transport layer
+    address, as a last-resort tie-breaker.
+
+.. _bgp-capability-negotiation:
+
+Capability Negotiation
+----------------------
+
+When adding IPv6 routing information exchange feature to BGP. There were some
+proposals. :abbr:`IETF (Internet Engineering Task Force)`
+:abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol
+Extension for BGP. The specification is described in :rfc:`2283`. The protocol
+does not define new protocols. It defines new attributes to existing BGP. When
+it is used exchanging IPv6 routing information it is called BGP-4+. When it is
+used for exchanging multicast routing information it is called MBGP.
+
+*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports
+the protocol, *bgpd* can exchange IPv6 and/or multicast routing information.
+
+Traditional BGP did not have the feature to detect a remote peer's
+capabilities, e.g. whether it can handle prefix types other than IPv4 unicast
+routes. This was a big problem using Multiprotocol Extension for BGP in an
+operational network. :rfc:`2842` adopted a feature called Capability
+Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's
+capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd*
+does not send these Capability Negotiation packets (at least not unless other
+optional BGP features require capability negotiation).
+
+By default, FRR will bring up peering with minimal common capability for the
+both sides. For example, if the local router has unicast and multicast
+capabilities and the remote router only has unicast capability the local router
+will establish the connection with unicast only capability. When there are no
+common capabilities, FRR sends Unsupported Capability error and then resets the
+connection.
+
+.. _bgp-router-configuration:
+
+BGP Router Configuration
+========================
+
+First of all you must configure BGP router with the :abbr:`ASN (Autonomous
+System Number)`. The AS number is an identifier for the autonomous system.
+The BGP protocol uses the AS number for detecting whether the BGP connection
+is internal or external. VyOS does not have a special command to start the BGP
+process. The BGP process starts when the first neighbor is configured.
+
+Peers Configuration
+-------------------
+
+Defining Peers
+^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as 
+   <nasn>
+
+   This command creates a new neighbor whose remote-as is <nasn>. The neighbor
+   address can be an IPv4 address or an IPv6 address or an interface to use 
+   for the connection. The command it applicable for peer and peer group.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as
+   internal
+
+   Create a peer as you would when you specify an ASN, except that if the 
+   peers ASN is different than mine as specified under the :cfgcmd:`protocols
+   bgp <asn>` command the connection will be denied.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> remote-as
+   external
+
+   Create a peer as you would when you specify an ASN, except that if the 
+   peers ASN is the same as mine as specified under the :cfgcmd:`protocols 
+   bgp <asn>` command the connection will be denied.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> shutdown
+   
+   This command disable the peer or peer group. To reenable the peer use 
+   the delete form of this command.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> description
+   <text>
+
+   Set description of the peer or peer group.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> update-source
+   <address|interface>
+
+   Specify the IPv4 source address to use for the BGP session to this neighbor,
+   may be specified as either an IPv4 address directly or as an interface name.
+
+
+Capability Negotiation
+^^^^^^^^^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability
+   dynamic
+
+   This command would allow the dynamic update of capabilities over an 
+   established BGP session.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> capability
+   extended-nexthop
+
+   Allow bgp to negotiate the extended-nexthop capability with it’s peer. 
+   If you are peering over a IPv6 Link-Local address then this capability 
+   is turned on automatically. If you are peering over a IPv6 Global Address 
+   then turning on this command will allow BGP to install IPv4 routes with 
+   IPv6 nexthops if you do not have IPv4 configured on interfaces.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface>
+   disable-capability-negotiation
+
+   Suppress sending Capability Negotiation as OPEN message optional 
+   parameter to the peer. This command only affects the peer is 
+   configured other than IPv4 unicast configuration.
+
+   When remote peer does not have capability negotiation feature, 
+   remote peer will not send any capabilities at all. In that case,
+   bgp configures the peer with configured capabilities.
+
+   You may prefer locally configured capabilities more than the negotiated 
+   capabilities even though remote peer sends capabilities. If the peer is 
+   configured by :cfgcmd:`override-capability`, VyOS ignores received
+   capabilities then override negotiated capabilities with configured values.
+
+   Additionally you should keep in mind that this feature fundamentally 
+   disables the ability to use widely deployed BGP features. BGP unnumbered,
+   hostname support, AS4, Addpath, Route Refresh, ORF, Dynamic Capabilities,
+   and graceful restart.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface>
+   override-capability
+
+   This command allow override the result of Capability Negotiation with 
+   local configuration. Ignore remote peer’s capability value.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface>
+   strict-capability-match
+
+   This command forces strictly compare remote capabilities and local 
+   capabilities. If capabilities are different, send Unsupported Capability
+   error then reset connection.
+
+   You may want to disable sending Capability Negotiation OPEN message 
+   optional parameter to the peer when remote peer does not implement 
+   Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` 
+   command to disable the feature.
+
+
+Peer Parameters
+^^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> allowas-in number <number>
+
+   This command accept incoming routes with AS path containing AS 
+   number with the same value as the current system AS. This is 
+   used when you want to use the same AS number in your sites,
+   but you can’t connect them directly.
+
+   The number parameter (1-10) configures the amount of accepted 
+   occurences of the system AS number in AS path.
+
+   This command is only allowed for eBGP peers. It is not applicable 
+   for peer groups.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> as-override
+
+   This command override AS number of the originating router with 
+   the local AS number.
+
+   Usually this configuration is used in PEs (Provider Edge) to 
+   replace the incoming customer AS number so the connected CE (
+   Customer Edge) can use the same AS number as the other customer 
+   sites. This allows customers of the provider network to use the 
+   same AS number across their sites.
+
+   This command is only allowed for eBGP peers.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> attribute-unchanged <as-path|med|next-hop>
+
+   This command specifies attributes to be left unchanged for 
+   advertisements sent to a peer or peer group.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> maximum-prefix <number>
+
+   This command specifies a maximum number of prefixes we can receive 
+   from a given peer. If this number is exceeded, the BGP session 
+   will be destroyed. The number range is 1 to 4294967295.
+   
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> nexthop-self
+
+   This command forces the BGP speaker to report itself as the 
+   next hop for an advertised route it advertised to a neighbor.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> remove-private-as
+
+   This command removes the private ASN of routes that are advertised 
+   to the configured peer. It removes only private ASNs on routes 
+   advertised to EBGP peers.
+   
+   If the AS-Path for the route has only private ASNs, the private 
+   ASNs are removed. 
+   
+   If the AS-Path for the route has a private ASN between public 
+   ASNs, it is assumed that this is a design choice, and the 
+   private ASN is not removed.
+   
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> soft-reconfiguration inbound
+
+   Changes in BGP policies require the BGP session to be cleared. Clearing has a
+   large negative impact on network operations. Soft reconfiguration enables you
+   to generate inbound updates from a neighbor, change and activate BGP policies
+   without clearing the BGP session.
+   
+   This command specifies that route updates received from this neighbor will be
+   stored unmodified, regardless of the inbound policy. When inbound soft
+   reconfiguration is enabled, the stored updates are processed by the new
+   policy configuration to create new inbound updates.
+   
+   .. note:: Storage of route updates uses memory. If you enable soft
+      reconfiguration inbound for multiple neighbors, the amount of memory used
+      can become significant. 
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> weight <number>
+
+   This command specifies a default weight value for the neighbor’s 
+   routes. The number range is 1 to 65535.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface>
+   advertisement-interval <seconds>
+
+   This command specifies the minimum route advertisement interval for 
+   the peer. The interval value is 0 to 600 seconds, with the default 
+   advertisement interval being 0.
+   
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface>
+   disable-connected-check
+
+   This command allows peerings between directly connected eBGP peers 
+   using loopback addresses without adjusting the default TTL of 1.
+   
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface>
+   disable-send-community <extended|standard>
+   
+   This command specifies that the community attribute should not be sent
+   in route updates to a peer. By default community attribute is sent.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ebgp-multihop
+   <number>
+
+   This command allows sessions to be established with eBGP neighbors 
+   when they are multiple hops away. When the neighbor is not directly 
+   connected and this knob is not enabled, the session will not establish.
+   The number of hops range is 1 to 255. This command is mutually 
+   exclusive with :cfgcmd:`ttl-security hops`.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> local-as <asn>
+   [no-prepend] [replace-as]
+
+   Specify an alternate AS for this BGP process when interacting with 
+   the specified peer or peer group. With no modifiers, the specified 
+   local-as is prepended to the received AS_PATH when receiving routing 
+   updates from the peer, and prepended to the outgoing AS_PATH (after 
+   the process local AS) when transmitting local routes to the peer.
+
+   If the :cfgcmd:`no-prepend` attribute is specified, then the supplied 
+   local-as is not prepended to the received AS_PATH.
+
+   If the :cfgcmd:`replace-as` attribute is specified, then only the supplied 
+   local-as is prepended to the AS_PATH when transmitting local-route 
+   updates to this peer.
+
+   .. note:: This command is only allowed for eBGP peers.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> passive
+
+   Configures the BGP speaker so that it only accepts inbound connections 
+   from, but does not initiate outbound connections to the peer or peer group.
+   
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> password
+   <text>
+
+   This command specifies a MD5 password to be used with the tcp socket that
+   is being used to connect to the remote peer.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> ttl-security
+   hops <number>
+
+   This command enforces Generalized TTL Security Mechanism (GTSM), 
+   as specified in :rfc:`5082`. With this command, only neighbors 
+   that are the specified number of hops away will be allowed to 
+   become neighbors. The number of hops range is 1 to 254. This 
+   command is mutually exclusive with :cfgcmd:`ebgp-multihop`.   
+
+
+Peer Groups
+^^^^^^^^^^^
+
+Peer groups are used to help improve scaling by generating the same update 
+information to all members of a peer group. Note that this means that the 
+routes generated by a member of a peer group will be sent back to that 
+originating peer with the originator identifier attribute set to indicated 
+the originating peer. All peers not associated with a specific peer group 
+are treated as belonging to a default peer group, and will share updates.
+
+.. cfgcmd:: set protocols bgp <asn> peer-group <name>
+
+   This command defines a new peer group. You can specify to the group the same
+   parameters that you can specify for specific neighbors. 
+   
+   .. note:: If you apply a parameter to an individual neighbor IP address, you
+      override the action defined for a peer group that includes that IP
+      address.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> peer-group
+   <name>
+
+   This command bind specific peer to peer group with a given name.
+
+
+Network Advertisement Configuration
+-----------------------------------
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast>
+   network <prefix>
+
+   This command is used for advertising IPv4 or IPv6 networks.
+   
+   .. note:: By default, the BGP prefix is advertised even if it's not present 
+      in the routing table. This behaviour differs from the implementation of
+      some vendors.
+   
+.. cfgcmd:: set protocols bgp <asn> parameters network-import-check
+
+   This configuration modifies the behavior of the network statement. If you 
+   have this configured the underlying network must exist in the routing table.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> default-originate [route-map <name>]
+
+   By default, VyOS does not advertise a default route (0.0.0.0/0) even if it is
+   in routing table. When you want to announce default routes to the peer, use
+   this command. Using optional argument :cfgcmd:`route-map` you can inject the
+   default route to given neighbor only if the conditions in the route map are
+   met.
+
+
+Route Aggregation Configuration
+-------------------------------
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast>
+   aggregate-address <prefix>
+
+   This command specifies an aggregate address. The router will also 
+   announce longer-prefixes inside of the aggregate address.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast>
+   aggregate-address <prefix> as-set
+
+   This command specifies an aggregate address with a mathematical set of 
+   autonomous systems. This command summarizes the AS_PATH attributes of 
+   all the individual routes. 
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast>
+   aggregate-address <prefix> summary-only
+
+   This command specifies an aggregate address and provides that 
+   longer-prefixes inside of the aggregate address are suppressed 
+   before sending BGP updates out to peers.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> unsuppress-map <name>
+   
+   This command applies route-map to selectively unsuppress prefixes
+   suppressed by summarisation.
+
+
+Redistribution Configuration
+----------------------------
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast>
+   redistribute <route source>
+
+   This command redistributes routing information from the given route source
+   to the BGP process. There are six modes available for route source:
+   connected, kernel, ospf, rip, static, table.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast>
+   redistribute <route source> metric <number>
+
+   This command specifies metric (MED) for redistributed routes. The 
+   metric range is 0 to 4294967295. There are six modes available for
+   route source: connected, kernel, ospf, rip, static, table.
+
+.. cfgcmd:: set protocols bgp <asn> address-family <ipv4-unicast|ipv6-unicast>
+   redistribute <route source> route-map <name>
+
+   This command allows to use route map to filter redistributed routes.
+   There are six modes available for route source: connected, kernel,
+   ospf, rip, static, table.
+
+
+General Configuration
+---------------------
+
+Common parametrs
+^^^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> parameters router-id <id>
+
+   This command specifies the router-ID. If router ID is not specified it will
+   use the highest interface IP address.
+
+.. cfgcmd:: set protocols bgp <asn> maximum-paths <ebgp|ibgp> <number>
+
+   This command defines the maximum number of parallel routes that 
+   the BGP can support. In order for BGP to use the second path, the 
+   following attributes have to match: Weight, Local Preference, AS
+   Path (both AS number and AS path length), Origin code, MED, IGP 
+   metric. Also, the next hop address for each path must be different. 
+
+.. cfgcmd:: set protocols bgp <asn> parameters default no-ipv4-unicast
+
+   This command allows the user to specify that IPv4 peering is turned off by 
+   default.
+
+.. cfgcmd:: set protocols bgp <asn> parameters log-neighbor-changes
+
+   This command enable logging neighbor up/down changes and reset reason.
+
+.. cfgcmd:: set protocols bgp <asn> parameters no-client-to-client-reflection
+
+   This command disables route reflection between route reflector clients.
+   By default, the clients of a route reflector are not required to be 
+   fully meshed and the routes from a client are reflected to other clients. 
+   However, if the clients are fully meshed, route reflection is not required.
+   In this case, use the :cfgcmd:`no-client-to-client-reflection` command
+   to disable client-to-client reflection.
+
+.. cfgcmd:: set protocols bgp <asn> parameters no-fast-external-failover
+   
+   Disable immediate session reset if peer's connected link goes down.
+
+.. cfgcmd:: set protocols bgp <asn> listen range <prefix> peer-group <name>
+
+   This command is useful if one desires to loosen the requirement for BGP
+   to have strictly defined neighbors. Specifically what is allowed is for
+   the local router to listen to a range of IPv4 or IPv6 addresses defined
+   by a prefix and to accept BGP open messages. When a TCP connection
+   (and subsequently a BGP open message) from within this range tries to
+   connect the local router then the local router will respond and connect
+   with the parameters that are defined within the peer group. One must define
+   a peer-group for each range that is listed. If no peer-group is defined
+   then an error will keep you from committing the configuration.
+
+.. cfgcmd:: set protocols bgp <asn> listen limit <number>
+
+   This command goes hand in hand with the listen range command to limit the
+   amount of BGP neighbors that are allowed to connect to the local router.
+   The limit range is 1 to 5000.
+
+Administrative Distance
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> parameters distance global
+   <external|internal|local> <distance>
+
+   This command change distance value of BGP. The arguments are the distance
+   values for external routes, internal routes and local routes respectively.
+   The distance range is 1 to 255.
+
+.. cfgcmd:: set protocols bgp <asn> parameters distance prefix <subnet>
+   distance <distance>
+
+   This command sets the administrative distance for a particular route. The
+   distance range is 1 to 255.
+   
+   .. note:: Routes with a distance of 255 are effectively disabled and not
+      installed into the kernel.
+
+
+Timers
+^^^^^^
+
+.. cfgcmd:: set protocols bgp <asn> timers holdtime <seconds>
+
+   This command specifies hold-time in seconds. The timer range is
+   4 to 65535. The default value is 180 second. If you set value to 0
+   VyOS will not hold routes.
+   
+.. cfgcmd:: set protocols bgp <asn> timers keepalive <seconds>
+
+   This command specifies keep-alive time in seconds. The timer 
+   can range from 4 to 65535. The default value is 60 second.
+
+
+Route Dampening
+^^^^^^^^^^^^^^^
+
+When a route fails, a routing update is sent to withdraw the route from the
+network's routing tables. When the route is re-enabled, the change in
+availability is also advertised. A route that continually fails and returns
+requires a great deal of network traffic to update the network about the
+route's status.
+
+Route dampening wich described in :rfc:`2439` enables you to identify routes
+that repeatedly fail and return. If route dampening is enabled, an unstable
+route accumulates penalties each time the route fails and returns. If the
+accumulated penalties exceed a threshold, the route is no longer advertised.
+This is route suppression. Routes that have been suppressed are re-entered
+into the routing table only when the amount of their penalty falls below a
+threshold.
+
+A penalty of 1000 is assessed each time the route fails. When the penalties
+reach a predefined threshold (suppress-value), the router stops advertising
+the route.
+
+Once a route is assessed a penalty, the penalty is decreased by half each time
+a predefined amount of time elapses (half-life-time). When the accumulated
+penalties fall below a predefined threshold (reuse-value), the route is
+unsuppressed and added back into the BGP routing table.
+
+No route is suppressed indefinitely. Maximum-suppress-time defines the maximum
+time a route can be suppressed before it is re-advertised. 
+
+.. cfgcmd:: set protocols bgp <asn> parameters dampening
+   half-life <minutes>
+
+   This command defines the amount of time in minutes after
+   which a penalty is reduced by half. The timer range is
+   10 to 45 minutes. 
+
+.. cfgcmd:: set protocols bgp <asn> parameters dampening
+   re-use <seconds>
+	
+   This command defines the accumulated penalty amount at which the
+   route is re-advertised. The penalty range is 1 to 20000.
+	
+.. cfgcmd:: set protocols bgp <asn> parameters dampening 
+   start-suppress-time <seconds>
+
+   This command defines the accumulated penalty amount at which the
+   route is suppressed. The penalty range is 1 to 20000.
+
+.. cfgcmd:: set protocols bgp <asn> parameters dampening 
+   max-suppress-time <seconds>
+
+   This command defines the maximum time in minutes that a route is
+   suppressed. The timer range is 1 to 255 minutes.
+
+
+Route Selection Configuration
+-----------------------------
+
+.. cfgcmd:: set protocols bgp <asn> parameters always-compare-med
+
+   This command provides to compare the MED on routes, even when they were 
+   received from different neighbouring ASes. Setting this option makes the 
+   order of preference of routes more defined, and should eliminate MED 
+   induced oscillations.
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path confed
+
+   This command specifies that the length of confederation path sets and
+   sequences should be taken into account during the BGP best path
+   decision process.
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path multipath-relax
+
+   This command specifies that BGP decision process should consider paths
+   of equal AS_PATH length candidates for multipath computation. Without
+   the knob, the entire AS_PATH must match for multipath computation.
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path ignore
+
+   Ignore AS_PATH length when selecting a route
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath compare-routerid
+
+   Ensure that when comparing routes where both are equal on most metrics, 
+   including local-pref, AS_PATH length, IGP cost, MED, that the tie is 
+   broken based on router-ID.
+
+   If this option is enabled, then the already-selected check, where 
+   already selected eBGP routes are preferred, is skipped.
+
+   If a route has an ORIGINATOR_ID attribute because it has been reflected, 
+   that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer 
+   the route was received from will be used.
+
+   The advantage of this is that the route-selection (at this point) will 
+   be more deterministic. The disadvantage is that a few or even one lowest-ID
+   router may attract all traffic to otherwise-equal paths because of this 
+   check. It may increase the possibility of MED or IGP oscillation, unless 
+   other measures were taken to avoid these. The exact behaviour will be 
+   sensitive to the iBGP and reflection topology.
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath med confed
+   
+   This command specifies that BGP considers the MED when comparing routes 
+   originated from different sub-ASs within the confederation to which this 
+   BGP speaker belongs. The default state, where the MED attribute is not 
+   considered.
+
+.. cfgcmd:: set protocols bgp <asn> parameters bestpath med missing-as-worst
+
+   This command specifies that a route with a MED is always considered to be 
+   better than a route without a MED by causing the missing MED attribute to 
+   have a value of infinity. The default state, where the missing MED 
+   attribute is considered to have a value of zero.
+
+.. cfgcmd:: set protocols bgp <asn> parameters default local-pref
+   <local-pref value>
+
+   This command specifies the default local preference value. The local 
+   preference range is 0 to 4294967295.
+   
+.. cfgcmd:: set protocols bgp <asn> parameters deterministic-med
+
+   This command provides to compare different MED values that advertised by 
+   neighbours in the same AS for routes selection. When this command is
+   enabled, routes from the same autonomous system are grouped together, and
+   the best entries of each group are compared.
+
+.. cfgcmd:: set protocols bgp <asn> address-family ipv4-unicast network
+   <prefix> backdoor
+
+   This command allows the router to prefer route to specified prefix learned
+   via IGP through backdoor link instead of a route to the same prefix learned
+   via EBGP.
+
+
+Route Filtering Configuration
+-----------------------------
+
+In order to control and modify routing information that is exchanged between
+peers you can use route-map, filter-list, prefix-list, distribute-list. 
+
+For inbound updates the order of preference is:
+
+  - route-map
+  - filter-list
+  - prefix-list, distribute-list
+
+For outbound updates the order of preference is:
+
+  - prefix-list, distribute-list
+  - filter-list
+  - route-map
+
+  .. note:: The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list`
+     are mutually exclusive, and only one command (distribute-list or 
+     prefix-list) can be applied to each inbound or outbound direction for a 
+     particular neighbor.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> distribute-list <export|import> <number>
+
+   This command applys the access list filters named in <number> to the
+   specified BGP neighbor to restrict the routing information that BGP learns
+   and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
+   specify the direction in which the access list are applied.
+   
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> prefix-list <export|import> <name>
+
+   This command applys the prfefix list filters named in <name> to the
+   specified BGP neighbor to restrict the routing information that BGP learns
+   and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
+   specify the direction in which the prefix list are applied.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> route-map <export|import> <name>
+
+   This command applys the route map named in <name> to the specified BGP
+   neighbor to control and modify routing information that is exchanged
+   between peers. The arguments :cfgcmd:`export` and :cfgcmd:`import`
+   specify the direction in which the route map are applied.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> filter-list <export|import> <name>
+   
+   This command applys the AS path access list filters named in <name> to the
+   specified BGP neighbor to restrict the routing information that BGP learns
+   and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
+   specify the direction in which the AS path access list are applied.
+   
+.. cfgcmd:: set protocols bgp <asn> neighbor <address|interface> address-family
+   <ipv4-unicast|ipv6-unicast> capability orf <receive|send>
+   
+   This command enables the ORF capability (described in :rfc:`5291`) on the
+   local router, and enables ORF capability advertisement to the specified BGP
+   peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF
+   receive capabilities. The :cfgcmd:`send` keyword configures a router to
+   advertise ORF send capabilities. To advertise a filter from a sender, you
+   must create an IP prefix list for the specified BGP peer applied in inbound
+   derection.
+
+
+BGP Scaling Configuration
+-------------------------
+
+BGP routers connected inside the same AS through BGP belong to an internal BGP
+session, or IBGP. In order to prevent routing table loops, IBGP speaker does
+not advertise IBGP-learned routes to other IBGP speaker (Split Horizon
+mechanism). As such, IBGP requires a full mesh of all peers. For large
+networks, this quickly becomes unscalable.
+
+There are two ways that help us to mitigate the BGPs full-mesh requirement in
+a network:
+   
+   - Using BGP route-reflectors
+   - Using BGP confederation
+
+
+Route Reflector Configuration
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Introducing route reflectors removes the need for the full-mesh. When you
+configure a route reflector you have to tell the router whether the other IBGP
+router is a client or non-client. A client is an IBGP router that the route
+reflector will “reflect” routes to, the non-client is just a regular IBGP
+neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated
+by :rfc:`7606`.
+
+.. cfgcmd:: set protocols bgp <asn> neighbor <address> address-family
+   <ipv4-unicast|ipv6-unicast> route-reflector-client
+
+   This command specifies the given neighbor as route reflector client.
+
+.. cfgcmd:: set protocols bgp <asn> parameters cluster-id <id>
+
+   This command specifies cluster ID which identifies a collection of route
+   reflectors and their clients, and is used by route reflectors to avoid
+   looping. By default cluster ID is set to the BGP router id value, but can be
+   set to an arbitrary 32-bit value. 
+
+
+Confederation Configuration
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A BGP confederation divides our AS into sub-ASes to reduce the number of
+required IBGP peerings. Within a sub-AS we still require full-mesh IBGP but
+between these sub-ASes we use something that looks like EBGP but behaves like
+IBGP (called confederation BGP). Confederation mechanism is described in
+:rfc:`5065`
+
+.. cfgcmd:: set protocols bgp <subasn> parameters confederation identifier
+   <asn>
+
+   This command specifies a BGP confederation identifier. <asn> is the number
+   of the autonomous system that internally includes multiple sub-autonomous
+   systems (a confederation). <subasn> is the number sub-autonomous system
+   inside <asn>.
+
+.. cfgcmd:: set protocols bgp <subasn> parameters confederation confederation
+   peers <nsubasn>
+
+   This command sets other confederations <nsubasn> as members of autonomous
+   system specified by :cfgcmd:`confederation identifier <asn>`.
+
+
+Operational Mode Commands
+=========================
+
+Show
+----
+
+.. opcmd:: show <ip|ipv6> bgp 
+
+   This command displays all entries in BGP routing table.
+
+.. code-block:: none
+
+   BGP table version is 10, local router ID is 10.0.35.3, vrf id 0
+   Default local pref 100, local AS 65000
+   Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
+                  i internal, r RIB-failure, S Stale, R Removed
+   Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
+   Origin codes:  i - IGP, e - EGP, ? - incomplete
+
+      Network          Next Hop            Metric LocPrf Weight Path
+   *> 198.51.100.0/24  10.0.34.4                0             0 65004 i
+   *> 203.0.113.0/24   10.0.35.5                0             0 65005 i
+
+   Displayed  2 routes and 2 total paths
+
+.. opcmd:: show <ip|ipv6> bgp <address|prefix>
+
+   This command displays information about the particular entry in the BGP
+   routing table.
+
+.. code-block:: none
+
+   BGP routing table entry for 198.51.100.0/24
+   Paths: (1 available, best #1, table default)
+     Advertised to non peer-group peers:
+     10.0.13.1 10.0.23.2 10.0.34.4 10.0.35.5
+     65004
+       10.0.34.4 from 10.0.34.4 (10.0.34.4)
+         Origin IGP, metric 0, valid, external, best (First path received)
+         Last update: Wed Jan  6 12:18:53 2021
+
+.. opcmd:: show ip bgp cidr-only
+
+   This command displays routes with classless interdomain routing (CIDR).
+
+.. opcmd:: show <ip|ipv6> bgp community <value>
+
+   This command displays routes that belong to specified BGP communities.
+   Valid value is a community number in the range from 1 to 4294967200, 
+   or AA:NN (autonomous system-community number/2-byte number), no-export,
+   local-as, or no-advertise.
+
+.. opcmd:: show <ip|ipv6> bgp community-list <name>
+
+   This command displays routes that are permitted by the BGP 
+   community list.
+
+.. opcmd:: show ip bgp dampened-paths
+
+   This command displays BGP dampened routes.
+
+.. opcmd:: show ip bgp flap-statistics
+
+   This command displays information about flapping BGP routes.
+   
+.. opcmd:: show ip bgp filter-list <name>
+
+   This command displays BGP routes allowed by by the specified AS Path
+   access list.
+
+.. opcmd:: show <ip|ipv6> bgp neighbors <address> advertised-routes
+
+   This command displays BGP routes advertised to a neighbor.
+
+.. opcmd:: show <ip|ipv6> bgp neighbors <address> received-routes
+
+   This command displays BGP routes originating from the specified BGP 
+   neighbor before inbound policy is applied. To use this command inbound 
+   soft reconfiguration must be enabled.
+
+.. opcmd:: show <ip|ipv6> bgp neighbors <address> routes
+
+   This command displays BGP received-routes that are accepted after filtering.
+   
+.. opcmd:: show <ip|ipv6> bgp neighbors <address> dampened-routes
+
+   This command displays dampened routes received from BGP neighbor.
+   
+.. opcmd:: show <ip|ipv6> bgp regexp <text>
+
+   This command displays information about BGP routes whose AS path 
+   matches the specified regular expression. 
+
+.. opcmd:: show <ip|ipv6> bgp summary
+
+   This command displays the status of all BGP connections.
+
+.. code-block:: none
+
+   IPv4 Unicast Summary:
+   BGP router identifier 10.0.35.3, local AS number 65000 vrf-id 0
+   BGP table version 11
+   RIB entries 5, using 920 bytes of memory
+   Peers 4, using 82 KiB of memory
+   
+   Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
+   10.0.13.1       4      65000     148     159        0    0    0 02:16:01            0
+   10.0.23.2       4      65000     136     143        0    0    0 02:13:21            0
+   10.0.34.4       4      65004     161     163        0    0    0 02:16:01            1
+   10.0.35.5       4      65005     162     166        0    0    0 02:16:01            1
+   
+   Total number of neighbors 4
+
+Reset
+-----
+
+.. opcmd:: reset <ip|ipv6> bgp <address> [soft [in|out]]
+
+   This command resets BGP connections to the specified neighbor IP address.
+   With argument :cfgcmd:`soft` this command initiates a soft reset. If
+   you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both 
+   inbound and outbound soft reconfiguration are triggered.
+
+.. opcmd:: reset ip bgp all
+
+   This command resets all BGP connections of given router.
+
+.. opcmd:: reset ip bgp dampening
+
+   This command uses to clear BGP route dampening information and to 
+   unsuppress suppressed routes.
+
+.. opcmd:: reset ip bgp external
+
+   This command resets all external BGP peers of given router.
+   
+.. opcmd:: reset ip bgp peer-group <name> [soft [in|out]]
+
+   This command resets BGP connections to the specified peer group.
+   With argument :cfgcmd:`soft` this command initiates a soft reset. If
+   you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both 
+   inbound and outbound soft reconfiguration are triggered.
+
+
+Configuration Examples
+----------------------
+
+IPv4
+^^^^
+
+A simple eBGP configuration:
+
+**Node 1:**
+
+.. code-block:: none
+
+  set protocols bgp 65534 neighbor 192.168.0.2 ebgp-multihop '2'
+  set protocols bgp 65534 neighbor 192.168.0.2 remote-as '65535'
+  set protocols bgp 65534 neighbor 192.168.0.2 update-source '192.168.0.1'
+  set protocols bgp 65534 address-family ipv4-unicast network '172.16.0.0/16'
+  set protocols bgp 65534 parameters router-id '192.168.0.1'
+
+**Node 2:**
+
+.. code-block:: none
+
+  set protocols bgp 65535 neighbor 192.168.0.1 ebgp-multihop '2'
+  set protocols bgp 65535 neighbor 192.168.0.1 remote-as '65534'
+  set protocols bgp 65535 neighbor 192.168.0.1 update-source '192.168.0.2'
+  set protocols bgp 65535 address-family ipv4-unicast network '172.17.0.0/16'
+  set protocols bgp 65535 parameters router-id '192.168.0.2'
+
+
+Don't forget, the CIDR declared in the network statement MUST **exist in your
+routing table (dynamic or static), the best way to make sure that is true is
+creating a static route:**
+
+**Node 1:**
+
+.. code-block:: none
+
+  set protocols static route 172.16.0.0/16 blackhole distance '254'
+
+**Node 2:**
+
+.. code-block:: none
+
+  set protocols static route 172.17.0.0/16 blackhole distance '254'
+
+
+IPv6
+^^^^
+
+A simple BGP configuration via IPv6.
+
+**Node 1:**
+
+.. code-block:: none
+
+  set protocols bgp 65534 neighbor 2001:db8::2 ebgp-multihop '2'
+  set protocols bgp 65534 neighbor 2001:db8::2 remote-as '65535'
+  set protocols bgp 65534 neighbor 2001:db8::2 update-source '2001:db8::1'
+  set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast
+  set protocols bgp 65534 address-family ipv6-unicast network '2001:db8:1::/48'
+  set protocols bgp 65534 parameters router-id '10.1.1.1'
+
+**Node 2:**
+
+.. code-block:: none
+
+  set protocols bgp 65535 neighbor 2001:db8::1 ebgp-multihop '2'
+  set protocols bgp 65535 neighbor 2001:db8::1 remote-as '65534'
+  set protocols bgp 65535 neighbor 2001:db8::1 update-source '2001:db8::2'
+  set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast
+  set protocols bgp 65535 address-family ipv6-unicast network '2001:db8:2::/48'
+  set protocols bgp 65535 parameters router-id '10.1.1.2'
+
+Don't forget, the CIDR declared in the network statement **MUST exist in your
+routing table (dynamic or static), the best way to make sure that is true is
+creating a static route:**
+
+**Node 1:**
+
+.. code-block:: none
+
+  set protocols static route6 2001:db8:1::/48 blackhole distance '254'
+
+**Node 2:**
+
+.. code-block:: none
+
+  set protocols static route6 2001:db8:2::/48 blackhole distance '254'
+
+Route Filter
+^^^^^^^^^^^^
+
+Route filter can be applied using a route-map:
+
+**Node1:**
+
+.. code-block:: none
+
+  set policy prefix-list AS65535-IN rule 10 action 'permit'
+  set policy prefix-list AS65535-IN rule 10 prefix '172.16.0.0/16'
+  set policy prefix-list AS65535-OUT rule 10 action 'deny'
+  set policy prefix-list AS65535-OUT rule 10 prefix '172.16.0.0/16'
+  set policy prefix-list6 AS65535-IN rule 10 action 'permit'
+  set policy prefix-list6 AS65535-IN rule 10 prefix '2001:db8:2::/48'
+  set policy prefix-list6 AS65535-OUT rule 10 action 'deny'
+  set policy prefix-list6 AS65535-OUT rule 10 prefix '2001:db8:2::/48'
+  set policy route-map AS65535-IN rule 10 action 'permit'
+  set policy route-map AS65535-IN rule 10 match ip address prefix-list 'AS65535-IN'
+  set policy route-map AS65535-IN rule 10 match ipv6 address prefix-list 'AS65535-IN'
+  set policy route-map AS65535-IN rule 20 action 'deny'
+  set policy route-map AS65535-OUT rule 10 action 'deny'
+  set policy route-map AS65535-OUT rule 10 match ip address prefix-list 'AS65535-OUT'
+  set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT'
+  set policy route-map AS65535-OUT rule 20 action 'permit'
+  set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT'
+  set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN'
+  set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT'
+  set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN'
+
+**Node2:**
+
+.. code-block:: none
+
+  set policy prefix-list AS65534-IN rule 10 action 'permit'
+  set policy prefix-list AS65534-IN rule 10 prefix '172.17.0.0/16'
+  set policy prefix-list AS65534-OUT rule 10 action 'deny'
+  set policy prefix-list AS65534-OUT rule 10 prefix '172.17.0.0/16'
+  set policy prefix-list6 AS65534-IN rule 10 action 'permit'
+  set policy prefix-list6 AS65534-IN rule 10 prefix '2001:db8:1::/48'
+  set policy prefix-list6 AS65534-OUT rule 10 action 'deny'
+  set policy prefix-list6 AS65534-OUT rule 10 prefix '2001:db8:1::/48'
+  set policy route-map AS65534-IN rule 10 action 'permit'
+  set policy route-map AS65534-IN rule 10 match ip address prefix-list 'AS65534-IN'
+  set policy route-map AS65534-IN rule 10 match ipv6 address prefix-list 'AS65534-IN'
+  set policy route-map AS65534-IN rule 20 action 'deny'
+  set policy route-map AS65534-OUT rule 10 action 'deny'
+  set policy route-map AS65534-OUT rule 10 match ip address prefix-list 'AS65534-OUT'
+  set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT'
+  set policy route-map AS65534-OUT rule 20 action 'permit'
+  set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT'
+  set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN'
+  set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT'
+  set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN'
+
+We could expand on this and also deny link local and multicast in the rule 20
+action deny.
diff --git a/docs/configuration/protocols/igmp-proxy.disable b/docs/configuration/protocols/igmp-proxy.disable
new file mode 100644
index 00000000..cce5f948
--- /dev/null
+++ b/docs/configuration/protocols/igmp-proxy.disable
@@ -0,0 +1,2 @@
+igmp-proxy
+##########
\ No newline at end of file
diff --git a/docs/configuration/protocols/igmp.rst b/docs/configuration/protocols/igmp.rst
new file mode 100644
index 00000000..7109deb6
--- /dev/null
+++ b/docs/configuration/protocols/igmp.rst
@@ -0,0 +1,248 @@
+.. _multicast:
+
+#########
+Multicast
+#########
+
+VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**,
+**IGMP** and **IGMP-Proxy**.
+
+************
+PIM and IGMP
+************
+
+PIM (Protocol Independent Multicast) must be configured in every
+interface of every participating router. Every router must also have the
+location of the Rendevouz Point manually configured. Then,
+unidirectional shared trees rooted at the Rendevouz Point will
+automatically be built for multicast distribution.
+
+Traffic from multicast sources will go to the Rendezvous Point, and
+receivers will pull it from a shared tree using IGMP (Internet Group
+Management Protocol).
+
+Multicast receivers will talk IGMP to their local router, so, besides
+having PIM configured in every router, IGMP must also be configured in
+any router where there could be a multicast receiver locally connected.
+
+VyOS supports both IGMP version 2 and version 3 (which allows
+source-specific multicast).
+
+
+Example
+=======
+
+In the following example we can see a basic multicast setup:
+
+.. image:: /_static/images/multicast-basic.png
+   :width: 90%
+   :align: center
+   :alt: Network Topology Diagram
+
+
+
+**Router 1**
+
+.. code-block:: none
+
+   set interfaces ethernet eth2 address '172.16.0.2/24'
+   set interfaces ethernet eth1 address '100.64.0.1/24'
+   set protocols ospf area 0 network '172.16.0.0/24'
+   set protocols ospf area 0 network '100.64.0.0/24'
+   set protocols igmp interface eth1
+   set protocols pim interface eth1
+   set protocols pim interface eth2
+   set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
+
+**Router 3**
+
+.. code-block:: none
+
+   set interfaces dummy dum0 address '172.16.255.1/24'
+   set interfaces ethernet eth0 address '172.16.0.1/24'
+   set interfaces ethernet eth1 address '172.16.1.1/24'
+   set protocols ospf area 0 network '172.16.0.0/24'
+   set protocols ospf area 0 network '172.16.255.0/24'
+   set protocols ospf area 0 network '172.16.1.0/24'
+   set protocols pim interface dum0
+   set protocols pim interface eth0
+   set protocols pim interface eth1
+   set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
+
+**Router 2**
+
+.. code-block:: none
+
+   set interfaces ethernet eth1 address '10.0.0.1/24'
+   set interfaces ethernet eth2 address '172.16.1.2/24'
+   set protocols ospf area 0 network '10.0.0.0/24'
+   set protocols ospf area 0 network '172.16.1.0/24'
+   set protocols pim interface eth1
+   set protocols pim interface eth2
+   set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
+
+
+
+
+
+Basic commands
+==============
+
+These are the commands for a basic setup.
+
+.. cfgcmd:: set protocols pim interface <interface-name>
+
+   Use this command to enable PIM in the selected interface so that it
+   can communicate with PIM neighbors.
+
+
+.. cfgcmd:: set protocols pim rp address <address> group
+   <multicast-address/mask-bits>
+
+   Use this comand to manually configure a Rendevouz Point for PIM so
+   that join messages can be sent there. Set the Rendevouz Point address
+   and the matching prefix of group ranges covered. These values must
+   be shared with every router participating in the PIM network.
+
+
+.. cfgcmd:: set protocols igmp interface eth1
+
+   Use this command to configure an interface with IGMP so that PIM can
+   receive IGMP reports and query on the selected interface. By defaul
+   IGMP version 3 will be used.
+
+
+
+Tuning commands
+===============
+
+You can also tune multicast with the following commands.
+
+.. cfgcmd:: set protocols pim interface <interface> dr-priority <value>
+
+   Use this PIM command in the selected interface to set the priority
+   (1-4294967295) you want to influence in the election of a node to
+   become the Designated Router for a LAN segment. The default priority
+   is 1, set a  higher value to give the router more preference in the
+   DR election process.
+
+
+.. cfgcmd:: set protocols pim int <interface> hello <seconds>
+
+   Use this command to configure the PIM hello interval in seconds
+   (1-180) for the selected interface.
+
+
+.. cfgcmd:: set protocols pim rp keep-alive-timer <seconds>
+
+   Use this PIM command to modify the the time out value (31-60000
+   seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_
+   flow. 31 seconds is chosen for a lower bound as some hardware
+   platforms cannot see data flowing in better than 30 second chunks.
+
+
+.. cfgcmd:: set protocols igmp interface <interface> join <multicast-address>
+   source <IP-address>
+
+   Use this command to allow the selected interface join a multicast
+   group defining the multicast address you want to join and the source
+   IP address too.
+
+
+.. cfgcmd:: set protocols igmp interface <interface query-interval <seconds>
+
+   Use this command to configure in the selected interface the IGMP
+   host query interval (1-1800) in seconds that PIM will use.
+
+
+.. cfgcmd:: set protocols igmp interface <interface query-max-response-time
+   <deciseconds>
+
+   Use this command to configure in the selected interface the IGMP
+   query response timeout value (10-250) in deciseconds. If a report is
+   not returned in the specified time, it will be asumed the `(S,G) or
+   (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has
+   timed out.
+
+
+.. cfgcmd:: set protocols igmp interface <interface> version <version-number>
+
+   Use this command to define in the selected interface whether you
+   choose IGMP version 2 or 3. The default value is 3.
+
+
+
+**********
+IGMP Proxy
+**********
+
+:abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages
+on behalf of a connected client. The configuration must define one, and only one
+upstream interface, and one or more downstream interfaces.
+
+Configuration
+=============
+
+.. cfgcmd:: set protocols igmp-proxy interface <interface> role
+   <upstream | downstream>
+
+   * **upstream:** The upstream network interface is the outgoing interface
+     which is responsible for communicating to available multicast data sources.
+     There can only be one upstream interface.
+
+   * **downstream:** Downstream network interfaces are the distribution
+     interfaces to the destination networks, where multicast clients can join
+     groups and receive multicast data. One or more downstream interfaces must
+     be configured.
+
+.. cfgcmd:: set protocols igmp-proxy interface <interface> alt-subnet <network>
+
+   Defines alternate sources for multicasting and IGMP data. The network address
+   must be on the following format 'a.b.c.d/n'. By default the router will
+   accept data from sources on the same network as configured on an interface.
+   If the multicast source lies on a remote network, one must define from where
+   traffic should be accepted.
+
+   This is especially useful for the upstream interface, since the source for
+   multicast traffic is often from a remote location.
+
+   This option can be supplied multiple times.
+
+.. cfgcmd:: set protocols igmp-proxy disable-quickleave
+
+   Disables quickleave mode. In this mode the daemon will not send a Leave IGMP
+   message upstream as soon as it receives a Leave message for any downstream
+   interface. The daemon will not ask for Membership reports on the downstream
+   interfaces, and if a report is received the group is not joined again
+   upstream.
+
+   If it's vital that the daemon should act exactly as a real multicast client
+   on the upstream interface, this function should be enabled.
+
+   Enabling this function increases the risk of bandwidth saturation.
+
+.. cfgcmd:: set protocols igmp-proxy disable
+
+   Disable this service.
+
+Example
+-------
+
+Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet
+multicast which is in `eth0` WAN we need to configure igmp-proxy.
+
+.. code-block:: none
+
+  set protocols igmp-proxy interface eth0 role upstream
+  set protocols igmp-proxy interface eth0 alt-subnet 10.0.0.0/23
+  set protocols igmp-proxy interface eth1 role downstream
+
+Operation
+=========
+
+.. opcmd:: restart igmp-proxy
+
+   Restart the IGMP proxy process.
+
+
+
diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst
new file mode 100644
index 00000000..c302d6a9
--- /dev/null
+++ b/docs/configuration/protocols/index.rst
@@ -0,0 +1,18 @@
+#########
+Protocols
+#########
+
+
+.. toctree::
+   :maxdepth: 1
+   :includehidden:
+
+   bfd
+   bgp
+   igmp
+   isis
+   mpls
+   ospf
+   rip
+   rpki
+   static
diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst
new file mode 100644
index 00000000..05a851f1
--- /dev/null
+++ b/docs/configuration/protocols/isis.rst
@@ -0,0 +1,305 @@
+.. include:: /_include/need_improvement.txt
+
+.. _isis:
+
+#####
+IS-IS
+#####
+
+:abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state
+interior gateway routing protocol which is described in ISO10589,
+:rfc:`1195`, :rfc:`5308`. Like OSPF, IS-IS runs the Dijkstra shortest-path
+first (SPF) algorithm to create a database of the network’s topology and,
+from that database, to determine the best (that is, shortest) path to a
+destination. The routers exchange topology information with their nearest
+neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS
+addresses are called :abbr:`NETs (Network Entity Titles)` and can be
+8 to 20 bytes long, but are generally 10 bytes long.
+
+For example :abbr:`NET (Network Entity Title)`
+
+.. code-block:: none
+
+  49.0001.1921.6800.1002.00
+
+The IS-IS address consists of three parts:
+
+  :abbr:`AFI (Address family authority identifier)`
+    ``49`` The AFI value 49 is what IS-IS uses for private addressing.
+
+  Area identifier:
+    ``0001`` IS-IS area number (Area1)
+
+  System identifier:
+    ``1921.6800.1002`` For system idetifier we recommend to use IP address or
+    MAC address of the router.
+
+  NET selector:
+    ``00`` Must always be 00, to indicate "this system".
+
+
+General Configuration
+---------------------
+
+.. cfgcmd:: set protocols isis <name> net <network-entity-title>
+
+  This command enables the ISIS process by specifying the ISIS domain with
+  ‘name’. ISIS implementation does not yet support multiple ISIS processes
+  but you must specify the name of ISIS process. This commad also sets
+  network entity title (NET) provided in ISO format.
+
+.. cfgcmd:: set protocols isis <name> interface <interface>
+
+  This command activates ISIS adjacency on this interface. Note that the name
+  of ISIS instance must be the same as the one used to configure the ISIS
+  process.
+  
+.. cfgcmd:: set protocols isis <name> dynamic-hostname
+
+  This command enables support for dynamic hostname. Dynamic hostname mapping
+  determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism
+  for IS-IS.
+
+.. cfgcmd:: set protocols isis <name> level <level-1|level-1-2|level-2>
+
+  This command defines the ISIS router behavior:
+
+      **level-1** Act as a station router only.
+      **level-1-2** Act as both a station router and an area router.
+      **level-2-only** Act as an area router only.
+
+.. cfgcmd:: set protocols isis <name> lsp-mtu <size>
+
+  This command configures the maximum size of generated LSPs, in bytes. The
+  size range is 128 to 4352.
+
+.. cfgcmd:: set protocols isis <name> metric-style <narrow|transition|wide>
+
+  This command sets old-style (ISO 10589) or new-style packet formats:
+
+      **narrow** Use old style of TLVs with narrow metric.
+      **transition** Send and accept both styles of TLVs during transition.
+      **wide** Use new style of TLVs to carry wider metric.
+
+.. cfgcmd:: set protocols isis <name> purge-originator
+
+  This command enables :rfc:`6232` purge originator identification. Enable
+  purge originator identification (POI) by adding the type, length and value
+  (TLV) with the Intermediate System (IS) identification to the LSPs that do
+  not contain POI information. If an IS generates a purge, VyOS adds this TLV
+  with the system ID of the IS to the purge. 
+
+.. cfgcmd:: set protocols isis <name> set-attached-bit
+
+  This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`.
+
+.. cfgcmd:: set protocols isis <name> set-overload-bit
+
+  This command sets overload bit to avoid any transit traffic through this
+  router. It is described in :rfc:`3787`.
+
+.. cfgcmd:: set protocols isis name default-information originate <ipv4|ipv6>
+  level-1
+
+  This command will generate a default-route in L1 database.
+  
+.. cfgcmd:: set protocols isis name default-information originate <ipv4|ipv6>
+  level-2
+
+  This command will generate a default-route in L2 database.
+
+
+Interfaces Configuration
+------------------------
+
+.. cfgcmd:: set protocols isis <name> interface <interface> circuit-type
+  <level-1|level-1-2|level-2-only>
+
+  This command specifies circuit type for interface:
+
+      **level-1** Level-1 only adjacencies are formed.
+      **level-1-2** Level-1-2 adjacencies are formed
+      **level-2-only** Level-2 only adjacencies are formed
+
+.. cfgcmd:: set protocols isis <name> interface <interface> hello-interval
+  <seconds>
+
+  This command sets hello interval in seconds on a given interface.
+  The range is 1 to 600.
+
+.. cfgcmd:: set protocols isis <name> interface <interface> hello-multiplier
+  <seconds>
+
+  This command sets multiplier for hello holding time on a given 
+  interface. The range is 2 to 100.
+
+.. cfgcmd:: set protocols isis <name> interface <interface> hello-padding
+
+  This command configures padding on hello packets to accommodate asymmetrical
+  maximum transfer units (MTUs) from different hosts as described in
+  :rfc:`3719`. This helps to prevent a premature adjacency Up state when one
+  routing device’s MTU does not meet the requirements to establish the
+  adjacency. 
+
+.. cfgcmd:: set protocols isis <name> interface <interface> metric <metric>
+
+  This command set default metric for circuit. The metric range is 1 to 
+  16777215 (Max value depend if metric support narrow or wide value).
+
+.. cfgcmd:: set protocols isis <name> interface <interface> network
+  point-to-point
+
+  This command specifies network type to ‘Point-to-Point’. The default network
+  type is broadcast.
+
+.. cfgcmd:: set protocols isis <name> interface <interface> passive
+
+  This command configures the passive mode for this interface.
+
+.. cfgcmd:: set protocols isis <name> interface <interface> password
+  plaintext-password <text>
+
+  This command configures the authentication password for the interface.
+
+.. cfgcmd:: set protocols isis <name> interface <interface> priority <number>
+
+  This command sets priority for the interface for
+  :abbr:`DIS (Designated Intermediate System)` election. The priority
+  range is 0 to 127.
+
+.. cfgcmd:: set protocols isis <name> interface <interface> psnp-interval
+  <number>
+
+  This command sets PSNP interval in seconds. The interval range is 0
+  to 127.
+
+.. cfgcmd:: set protocols isis <name> interface <interface>
+  no-three-way-handshake
+
+  This command disables Three-Way Handshake for P2P adjacencies which
+  described in :rfc:`5303`. Three-Way Handshake is enabled by default.
+
+
+Redistribution Configuration
+----------------------------
+
+.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source> level-1
+
+  This command redistributes routing information from the given route source
+  into the ISIS database as Level-1. There are six modes available for route
+  source: bgp, connected, kernel, ospf, rip, static.
+
+.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source> level-2
+
+  This command redistributes routing information from the given route source
+  into the ISIS database as Level-2. There are six modes available for route
+  source: bgp, connected, kernel, ospf, rip, static.
+   
+.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source>
+  <level-1|level-2> metric <number>
+
+  This command specifies metric for redistributed routes from the given route
+  source. There are six modes available for route source: bgp, connected,
+  kernel, ospf, rip, static. The metric range is 1 to 16777215.
+
+.. cfgcmd:: set protocols isis <name> redistribute ipv4 <route source>
+  <level-1|level-2> route-map <name>
+
+  This command allows to use route map to filter redistributed routes from
+  the given route source. There are six modes available for route source:
+  bgp, connected, kernel, ospf, rip, static.
+
+
+Timers Configuration
+--------------------
+
+.. cfgcmd:: set protocols isis <name> lsp-gen-interval <seconds>
+
+  This command sets minimum interval in seconds between regenerating same
+  LSP. The interval range is 1 to 120.
+  
+.. cfgcmd:: set protocols isis <name> lsp-refresh-interval <seconds>
+
+  This command sets LSP refresh interval in seconds. IS-IS generates LSPs
+  when the state of a link changes. However, to ensure that routing
+  databases on all routers remain converged, LSPs in stable networks are
+  generated on a regular basis even though there has been no change to
+  the state of the links. The interval range is 1 to 65235. The default
+  value is 900 seconds.
+
+.. cfgcmd:: set protocols isis <name> max-lsp-lifetime <seconds>
+
+  This command sets LSP maximum LSP lifetime in seconds. The interval range
+  is 350 to 65535. LSPs remain in a database for 1200 seconds by default.
+  If they are not refreshed by that time, they are deleted. You can change
+  the LSP refresh interval or the LSP lifetime. The LSP refresh interval
+  should be less than the LSP lifetime or else LSPs will time out before
+  they are refreshed. 
+  
+.. cfgcmd:: set protocols isis <name> spf-interval <seconds>
+
+  This command sets minimum interval between consecutive SPF calculations in
+  seconds.The interval range is 1 to 120.
+
+.. cfgcmd:: set protocols isis <name> spf-delay-ietf holddown <milliseconds>
+
+.. cfgcmd:: set protocols isis <name> spf-delay-ietf init-delay 
+  <milliseconds>
+
+.. cfgcmd:: set protocols isis <name> spf-delay-ietf long-delay 
+  <milliseconds>
+
+.. cfgcmd:: set protocols isis <name> spf-delay-ietf short-delay 
+  <milliseconds>
+
+.. cfgcmd:: set protocols isis <name> spf-delay-ietf time-to-learn 
+  <milliseconds>
+
+  This commands specifies the Finite State Machine (FSM) intended to
+  control the timing of the execution of SPF calculations in response
+  to IGP events. The process described in :rfc:`8405`.
+
+
+Configuration Example
+---------------------
+
+Simple IS-IS configuration using 2 nodes and redistributing connected
+interfaces.
+
+**Node 1:**
+
+.. code-block:: none
+
+  set interfaces dummy dum0 address '203.0.113.1/24'
+  set interfaces ethernet eth1 address '192.0.2.1/24'
+
+  set policy prefix-list EXPORT-ISIS rule 10 action 'permit'
+  set policy prefix-list EXPORT-ISIS rule 10 prefix '203.0.113.0/24'
+  set policy route-map EXPORT-ISIS rule 10 action 'permit'
+  set policy route-map EXPORT-ISIS rule 10 match ip address prefix-list 'EXPORT-ISIS'
+
+  set protocols isis FOO interface eth1
+  set protocols isis FOO net '49.0001.1921.6800.1002.00'
+  set protocols isis FOO redistribute ipv4 connected level-2 route-map 'EXPORT-ISIS'
+
+**Node 2:**
+
+.. code-block:: none
+
+  set interfaces ethernet eth1 address '192.0.2.2/24'
+
+  set protocols isis FOO interface eth1
+  set protocols isis FOO net '49.0001.1921.6800.2002.00'
+
+Show ip routes on Node2:
+
+.. code-block:: none
+
+  vyos@r2:~$ show ip route isis 
+  Codes: K - kernel route, C - connected, S - static, R - RIP,
+         O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+         T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
+         F - PBR, f - OpenFabric,
+         > - selected route, * - FIB route, q - queued route, r - rejected route
+
+  I   203.0.113.0/24 [115/10] via 192.0.2.1, eth1, 00:03:42
diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst
new file mode 100644
index 00000000..312a0df2
--- /dev/null
+++ b/docs/configuration/protocols/mpls.rst
@@ -0,0 +1,253 @@
+.. _mpls:
+
+####
+MPLS
+####
+
+:abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm
+which differs from regular IP forwarding. Instead of IP addresses being used to
+make the decision on finding the exit interface, a router will instead use an
+exact match on a 32 bit/4 byte header called the MPLS label. This label is
+inserted between the ethernet (layer 2) header and the IP (layer 3) header.
+One can statically or dynamically assign label allocations, but we will focus
+on dynamic allocation of labels using some sort of label distribution protocol
+(such as the aptly named Label Distribution Protocol / LDP, Resource Reservation
+Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow
+for the creation of a unidirectional/unicast path called a labeled switched
+path (initialized as LSP) throughout the network that operates very much like
+a tunnel through the network. An easy way of thinking about how an MPLS LSP
+actually forwards traffic throughout a network is to think of a GRE tunnel.
+They are not the same in how they operate, but they are the same in how they
+handle the tunneled packet. It would be good to think of MPLS as a tunneling
+technology that can be used to transport many different types of packets, to
+aid in traffic engineering by allowing one to specify paths throughout the
+network (using RSVP or SR), and to generally allow for easier intra/inter
+network transport of data packets.
+
+For more information on how MPLS label switching works, please go visit
+`Wikipedia (MPLS)`_.
+
+.. note:: MPLS support in VyOS is not finished yet, and therefore its
+   functionality is limited. Currently there is no support for MPLS enabled VPN
+   services such as L3VPNs, L2VPNs, and mVPNs. RSVP support is also not present
+   as the underlying routing stack (FRR) does not implement it. Currently VyOS
+   can be configured as a label switched router (MPLS P router), in both
+   penultimate and ultimate hop popping operations.
+
+Label Distribution Protocol
+===========================
+
+The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume
+a single protocol to create MPLS paths. VyOS supports the Label Distribution
+Protocol (LDP) as implemented by FRR, based on :rfc:`5036`.
+
+:abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling protocol
+that distributes labels creating MPLS label switched paths in a dynamic manner.
+LDP is not a routing protocol, as it relies on other routing protocols for
+forwarding decisions. LDP cannot bootstrap itself, and therefore relies on said
+routing protocols for communication with other routers that use LDP.
+
+In order to allow for LDP on the local router to exchange label advertisements
+with other routers, a TCP session will be established between automatically
+discovered and statically assigned routers. LDP will try to establish a TCP
+session to the **transport address** of other routers. Therefore for LDP to
+function properly please make sure the transport address is shown in the
+routing table and reachable to traffic at all times.
+
+It is highly recommended to use the same address for both the LDP router-id and
+the discovery transport address, but for VyOS MPLS LDP to work both parameters
+must be explicitly set in the configuration.
+
+Another thing to keep in mind with LDP is that much like BGP, it is a protocol
+that runs on top of TCP. It however does not have an ability to do something
+like a refresh capability like BGPs route refresh capability. Therefore one
+might have to reset the neighbor for a capability change or a configuration
+change to work.
+
+Configuration Options
+=====================
+
+.. cfgcmd:: set protocols mpls ldp interface <interface>
+
+  Use this command to enable LDP, and enable MPLS processing on the interface
+  you define.
+
+.. cfgcmd:: set protocols mpls ldp router-id <address>
+
+  Use this command to configure the IP address used as the LDP router-id of the
+  local device.
+
+.. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address <address>
+.. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address <address>
+
+  Use this command to set the IPv4 or IPv6 transport-address used by LDP.
+
+.. cfgcmd:: set protocols mpls ldp neighbor <address> password <password>
+
+  Use this command to configure authentication for LDP peers. Set the
+  IP address of the LDP peer and a password that should be shared in
+  order to become neighbors.
+
+.. cfgcmd:: set protocols mpls ldp neighbor <address> session-holdtime <seconds>
+
+  Use this command to configure a specific session hold time for LDP peers.
+  Set the IP address of the LDP peer and a session hold time that should be
+  configured for it. You may have to reset the neighbor for this to work.
+
+.. cfgcmd:: set protocols mpls ldp neighbor <address> ttl-security
+  <disable | hop count>
+
+  Use this command to enable, disable, or specify hop count for TTL security
+  for LDP peers. By default the value is set to 255 (or max TTL).
+
+.. cfgcmd:: set protocols mpls ldp discovery hello-ipv4-interval <seconds>
+.. cfgcmd:: set protocols mpls ldp discovery hello-ipv4-holdtime <seconds>
+.. cfgcmd:: set protocols mpls ldp discovery hello-ipv6-interval <seconds>
+.. cfgcmd:: set protocols mpls ldp discovery hello-ipv6-holdtime <seconds>
+
+  Use these commands if you would like to set the discovery hello and hold time
+  parameters.
+
+.. cfgcmd:: set protocols mpls ldp discovery session-ipv4-holdtime <seconds>
+.. cfgcmd:: set protocols mpls ldp discovery session-ipv6-holdtime <seconds>
+
+  Use this command if you would like to set the TCP session hold time intervals.
+
+.. cfgcmd:: set protocols mpls ldp import ipv4 import-filter filter-access-list
+  <access list number>
+.. cfgcmd:: set protocols mpls ldp import ipv6 import-filter filter-access-list6
+  <access list number>
+
+  Use these commands to control the importing of forwarding equivalence classes
+  (FECs) for LDP from neighbors. This would be useful for example on only
+  accepting the labeled routes that are needed and not ones that are not
+  needed, such as accepting loopback interfaces and rejecting all others.
+
+.. cfgcmd:: set protocols mpls ldp export ipv4 export-filter filter-access-list
+  <access list number>
+.. cfgcmd:: set protocols mpls ldp export ipv6 export-filter filter-access-list6
+  <access list number>
+
+  Use these commands to control the exporting of forwarding equivalence classes
+  (FECs) for LDP to neighbors. This would be useful for example on only
+  announcing the labeled routes that are needed and not ones that are not
+  needed, such as announcing loopback interfaces and no others.
+
+.. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null
+.. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null
+
+  Use this command if you would like for the router to advertise FECs with a
+  label of 0 for explicit null operations.
+
+.. cfgcmd:: set protocols mpls ldp allocation ipv4 access-list
+  <access list number>
+.. cfgcmd:: set protocols mpls ldp allocation ipv6 access-list6
+  <access list number>
+
+  Use this command if you would like to control the local FEC allocations for
+  LDP. A good example would be for your local router to not allocate a label for
+  everything. Just a label for what it's useful. A good example would be just a
+  loopback label.
+
+.. cfgcmd:: set protocols mpls ldp parameters cisco-interop-tlv
+
+  Use this command to use a Cisco non-compliant format to send and interpret
+  the Dual-Stack capability TLV for IPv6 LDP communications. This is related to
+  :rfc:`7552`.
+
+.. cfgcmd:: set protocols mpls ldp parameters ordered-control
+
+  Use this command to use ordered label distribution control mode. FRR
+  by default uses independent label distribution control mode for label
+  distribution.  This is related to :rfc:`5036`.
+
+.. cfgcmd:: set protocols mpls ldp parameters transport-prefer-ipv4
+
+  Use this command to prefer IPv4 for TCP peer transport connection for LDP
+  when both an IPv4 and IPv6 LDP address are configured on the same interface.
+
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 enable
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 enable
+
+  Use this command to enable targeted LDP sessions to the local router. The
+  router will then respond to any sessions that are trying to connect to it that
+  are not a link local type of TCP connection.
+
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 address <address>
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 address <address>
+
+  Use this command to enable the local router to try and connect with a targeted
+  LDP session to another router.
+
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 hello-holdtime
+  <seconds>
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 hello-interval
+  <seconds>
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 hello-holdtime
+  <seconds>
+.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 hello-interval
+  <seconds>
+
+  Use these commands if you would like to set the discovery hello and hold time
+  parameters for the targeted LDP neighbors.
+
+
+Sample configuration to setup LDP on VyOS
+-----------------------------------------
+
+.. code-block:: none
+
+  set protocols ospf area 0 network '192.168.255.252/32'                      <--- Routing for loopback
+  set protocols ospf area 0 network '192.168.0.5/32'                          <--- Routing for an interface connecting to the network
+  set protocols ospf parameters router-id '192.168.255.252'                   <--- Router ID setting for OSPF
+  set protocols mpls ldp discovery transport-ipv4-address '192.168.255.252'   <--- Transport address for LDP for TCP sessions to connect to
+  set protocols mpls ldp interface 'eth1'                                     <--- Enable MPLS and LDP for an interface connecting to network
+  set protocols mpls ldp interface 'lo'                                       <--- Enable MPLS and LDP on loopback for future services connectivity
+  set protocols mpls ldp router-id '192.168.255.252'                          <--- Router ID setting for LDP
+  set interfaces ethernet eth1 address '192.168.0.5/31'                       <--- Interface IP for connecting to network
+  set interfaces loopback lo address '192.168.255.252/32'                     <--- Interface loopback IP for router ID and other uses
+
+
+Operational Mode Commands
+=========================
+
+When LDP is working, you will be able to see label information in the outcome
+of ``show ip route``. Besides that information, there are also specific *show*
+commands for LDP:
+
+Show
+----
+
+.. opcmd:: show mpls ldp binding
+
+  Use this command to see the Label Information Base.
+
+.. opcmd:: show mpls ldp discovery
+
+  Use this command to see discovery hello information
+
+.. opcmd:: show mpls ldp interface
+
+  Use this command to see LDP interface information
+
+.. opcmd:: show mpls ldp neighbor
+
+  Use this command to see LDP neighbor information
+
+.. opcmd:: show mpls ldp neighbor detail
+
+  Use this command to see detailed LDP neighbor information
+
+Reset
+-----
+
+.. opcmd:: reset mpls ldp neighbor <IPv4 or IPv6 address>
+
+  Use this command to reset an LDP neighbor/TCP session that is established
+
+
+.. stop_vyoslinter
+
+.. _`Wikipedia (MPLS)`: https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
+
+.. start_vyoslinter
\ No newline at end of file
diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst
new file mode 100644
index 00000000..e1957cec
--- /dev/null
+++ b/docs/configuration/protocols/ospf.rst
@@ -0,0 +1,1019 @@
+.. _routing-ospf:
+
+####
+OSPF
+####
+
+:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet
+Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls
+into the group of interior gateway protocols (IGPs), operating within a single
+autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998)
+for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340`
+(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)`
+addressing model.
+
+OSPF is a widely used IGP in large enterprise networks.
+
+*************
+OSPFv2 (IPv4)
+*************
+
+Configuration
+=============
+
+General
+-------
+
+VyOS does not have a special command to start the OSPF process. The OSPF process
+starts when the first ospf enabled interface is configured.
+
+.. cfgcmd:: set protocols ospf area <number> network <A.B.C.D/M>
+
+   This command specifies the OSPF enabled interface(s). If the interface has
+   an address from defined range then the command enables OSPF on this
+   interface so router can provide network information to the other ospf
+   routers via this interface.
+
+   This command is also used to enable the OSPF process. The area number can be
+   specified in decimal notation in the range from 0 to 4294967295. Or it
+   can be specified in dotted decimal notation similar to ip address.
+
+.. cfgcmd:: set protocols ospf auto-cost reference-bandwidth <number>
+
+   This command sets the reference bandwidth for cost calculations, where
+   bandwidth can be in range from 1 to 4294967, specified in Mbits/s. The
+   default is 100Mbit/s (i.e. a link of bandwidth 100Mbit/s or higher will
+   have a cost of 1. Cost of lower bandwidth links will be scaled with
+   reference to this cost).
+
+.. cfgcmd:: set protocols ospf parameters router-id <rid>
+
+   This command sets the router-ID of the OSPF process. The router-ID may be an
+   IP address of the router, but need not be – it can be any arbitrary 32bit
+   number. However it MUST be unique within the entire OSPF domain to the OSPF
+   speaker – bad things will happen if multiple OSPF speakers are configured
+   with the same router-ID!
+
+
+Optional
+--------
+
+.. cfgcmd:: set protocols ospf default-information originate [always]
+   [metric <number>] [metric-type <1|2>] [route-map <name>]
+
+   Originate an AS-External (type-5) LSA describing a default route into all
+   external-routing capable areas, of the specified metric and metric type.
+   If the :cfgcmd:`always` keyword is given then the default is always
+   advertised, even when there is no default present in the routing table.
+   The argument :cfgcmd:`route-map` specifies to advertise the default route
+   if the route map is satisfied.
+
+.. cfgcmd:: set protocols ospf distance global <distance>
+
+   This command change distance value of OSPF globally.
+   The distance range is 1 to 255.
+
+.. cfgcmd:: set protocols ospf distance ospf <external|inter-area|intra-area>
+   <distance>
+
+   This command change distance value of OSPF. The arguments are the distance
+   values for external routes, inter-area routes and intra-area routes
+   respectively. The distance range is 1 to 255.
+
+   .. note:: Routes with a distance of 255 are effectively disabled and not
+      installed into the kernel.
+
+.. cfgcmd:: set protocols ospf log-adjacency-changes [detail]
+
+   This command allows to log changes in adjacency. With the optional
+   :cfgcmd:`detail` argument, all changes in adjacency status are shown.
+   Without :cfgcmd:`detail`, only changes to full or regressions are shown.
+
+.. cfgcmd:: set protocols ospf max-metric router-lsa
+   <administrative|on-shutdown <seconds>|on-startup <seconds>>
+
+   This enables :rfc:`3137` support, where the OSPF process describes its
+   transit links in its router-LSA as having infinite distance so that other
+   routers will avoid calculating transit paths through the router while
+   still being able to reach networks through the router.
+
+   This support may be enabled administratively (and indefinitely) with the
+   :cfgcmd:`administrative` command. It may also be enabled conditionally.
+   Conditional enabling of max-metric router-lsas can be for a period of
+   seconds after startup with the :cfgcmd:`on-startup <seconds>` command
+   and/or for a period of seconds prior to shutdown with the
+   :cfgcmd:`on-shutdown <seconds>` command. The time range is 5 to 86400.
+
+.. cfgcmd:: set protocols ospf parameters abr-type
+   <cisco|ibm|shortcut|standard>
+
+   This command selects ABR model. OSPF router supports four ABR models:
+
+   **cisco** – a router will be considered as ABR if it has several configured
+   links to the networks in different areas one of which is a backbone area.
+   Moreover, the link to the backbone area should be active (working).
+   **ibm** – identical to "cisco" model but in this case a backbone area link
+   may not be active.
+   **standard** – router has several active links to different areas.
+   **shortcut** – identical to "standard" but in this model a router is
+   allowed to use a connected areas topology without involving a backbone
+   area for inter-area connections.
+
+   Detailed information about "cisco" and "ibm" models differences can be
+   found in :rfc:`3509`. A "shortcut" model allows ABR to create routes
+   between areas based on the topology of the areas connected to this router
+   but not using a backbone area in case if non-backbone route will be
+   cheaper. For more information about "shortcut" model,
+   see :t:`ospf-shortcut-abr-02.txt`
+
+.. cfgcmd:: set protocols ospf parameters rfc1583-compatibility
+
+   :rfc:`2328`, the successor to :rfc:`1583`, suggests according to section
+   G.2 (changes) in section 16.4.1 a change to the path preference algorithm
+   that prevents possible routing loops that were possible in the old version
+   of OSPFv2. More specifically it demands that inter-area paths and
+   intra-area backbone path are now of equal preference but still both
+   preferred to external paths.
+
+   This command should NOT be set normally.
+
+.. cfgcmd:: set protocols ospf passive-interface <interface>
+
+   This command specifies interface as passive. Passive interface advertises
+   its address, but does not run the OSPF protocol (adjacencies are not formed
+   and hello packets are not generated).
+
+.. cfgcmd:: set protocols ospf passive-interface default
+
+   This command specifies all interfaces as passive by default. Because this
+   command changes the configuration logic to a default passive; therefore,
+   interfaces where router adjacencies are expected need to be configured
+   with the :cfgcmd:`passive-interface-exclude` command.
+
+.. cfgcmd:: set protocols ospf passive-interface-exclude <interface>
+
+   This command allows exclude interface from passive state. This command is
+   used if the command :cfgcmd:`passive-interface default` was configured.
+
+.. cfgcmd:: set protocols ospf refresh timers <seconds>
+
+   The router automatically updates link-state information with its neighbors.
+   Only an obsolete information is updated which age has exceeded a specific
+   threshold. This parameter changes a threshold value, which by default is
+   1800 seconds (half an hour). The value is applied to the whole OSPF router.
+   The timer range is 10 to 1800.
+
+.. cfgcmd:: set protocols ospf timers throttle spf
+   <delay|initial-holdtime|max-holdtime> <seconds>
+
+   This command sets the initial delay, the initial-holdtime and the
+   maximum-holdtime between when SPF is calculated and the event which
+   triggered the calculation. The times are specified in milliseconds and must
+   be in the range of 0 to 600000 milliseconds. :cfgcmd:`delay` sets the
+   initial SPF schedule delay in milliseconds. The default value is 200 ms.
+   :cfgcmd:`initial-holdtime` sets the minimum hold time between two
+   consecutive SPF calculations. The default value is 1000 ms.
+   :cfgcmd:`max-holdtime` sets the maximum wait time between two
+   consecutive SPF calculations. The default value is 10000 ms.
+
+
+Area Configuration
+------------------
+
+.. cfgcmd:: set protocols ospf area <number> area-type stub
+
+   This command specifies the area to be a Stub Area. That is, an area where
+   no router originates routes external to OSPF and hence an area where all
+   external routes are via the ABR(s). Hence, ABRs for such an area do not
+   need to pass AS-External LSAs (type-5) or ASBR-Summary LSAs (type-4) into
+   the area. They need only pass Network-Summary (type-3) LSAs into such an
+   area, along with a default-route summary.
+
+.. cfgcmd:: set protocols ospf area <number> area-type stub no-summary
+
+   This command specifies the area to be a Totally Stub Area. In addition to
+   stub area limitations this area type prevents an ABR from injecting
+   Network-Summary (type-3) LSAs into the specified stub area. Only default
+   summary route is allowed.
+
+.. cfgcmd:: set protocols ospf area <number> area-type stub default-cost
+   <number>
+
+   This command sets the cost of default-summary LSAs announced to stubby
+   areas. The cost range is 0 to 16777215.
+
+.. cfgcmd:: set protocols ospf area <number> area-type nssa
+
+   This command specifies the area to be a Not So Stubby Area. External
+   routing information is imported into an NSSA in Type-7 LSAs. Type-7 LSAs
+   are similar to Type-5 AS-external LSAs, except that they can only be
+   flooded into the NSSA. In order to further propagate the NSSA external
+   information, the Type-7 LSA must be translated to a Type-5 AS-external-LSA
+   by the NSSA ABR.
+
+.. cfgcmd:: set protocols ospf area <number> area-type nssa no-summary
+
+   This command specifies the area to be a NSSA Totally Stub Area. ABRs for
+   such an area do not need to pass Network-Summary (type-3) LSAs (except the
+   default summary route), ASBR-Summary LSAs (type-4) and AS-External LSAs
+   (type-5) into the area. But Type-7 LSAs that convert to Type-5 at the NSSA
+   ABR are allowed.
+
+.. cfgcmd:: set protocols ospf area <number> area-type nssa default-cost
+   <number>
+
+   This command sets the default cost of LSAs announced to NSSA areas.
+   The cost range is 0 to 16777215.
+
+.. cfgcmd:: set protocols ospf area <number> area-type nssa translate
+   <always|candidate|never>
+
+   Specifies whether this NSSA border router will unconditionally translate
+   Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are
+   translated into Type-5 LSAs regardless of the translator state of other
+   NSSA border routers. When role is Candidate, this router participates in
+   the translator election to determine if it will perform the translations
+   duties. When role is Never, this router will never translate Type-7 LSAs
+   into Type-5 LSAs.
+
+.. cfgcmd:: set protocols ospf area <number> authentication plaintext-password
+
+   This command specifies that simple password authentication should be used
+   for the given area. The password must also be configured on a per-interface
+   basis.
+
+.. cfgcmd:: set protocols ospf area <number> authentication md5
+
+   This command specify that OSPF packets must be authenticated with MD5 HMACs
+   within the given area. Keying material must also be configured on a
+   per-interface basis.
+
+.. cfgcmd:: set protocols ospf area <number> range <A.B.C.D/M> [cost <number>]
+
+   This command summarizes intra area paths from specified area into one
+   summary-LSA (Type-3) announced to other areas. This command can be used
+   only in ABR and ONLY router-LSAs (Type-1) and network-LSAs (Type-2)
+   (i.e. LSAs with scope area) can be summarized. AS-external-LSAs (Type-5)
+   can’t be summarized - their scope is AS. The optional argument
+   :cfgcmd:`cost` specifies the aggregated link metric. The metric range is 0
+   to 16777215.
+
+.. cfgcmd:: set protocols ospf area <number> range <A.B.C.D/M> not-advertise
+
+   This command instead of summarizing intra area paths filter them - i.e.
+   intra area paths from this range are not advertised into other areas.
+   This command makes sense in ABR only.
+
+.. cfgcmd:: set protocols ospf area <number> range <A.B.C.D/M> substitute
+   <E.F.G.H/M>
+
+   One Type-3 summary-LSA with routing info <E.F.G.H/M> is announced into
+   backbone area if defined area contains at least one intra-area network
+   (i.e. described with router-LSA or network-LSA) from range <A.B.C.D/M>.
+   This command makes sense in ABR only.
+
+.. cfgcmd:: set protocols ospf area <number> shortcut <default|disable|enable>
+
+   This parameter allows to "shortcut" routes (non-backbone) for inter-area
+   routes. There are three modes available for routes shortcutting:
+
+   **default** –  this area will be used for shortcutting only if ABR does not
+   have a link to the backbone area or this link was lost.
+   **enable** – the area will be used for shortcutting every time the route
+   that goes through it is cheaper.
+   **disable** – this area is never used by ABR for routes shortcutting.
+
+.. cfgcmd:: set protocols ospf area <number> virtual-link <A.B.C.D>
+
+   Provides a backbone area coherence by virtual link establishment.
+
+   In general, OSPF protocol requires a backbone area (area 0) to be coherent
+   and fully connected. I.e. any backbone area router must have a route to any
+   other backbone area router. Moreover, every ABR must have a link to
+   backbone area. However, it is not always possible to have a physical link
+   to a backbone area. In this case between two ABR (one of them has a link to
+   the backbone area) in the area (not stub area) a virtual link is organized.
+
+   <number> – area identifier through which a virtual link goes.
+   <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual
+   link must be configured on both routers.
+
+   Formally, a virtual link looks like a point-to-point network connecting two
+   ABR from one area one of which physically connected to a backbone area.
+   This pseudo-network is considered to belong to a backbone area.
+
+
+Interface Configuration
+-----------------------
+
+.. cfgcmd:: set protocols ospf interface <interface> authentication
+   plaintext-password <text>
+
+   This command sets OSPF authentication key to a simple password. After
+   setting, all OSPF packets are authenticated. Key has length up to 8 chars.
+
+   Simple text password authentication is insecure and deprecated in favour of
+   MD5 HMAC authentication.
+
+.. cfgcmd:: set protocols ospf interface <interface> authentication md5
+   key-id <id> md5-key <text>
+
+   This command specifys that MD5 HMAC authentication must be used on this
+   interface. It sets OSPF authentication key to a cryptographic password.
+   Key-id identifies secret key used to create the message digest. This ID
+   is part of the protocol and must be consistent across routers on a link.
+   The key can be long up to 16 chars (larger strings will be truncated),
+   and is associated with the given key-id.
+
+.. cfgcmd:: set protocols ospf interface <interface> bandwidth <number>
+
+   This command sets the interface bandwidth for cost calculations, where
+   bandwidth can be in range from 1 to 100000, specified in Mbits/s.
+
+.. cfgcmd:: set protocols ospf interface <interface> cost <number>
+
+   This command sets link cost for the specified interface. The cost value is
+   set to router-LSA’s metric field and used for SPF calculation. The cost
+   range is 1 to 65535.
+
+.. cfgcmd:: set protocols ospf interface <interface> dead-interval <number>
+
+   Set number of seconds for router Dead Interval timer value used for Wait
+   Timer and Inactivity Timer. This value must be the same for all routers
+   attached to a common network. The default value is 40 seconds. The
+   interval range is 1 to 65535.
+
+.. cfgcmd:: set protocols ospf interface <interface> hello-multiplier <number>
+
+   The hello-multiplier specifies how many Hellos to send per second, from 1
+   (every second) to 10 (every 100ms). Thus one can have 1s convergence time
+   for OSPF. If this form is specified, then the hello-interval advertised in
+   Hello packets is set to 0 and the hello-interval on received Hello packets
+   is not checked, thus the hello-multiplier need NOT be the same across
+   multiple routers on a common link.
+
+.. cfgcmd:: set protocols ospf interface <interface> hello-interval <number>
+
+   Set number of seconds for Hello Interval timer value. Setting this value,
+   Hello packet will be sent every timer value seconds on the specified
+   interface. This value must be the same for all routers attached to a
+   common network. The default value is 10 seconds. The interval range is 1
+   to 65535.
+
+.. cfgcmd:: set protocols ospf interface <interface> bfd
+
+   This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on
+   this OSPF link interface.
+
+.. cfgcmd:: set protocols ospf interface <interface> mtu-ignore
+
+   This command disables check of the MTU value in the OSPF DBD packets. Thus,
+   use of this command allows the OSPF adjacency to reach the FULL state even
+   though there is an interface MTU mismatch between two OSPF routers.
+
+.. cfgcmd:: set protocols ospf interface <interface> network <type>
+
+   This command allows to specify the distribution type for the network
+   connected to this interface:
+
+   **broadcast** – broadcast IP addresses distribution.
+   **non-broadcast** – address distribution in NBMA networks topology.
+   **point-to-multipoint** – address distribution in point-to-multipoint
+   networks.
+   **point-to-point** – address distribution in point-to-point networks.
+
+.. cfgcmd:: set protocols ospf interface <interface> priority <number>
+
+   This command sets Router Priority integer value. The router with the
+   highest priority will be more eligible to become Designated Router.
+   Setting the value to 0, makes the router ineligible to become
+   Designated Router. The default value is 1. The interval range is 0 to 255.
+
+.. cfgcmd:: set protocols ospf interface <interface> retransmit-interval
+   <number>
+
+   This command sets number of seconds for RxmtInterval timer value. This
+   value is used when retransmitting Database Description and Link State
+   Request packets if acknowledge was not received. The default value is 5
+   seconds. The interval range is 3 to 65535.
+
+.. cfgcmd:: set protocols ospf interface <interface> transmit-delay <number>
+
+   This command sets number of seconds for InfTransDelay value. It allows to
+   set and adjust for each interface the delay interval before starting the
+   synchronizing process of the router's database with all neighbors. The
+   default value is 1 seconds. The interval range is 3 to 65535.
+
+
+Manual Neighbor Configuration
+-----------------------------
+
+OSPF routing devices normally discover their neighbors dynamically by
+listening to the broadcast or multicast hello packets on the network.
+Because an NBMA network does not support broadcast (or multicast), the
+device cannot discover its neighbors dynamically, so you must configure all
+the neighbors statically.
+
+.. cfgcmd:: set protocols ospf neighbor <A.B.C.D>
+
+   This command specifies the IP address of the neighboring device.
+
+.. cfgcmd:: set protocols ospf neighbor <A.B.C.D> poll-interval <seconds>
+
+   This command specifies the length of time, in seconds, before the routing
+   device sends hello packets out of the interface before it establishes
+   adjacency with a neighbor. The range is 1 to 65535 seconds. The default
+   value is 60 seconds.
+
+.. cfgcmd:: set protocols ospf neighbor <A.B.C.D> priority <number>
+
+   This command specifies the router priority value of the nonbroadcast
+   neighbor associated with the IP address specified. The default is 0.
+   This keyword does not apply to point-to-multipoint interfaces.
+
+
+Redistribution Configuration
+----------------------------
+
+.. cfgcmd:: set protocols ospf redistribute <route source>
+
+   This command redistributes routing information from the given route source
+   to the OSPF process. There are five modes available for route source: bgp,
+   connected, kernel, rip, static.
+
+.. cfgcmd:: set protocols ospf default-metric <number>
+
+   This command specifies the default metric value of redistributed routes.
+   The metric range is 0 to 16777214.
+
+.. cfgcmd:: set protocols ospf redistribute <route source> metric <number>
+
+   This command specifies metric for redistributed routes from the given
+   route source. There are five modes available for route source: bgp,
+   connected, kernel, rip, static. The metric range is 1 to 16777214.
+
+.. cfgcmd:: set protocols ospf redistribute <route source> metric-type <1|2>
+
+   This command specifies metric type for redistributed routes. Difference
+   between two metric types that metric type 1 is a metric which is
+   "commensurable" with inner OSPF links. When calculating a metric to the
+   external destination, the full path metric is calculated as a metric sum
+   path of a router which had advertised this link plus the link metric.
+   Thus, a route with the least summary metric will be selected. If external
+   link is advertised with metric type 2 the path is selected which lies
+   through the router which advertised this link with the least metric
+   despite of the fact that internal path to this router is longer (with more
+   cost). However, if two routers advertised an external link and with metric
+   type 2 the preference is given to the path which lies through the router
+   with a shorter internal path. If two different routers advertised two
+   links to the same external destimation but with different metric type,
+   metric type 1 is preferred. If type of a metric left undefined the router
+   will consider these external links to have a default metric type 2.
+
+.. cfgcmd:: set protocols ospf redistribute <route source> route-map <name>
+
+   This command allows to use route map to filter redistributed routes from
+   the given route source. There are five modes available for route source:
+   bgp, connected, kernel, rip, static.
+
+
+Operational Mode Commands
+-------------------------
+
+.. opcmd:: show ip ospf neighbor
+
+   This command displays the neighbors status.
+
+.. code-block:: none
+
+   Neighbor ID     Pri State           Dead Time Address         Interface                        RXmtL RqstL DBsmL
+   10.0.13.1         1 Full/DR           38.365s 10.0.13.1       eth0:10.0.13.3                       0     0     0
+   10.0.23.2         1 Full/Backup       39.175s 10.0.23.2       eth1:10.0.23.3                       0     0     0
+
+.. opcmd:: show ip ospf neighbor detail
+
+   This command displays the neighbors information in a detailed form, not
+   just a summary table.
+
+.. code-block:: none
+
+   Neighbor 10.0.13.1, interface address 10.0.13.1
+      In the area 0.0.0.0 via interface eth0
+      Neighbor priority is 1, State is Full, 5 state changes
+      Most recent state change statistics:
+        Progressive change 11m55s ago
+      DR is 10.0.13.1, BDR is 10.0.13.3
+      Options 2 *|-|-|-|-|-|E|-
+      Dead timer due in 34.854s
+      Database Summary List 0
+      Link State Request List 0
+      Link State Retransmission List 0
+      Thread Inactivity Timer on
+      Thread Database Description Retransmision off
+      Thread Link State Request Retransmission on
+      Thread Link State Update Retransmission on
+
+  Neighbor 10.0.23.2, interface address 10.0.23.2
+     In the area 0.0.0.1 via interface eth1
+     Neighbor priority is 1, State is Full, 4 state changes
+     Most recent state change statistics:
+       Progressive change 41.193s ago
+     DR is 10.0.23.3, BDR is 10.0.23.2
+     Options 2 *|-|-|-|-|-|E|-
+     Dead timer due in 35.661s
+     Database Summary List 0
+     Link State Request List 0
+     Link State Retransmission List 0
+     Thread Inactivity Timer on
+     Thread Database Description Retransmision off
+     Thread Link State Request Retransmission on
+     Thread Link State Update Retransmission on
+
+.. opcmd:: show ip ospf neighbor <A.B.C.D>
+
+   This command displays the neighbors information in a detailed form for a
+   neighbor whose IP address is specified.
+
+.. opcmd:: show ip ospf neighbor <intname>
+
+   This command displays the neighbors status for a neighbor on the specified
+   interface.
+
+.. opcmd:: show ip ospf interface [<intname>]
+
+   This command displays state and configuration of OSPF the specified
+   interface, or all interfaces if no interface is given.
+
+.. code-block:: none
+
+   eth0 is up
+     ifindex 2, MTU 1500 bytes, BW 4294967295 Mbit <UP,BROADCAST,RUNNING,MULTICAST>
+     Internet Address 10.0.13.3/24, Broadcast 10.0.13.255, Area 0.0.0.0
+     MTU mismatch detection: enabled
+     Router ID 10.0.23.3, Network Type BROADCAST, Cost: 1
+     Transmit Delay is 1 sec, State Backup, Priority 1
+     Backup Designated Router (ID) 10.0.23.3, Interface Address 10.0.13.3
+     Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
+     Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
+       Hello due in 4.470s
+     Neighbor Count is 1, Adjacent neighbor count is 1
+   eth1 is up
+     ifindex 3, MTU 1500 bytes, BW 4294967295 Mbit <UP,BROADCAST,RUNNING,MULTICAST>
+     Internet Address 10.0.23.3/24, Broadcast 10.0.23.255, Area 0.0.0.1
+     MTU mismatch detection: enabled
+     Router ID 10.0.23.3, Network Type BROADCAST, Cost: 1
+     Transmit Delay is 1 sec, State DR, Priority 1
+     Backup Designated Router (ID) 10.0.23.2, Interface Address 10.0.23.2
+     Saved Network-LSA sequence number 0x80000002
+     Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
+     Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
+       Hello due in 4.563s
+     Neighbor Count is 1, Adjacent neighbor count is 1
+
+.. opcmd:: show ip ospf route
+
+   This command displays the OSPF routing table, as determined by the most
+   recent SPF calculation.
+
+.. code-block:: none
+
+   ============ OSPF network routing table ============
+   N IA 10.0.12.0/24          [3] area: 0.0.0.0
+                              via 10.0.13.3, eth0
+   N    10.0.13.0/24          [1] area: 0.0.0.0
+                              directly attached to eth0
+   N IA 10.0.23.0/24          [2] area: 0.0.0.0
+                              via 10.0.13.3, eth0
+   N    10.0.34.0/24          [2] area: 0.0.0.0
+                              via 10.0.13.3, eth0
+
+   ============ OSPF router routing table =============
+   R    10.0.23.3             [1] area: 0.0.0.0, ABR
+                              via 10.0.13.3, eth0
+   R    10.0.34.4             [2] area: 0.0.0.0, ASBR
+                              via 10.0.13.3, eth0
+
+   ============ OSPF external routing table ===========
+   N E2 172.16.0.0/24         [2/20] tag: 0
+                              via 10.0.13.3, eth0
+
+The table consists of following data:
+
+**OSPF network routing table** – includes a list of acquired routes for all
+accessible networks (or aggregated area ranges) of OSPF system. "IA" flag
+means that route destination is in the area to which the router is not
+connected, i.e. it’s an inter-area path. In square brackets a summary metric
+for all links through which a path lies to this network is specified. "via"
+prefix defines a router-gateway, i.e. the first router on the way to the
+destination (next hop).
+**OSPF router routing table** – includes a list of acquired routes to all
+accessible ABRs and ASBRs.
+**OSPF external routing table** – includes a list of acquired routes that are
+external to the OSPF process. "E" flag points to the external link metric type
+(E1 – metric type 1, E2 – metric type 2). External link metric is printed in
+the "<metric of the router which advertised the link>/<link metric>" format.
+
+.. opcmd:: show ip ospf border-routers
+
+   This command displays a table of paths to area boundary and autonomous
+   system boundary routers.
+
+.. opcmd:: show ip ospf database
+
+   This command displays a summary table with a database contents (LSA).
+
+.. code-block:: none
+
+          OSPF Router with ID (10.0.13.1)
+
+                   Router Link States (Area 0.0.0.0)
+
+   Link ID         ADV Router      Age  Seq#       CkSum  Link count
+   10.0.13.1       10.0.13.1        984 0x80000005 0xd915 1
+   10.0.23.3       10.0.23.3       1186 0x80000008 0xfe62 2
+   10.0.34.4       10.0.34.4       1063 0x80000004 0x4e3f 1
+
+                   Net Link States (Area 0.0.0.0)
+
+   Link ID         ADV Router      Age  Seq#       CkSum
+   10.0.13.1       10.0.13.1        994 0x80000003 0x30bb
+   10.0.34.4       10.0.34.4       1188 0x80000001 0x9411
+
+                   Summary Link States (Area 0.0.0.0)
+
+   Link ID         ADV Router      Age  Seq#       CkSum  Route
+   10.0.12.0       10.0.23.3       1608 0x80000001 0x6ab6 10.0.12.0/24
+   10.0.23.0       10.0.23.3        981 0x80000003 0xe232 10.0.23.0/24
+
+                   AS External Link States
+
+   Link ID         ADV Router      Age  Seq#       CkSum  Route
+   172.16.0.0      10.0.34.4       1063 0x80000001 0xc40d E2 172.16.0.0/24 [0x0]
+
+.. opcmd:: show ip ospf database <type> [A.B.C.D]
+  [adv-router <A.B.C.D>|self-originate]
+
+   This command displays a database contents for a specific link advertisement
+   type.
+
+   The type can be the following:
+   asbr-summary, external, network, nssa-external, opaque-area, opaque-as,
+   opaque-link, router, summary.
+
+   [A.B.C.D] – link-state-id. With this specified the command displays portion
+   of the network environment that is being described by the advertisement.
+   The value entered depends on the advertisement’s LS type. It must be
+   entered in the form of an IP address.
+
+   :cfgcmd:`adv-router <A.B.C.D>` – router id, which link advertisements need
+   to be reviewed.
+
+   :cfgcmd:`self-originate` displays only self-originated LSAs from the local
+   router.
+
+.. code-block:: none
+
+             OSPF Router with ID (10.0.13.1)
+
+                   Router Link States (Area 0.0.0.0)
+
+     LS age: 1213
+     Options: 0x2  : *|-|-|-|-|-|E|-
+     LS Flags: 0x3
+     Flags: 0x0
+     LS Type: router-LSA
+     Link State ID: 10.0.13.1
+     Advertising Router: 10.0.13.1
+     LS Seq Number: 80000009
+     Checksum: 0xd119
+     Length: 36
+
+      Number of Links: 1
+
+       Link connected to: a Transit Network
+        (Link ID) Designated Router address: 10.0.13.1
+        (Link Data) Router Interface address: 10.0.13.1
+        Number of TOS metrics: 0
+          TOS 0 Metric: 1
+
+.. opcmd:: show ip ospf database max-age
+
+   This command displays LSAs in MaxAge list.
+
+
+Configuration Example
+---------------------
+
+Below you can see a typical configuration using 2 nodes, redistribute loopback
+address and the node 1 sending the default route:
+
+**Node 1**
+
+.. code-block:: none
+
+  set interfaces loopback lo address 10.1.1.1/32
+  set protocols ospf area 0 network 192.168.0.0/24
+  set protocols ospf default-information originate always
+  set protocols ospf default-information originate metric 10
+  set protocols ospf default-information originate metric-type 2
+  set protocols ospf log-adjacency-changes
+  set protocols ospf parameters router-id 10.1.1.1
+  set protocols ospf redistribute connected metric-type 2
+  set protocols ospf redistribute connected route-map CONNECT
+
+  set policy route-map CONNECT rule 10 action permit
+  set policy route-map CONNECT rule 10 match interface lo
+
+**Node 2**
+
+.. code-block:: none
+
+  set interfaces loopback lo address 10.2.2.2/32
+  set protocols ospf area 0 network 192.168.0.0/24
+  set protocols ospf log-adjacency-changes
+  set protocols ospf parameters router-id 10.2.2.2
+  set protocols ospf redistribute connected metric-type 2
+  set protocols ospf redistribute connected route-map CONNECT
+
+  set policy route-map CONNECT rule 10 action permit
+  set policy route-map CONNECT rule 10 match interface lo
+
+
+*************
+OSPFv3 (IPv6)
+*************
+
+Configuration
+=============
+
+General
+-------
+
+VyOS does not have a special command to start the OSPFv3 process. The OSPFv3
+process starts when the first ospf enabled interface is configured.
+
+.. cfgcmd:: set protocols ospfv3 area <number> interface <interface>
+
+   This command specifies the OSPFv3 enabled interface. This command is also
+   used to enable the OSPF process. The area number can be specified in
+   decimal notation in the range from 0 to 4294967295. Or it can be specified
+   in dotted decimal notation similar to ip address.
+
+.. cfgcmd:: set protocols ospfv3 parameters router-id <rid>
+
+   This command sets the router-ID of the OSPFv3 process. The router-ID may be
+   an IP address of the router, but need not be – it can be any arbitrary
+   32bit number. However it MUST be unique within the entire OSPFv3 domain to
+   the OSPFv3 speaker – bad things will happen if multiple OSPFv3 speakers are
+   configured with the same router-ID!
+
+
+Optional
+--------
+
+.. cfgcmd:: set protocols ospfv3 distance global <distance>
+
+   This command change distance value of OSPFv3 globally.
+   The distance range is 1 to 255.
+
+.. cfgcmd:: set protocols ospfv3 distance ospfv3
+   <external|inter-area|intra-area> <distance>
+
+   This command change distance value of OSPFv3. The arguments are the
+   distance values for external routes, inter-area routes and intra-area
+   routes respectively. The distance range is 1 to 255.
+
+
+Area Configuration
+------------------
+
+.. cfgcmd:: set protocols ospfv3 area <number> range <prefix>
+
+   This command summarizes intra area paths from specified area into one
+   Type-3 Inter-Area Prefix LSA announced to other areas. This command can be
+   used only in ABR.
+
+.. cfgcmd:: set protocols ospfv3 area <number> range <prefix> not-advertise
+
+   This command instead of summarizing intra area paths filter them - i.e.
+   intra area paths from this range are not advertised into other areas. This
+   command makes sense in ABR only.
+
+
+Interface Configuration
+-----------------------
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 cost <number>
+
+   This command sets link cost for the specified interface. The cost value is
+   set to router-LSA’s metric field and used for SPF calculation. The cost
+   range is 1 to 65535.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 dead-interval
+   <number>
+
+   Set number of seconds for router Dead Interval timer value used for Wait
+   Timer and Inactivity Timer. This value must be the same for all routers
+   attached to a common network. The default value is 40 seconds. The
+   interval range is 1 to 65535.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 hello-interval
+   <number>
+
+   Set number of seconds for Hello Interval timer value. Setting this value,
+   Hello packet will be sent every timer value seconds on the specified
+   interface. This value must be the same for all routers attached to a
+   common network. The default value is 10 seconds. The interval range is 1
+   to 65535.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 mtu-ignore
+
+   This command disables check of the MTU value in the OSPF DBD packets.
+   Thus, use of this command allows the OSPF adjacency to reach the FULL
+   state even though there is an interface MTU mismatch between two OSPF
+   routers.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 network <type>
+
+   This command allows to specify the distribution type for the network
+   connected to this interface:
+
+   **broadcast** – broadcast IP addresses distribution.
+   **point-to-point** – address distribution in point-to-point networks.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 priority <number>
+
+   This command sets Router Priority integer value. The router with the
+   highest priority will be more eligible to become Designated Router.
+   Setting the value to 0, makes the router ineligible to become Designated
+   Router. The default value is 1. The interval range is 0 to 255.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 passive
+
+   This command specifies interface as passive. Passive interface advertises
+   its address, but does not run the OSPF protocol (adjacencies are not formed
+   and hello packets are not generated).
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 retransmit-interval
+   <number>
+
+   This command sets number of seconds for RxmtInterval timer value. This
+   value is used when retransmitting Database Description and Link State
+   Request packets if acknowledge was not received. The default value is 5
+   seconds. The interval range is 3 to 65535.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ipv6 ospfv3 transmit-delay
+   <number>
+
+   This command sets number of seconds for InfTransDelay value. It allows to
+   set and adjust for each interface the delay interval before starting the
+   synchronizing process of the router's database with all neighbors. The
+   default value is 1 seconds. The interval range is 3 to 65535.
+
+
+Redistribution Configuration
+----------------------------
+
+.. cfgcmd:: set protocols ospfv3 redistribute <route source>
+
+   This command redistributes routing information from the given route source
+   to the OSPFv3 process. There are five modes available for route source:
+   bgp, connected, kernel, ripng, static.
+
+.. cfgcmd:: set protocols ospf redistribute <route source> route-map <name>
+
+   This command allows to use route map to filter redistributed routes from
+   given route source. There are five modes available for route source: bgp,
+   connected, kernel, ripng, static.
+
+
+Operational Mode Commands
+-------------------------
+
+.. opcmd:: show ipv6 ospfv3 neighbor
+
+   This command displays the neighbors status.
+
+.. opcmd:: show ipv6 ospfv3 neighbor detail
+
+   This command displays the neighbors information in a detailed form, not
+   just a summary table.
+
+.. opcmd:: show ipv6 ospfv3 neighbor <A.B.C.D>
+
+   This command displays the neighbors information in a detailed form for
+   a neighbor whose IP address is specified.
+
+.. opcmd:: show ipv6 ospfv3 neighbor <intname>
+
+   This command displays the neighbors status for a neighbor on the specified
+   interface.
+
+.. opcmd:: show ipv6 ospfv3 interface [prefix]|[<intname> [prefix]]
+
+   This command displays state and configuration of OSPF the specified
+   interface, or all interfaces if no interface is given. Whith the argument
+   :cfgcmd:`prefix` this command shows connected prefixes to advertise.
+
+.. opcmd:: show ipv6 ospfv3 route
+
+   This command displays the OSPF routing table, as determined by the most
+   recent SPF calculation.
+
+.. opcmd:: show ipv6 ospfv3 border-routers
+
+   This command displays a table of paths to area boundary and autonomous
+   system boundary routers.
+
+.. opcmd:: show ipv6 ospfv3 database
+
+   This command displays a summary table with a database contents (LSA).
+
+.. opcmd:: show ipv6 ospfv3 database <type> [A.B.C.D]
+   [adv-router <A.B.C.D>|self-originate]
+
+   This command displays a database contents for a specific link
+   advertisement type.
+
+.. opcmd:: show ipv6 ospfv3 redistribute
+
+   This command displays external information redistributed into OSPFv3
+
+
+Configuration Example
+---------------------
+
+A typical configuration using 2 nodes.
+
+**Node 1:**
+
+.. code-block:: none
+
+  set protocols ospfv3 area 0.0.0.0 interface eth1
+  set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64
+  set protocols ospfv3 parameters router-id 192.168.1.1
+  set protocols ospfv3 redistribute connected
+
+**Node 2:**
+
+.. code-block:: none
+
+  set protocols ospfv3 area 0.0.0.0 interface eth1
+  set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64
+  set protocols ospfv3 parameters router-id 192.168.2.1
+  set protocols ospfv3 redistribute connected
+
+**To see the redistributed routes:**
+
+.. code-block:: none
+
+  show ipv6 ospfv3 redistribute
+
+.. note:: You cannot easily redistribute IPv6 routes via OSPFv3 on a
+   WireGuard interface link. This requires you to configure link-local
+   addresses manually on the WireGuard interfaces, see :vytask:`T1483`.
+
+Example configuration for WireGuard interfaces:
+
+**Node 1**
+
+.. code-block:: none
+
+  set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64'
+  set interfaces wireguard wg01 address '192.168.0.1/24'
+  set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0'
+  set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0'
+  set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345'
+  set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...='
+  set interfaces wireguard wg01 port '12345'
+  set protocols ospfv3 parameters router-id 192.168.1.1
+  set protocols ospfv3 area 0.0.0.0 interface 'wg01'
+  set protocols ospfv3 area 0.0.0.0 interface 'lo'
+
+**Node 2**
+
+.. code-block:: none
+
+  set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64'
+  set interfaces wireguard wg01 address '192.168.0.2/24'
+  set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0'
+  set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0'
+  set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345'
+  set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...='
+  set interfaces wireguard wg01 port '12345'
+  set protocols ospfv3 parameters router-id 192.168.1.2
+  set protocols ospfv3 area 0.0.0.0 interface 'wg01'
+  set protocols ospfv3 area 0.0.0.0 interface 'lo'
+
+**Status**
+
+.. code-block:: none
+
+  vyos@ospf01:~$ sh ipv6 ospfv3 neighbor
+  Neighbor ID     Pri    DeadTime    State/IfState         Duration I/F[State]
+  192.168.0.2       1    00:00:37     Full/PointToPoint    00:18:03 wg01[PointToPoint]
+
+  vyos@ospf02# run sh ipv6 ospfv3 neighbor
+  Neighbor ID     Pri    DeadTime    State/IfState         Duration I/F[State]
+  192.168.0.1       1    00:00:39     Full/PointToPoint    00:19:44 wg01[PointToPoint]
+
diff --git a/docs/configuration/protocols/pim.disable b/docs/configuration/protocols/pim.disable
new file mode 100644
index 00000000..1dd373d8
--- /dev/null
+++ b/docs/configuration/protocols/pim.disable
@@ -0,0 +1,2 @@
+PIM
+###
\ No newline at end of file
diff --git a/docs/configuration/protocols/rip.rst b/docs/configuration/protocols/rip.rst
new file mode 100644
index 00000000..4d46e2f0
--- /dev/null
+++ b/docs/configuration/protocols/rip.rst
@@ -0,0 +1,255 @@
+.. _rip:
+
+###
+RIP
+###
+
+:abbr:`RIP (Routing Information Protocol)` is a widely deployed interior gateway
+protocol. RIP was developed in the 1970s at Xerox Labs as part of the XNS
+routing protocol. RIP is a distance-vector protocol and is based on the
+Bellman-Ford algorithms. As a distance-vector protocol, RIP router send updates
+to its neighbors periodically, thus allowing the convergence to a known
+topology. In each update, the distance to any given network will be broadcast
+to its neighboring router.
+
+Supported versions of RIP are:
+
+ - RIPv1 as described in :rfc:`1058`
+ - RIPv2 as described in :rfc:`2453`
+
+General Configuration
+---------------------
+
+.. cfgcmd:: set protocols rip network <A.B.C.D/M>
+
+  This command enables RIP and sets the RIP enable interface by NETWORK.
+  The interfaces which have addresses matching with NETWORK are enabled.
+  
+.. cfgcmd:: set protocols rip interface <interface>
+
+  This command specifies a RIP enabled interface by interface name. Both
+  the sending and receiving of RIP packets will be enabled on the port
+  specified in this command.
+  
+.. cfgcmd:: set protocols rip neighbor <A.B.C.D>
+
+  This command specifies a RIP neighbor. When a neighbor doesn’t understand
+  multicast, this command is used to specify neighbors. In some cases, not
+  all routers will be able to understand multicasting, where packets are
+  sent to a network or a group of addresses. In a situation where a neighbor
+  cannot process multicast packets, it is necessary to establish a direct
+  link between routers.
+
+.. cfgcmd:: set protocols rip passive-interface interface <interface>
+
+  This command sets the specified interface to passive mode. On passive mode
+  interface, all receiving packets are processed as normal and VyOS does not
+  send either multicast or unicast RIP packets except to RIP neighbors
+  specified with neighbor command.
+  
+.. cfgcmd:: set protocols rip passive-interface interface default
+
+  This command specifies all interfaces to passive mode.
+
+
+Optional Configuration
+----------------------
+
+.. cfgcmd:: set protocols rip default-distance <distance>
+
+  This command change distance value of RIP. The distance range is 1 to 255.
+   
+   .. note:: Routes with a distance of 255 are effectively disabled and not
+      installed into the kernel.
+
+.. cfgcmd:: set protocols rip network-distance <A.B.C.D/M> distance <distance>
+
+  This command sets default RIP distance to specified value when the route’s
+  source IP address matches the specified prefix.
+  
+.. cfgcmd:: set protocols rip network-distance <A.B.C.D/M> access-list <name>
+
+  This command can be used with previous command to sets default RIP distance
+  to specified value when the route’s source IP address matches the specified
+  prefix and the specified access-list.
+
+.. cfgcmd:: set protocols rip default-information originate
+
+  This command generate a default route into the RIP.
+
+.. cfgcmd:: set protocols rip distribute-list access-list <in|out> <number>
+
+  This command can be used to filter the RIP path using access lists.
+  :cfgcmd:`in` and :cfgcmd:`out` this is the direction in which the access
+  lists are applied.
+  
+.. cfgcmd:: set protocols rip distribute-list interface <interface> access-list <in|out> <number>
+
+  This command allows you apply access lists to a chosen interface to
+  filter the RIP path.
+  
+.. cfgcmd:: set protocols rip distribute-list prefix-list <in|out> <name>
+
+  This command can be used to filter the RIP path using prefix lists.
+  :cfgcmd:`in` and :cfgcmd:`out` this is the direction in which the prefix
+  lists are applied.
+
+.. cfgcmd:: set protocols rip distribute-list interface <interface> prefix-list <in|out> <name>
+
+  This command allows you apply prefix lists to a chosen interface to
+  filter the RIP path.
+
+.. cfgcmd:: set protocols rip route <A.B.C.D/M>
+
+  This command is specific to FRR and VyOS. The route command makes a static
+  route only inside RIP. This command should be used only by advanced users
+  who are particularly knowledgeable about the RIP protocol. In most cases,
+  we recommend creating a static route in VyOS and redistributing it in RIP
+  using :cfgcmd:`redistribute static`.
+  
+.. cfgcmd:: set protocols rip timers update <seconds>
+
+  This command specifies the update timer. Every update timer seconds, the
+  RIP process is awakened to send an unsolicited response message containing
+  the complete routing table to all neighboring RIP routers. The time range
+  is 5 to 2147483647. The default value is 30 seconds.
+
+.. cfgcmd:: set protocols rip timers timeout <seconds>
+
+  This command specifies the timeout timer. Upon expiration of the timeout,
+  the route is no longer valid; however, it is retained in the routing table
+  for a short time so that neighbors can be notified that the route has been
+  dropped. The time range is 5 to 2147483647. The default value is 180
+  seconds.
+
+.. cfgcmd:: set protocols rip timers garbage-collection <seconds>
+
+  This command specifies the garbage-collection timer. Upon expiration of
+  the garbage-collection timer, the route is finally removed from the
+  routing table. The time range is 5 to 2147483647. The default value is 120
+  seconds.
+
+
+Redistribution Configuration
+----------------------------
+
+.. cfgcmd:: set protocols rip redistribute <route source>
+
+  This command redistributes routing information from the given route source
+  into the RIP tables. There are five modes available for route source: bgp,
+  connected, kernel, ospf, static.
+
+.. cfgcmd:: set protocols rip redistribute <route source> metric <metric>
+
+  This command specifies metric for redistributed routes from the given route
+  source. There are five modes available for route source: bgp, connected,
+  kernel, ospf, static. The metric range is 1 to 16. 
+  
+.. cfgcmd:: set protocols rip redistribute <route source> route-map <name>
+
+  This command allows to use route map to filter redistributed routes from
+  the given route source. There are five modes available for route source:
+  bgp, connected, kernel, ospf, static.
+
+.. cfgcmd:: set protocols rip default-metric <metric>
+
+  This command modifies the default metric (hop count) value for redistributed
+  routes. The metric range is 1 to 16. The default value is 1. This command
+  does not affect connected route even if it is redistributed by
+  :cfgcmd:`redistribute connected`. To modify connected route’s metric
+  value, please use :cfgcmd:`redistribute connected metric`.
+
+
+Interfaces Configuration
+------------------------
+
+.. cfgcmd:: set interfaces <inttype> <intname> ip rip authentication plaintext-password <text>
+
+  This command sets the interface with RIP simple password authentication.
+  This command also sets authentication string. The string must be shorter
+  than 16 characters.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ip rip authentication md5 <id> password <text>
+
+  This command sets the interface with RIP MD5 authentication. This command
+  also sets MD5 Key. The key must be shorter than 16 characters.
+
+.. cfgcmd:: set interfaces <inttype> <intname> ip rip split-horizon disable
+
+  This command disables split-horizon on the interface. By default, VyOS does
+  not advertise RIP routes out the interface over which they were learned
+  (split horizon).
+  
+.. cfgcmd:: set interfaces <inttype> <intname> ip rip split-horizon poison-reverse
+
+  This command enables poison-reverse on the interface. If both poison reverse
+  and split horizon are enabled, then VyOS advertises the learned routes
+  as unreachable over the interface on which the route was learned.
+
+
+Operational Mode Commands
+-------------------------
+
+.. opcmd:: show ip rip
+
+  This command displays RIP routes.
+
+.. code-block:: none
+
+  Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP
+  Sub-codes:
+        (n) - normal, (s) - static, (d) - default, (r) - redistribute,
+        (i) - interface
+  
+       Network            Next Hop         Metric From            Tag Time
+  C(i) 10.0.12.0/24       0.0.0.0               1 self              0
+  C(i) 10.0.13.0/24       0.0.0.0               1 self              0
+  R(n) 10.0.23.0/24       10.0.12.2             2 10.0.12.2         0 02:53
+
+.. opcmd:: show ip rip status
+
+  The command displays current RIP status. It includes RIP timer, filtering,
+  version, RIP enabled interface and RIP peer information.
+
+.. code-block:: none
+
+  Routing Protocol is "rip"
+    Sending updates every 30 seconds with +/-50%, next due in 11 seconds
+    Timeout after 180 seconds, garbage collect after 120 seconds
+    Outgoing update filter list for all interface is not set
+    Incoming update filter list for all interface is not set
+    Default redistribution metric is 1
+    Redistributing:
+    Default version control: send version 2, receive any version
+      Interface        Send  Recv   Key-chain
+      eth0             2     1 2
+      eth2             2     1 2
+    Routing for Networks:
+      10.0.12.0/24
+      eth0
+    Routing Information Sources:
+      Gateway          BadPackets BadRoutes  Distance Last Update
+      10.0.12.2                0         0       120   00:00:11
+    Distance: (default is 120)
+  
+
+Configuration Example
+---------------------
+
+Simple RIP configuration using 2 nodes and redistributing connected interfaces.
+
+**Node 1:**
+
+.. code-block:: none
+
+  set interfaces loopback address 10.1.1.1/32
+  set protocols rip network 192.168.0.0/24
+  set protocols rip redistribute connected
+
+**Node 2:**
+
+.. code-block:: none
+
+  set interfaces loopback address 10.2.2.2/32
+  set protocols rip network 192.168.0.0/24
+  set protocols rip redistribute connected
diff --git a/docs/configuration/protocols/ripng.disable b/docs/configuration/protocols/ripng.disable
new file mode 100644
index 00000000..dec6bddf
--- /dev/null
+++ b/docs/configuration/protocols/ripng.disable
@@ -0,0 +1,3 @@
+#####
+RIPng
+#####
\ No newline at end of file
diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst
new file mode 100644
index 00000000..d9884296
--- /dev/null
+++ b/docs/configuration/protocols/rpki.rst
@@ -0,0 +1,202 @@
+.. _rpki:
+
+####
+RPKI
+####
+
+.. pull-quote::
+
+   There are two types of Network Admins who deal with BGP, those who have
+   created an international incident and/or outage, and those who are lying
+
+   -- `tweet by EvilMog`_, 2020-02-21
+
+:abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:`PKI
+(Public Key Infrastructure)` designed to secure the Internet routing
+infrastructure. It associates BGP route announcements with the correct
+originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then
+use to check each route against the corresponding :abbr:`ROA (Route Origin
+Authorisation)` for validity. RPKI is described in :rfc:`6480`.
+
+A BGP-speaking router like VyOS can retrieve ROA information from RPKI
+"Relying Party software" (often just called an "RPKI server" or "RPKI
+validator") by using :abbr:`RTR (RPKI to Router)` protocol. There are several
+open source implementations to choose from, such as NLNetLabs' Routinator_
+(written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and
+RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described
+in :rfc:`8210`.
+
+.. tip::
+  If you are new to these routing security technologies then there is an
+  `excellent guide to RPKI`_ by NLnet Labs which will get you up to speed
+  very quickly. Their documentation explains everything from what RPKI is to
+  deploying it in production (albeit with a focus on using NLnet Labs'
+  tools). It also has some `help and operational guidance`_ including
+  "What can I do about my route having an Invalid state?"
+
+***************
+Getting started
+***************
+
+First you will need to deploy an RPKI validator for your routers to use. The
+RIPE NCC helpfully provide `some instructions`_ to get you started with
+several different options.  Once your server is running you can start
+validating announcements.
+
+Imported prefixes during the validation may have values:
+
+  valid
+    The prefix and ASN that originated it match a signed ROA. These are
+    probably trustworthy route announcements.
+
+  invalid
+    The prefix or prefix length and ASN that originated it doesn't
+    match any existing ROA. This could be the result of a prefix hijack, or
+    merely a misconfiguration, but should probably be treated as
+    untrustworthy route announcements.
+
+  notfound
+    No ROA exists which covers that prefix. Unfortunately this is the case
+    for about 80% of the IPv4 prefixes which were announced to the :abbr:`DFZ
+    (default-free zone)` at the start of 2020 (see more detail in
+    NLnet Labs' `RPKI analytics`_).
+
+.. note::
+  If you are responsible for the global addresses assigned to your
+  network, please make sure that your prefixes have ROAs associated with them
+  to avoid being `notfound` by RPKI. For most ASNs this will involve
+  publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE
+  NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged
+  to do whenever you plan to announce addresses into the DFZ.
+
+  Particularly large networks may wish to run their own RPKI certificate
+  authority and publication server instead of publishing ROAs via their RIR.
+  This is a subject far beyond the scope of VyOS' documentation. Consider
+  reading about Krill_ if this is a rabbit hole you need or especially want
+  to dive down.
+
+Features of the Current Implementation
+======================================
+
+In a nutshell, the current implementation provides the following features:
+
+* The BGP router can connect to one or more RPKI cache servers to receive
+  validated prefix to origin AS mappings. Advanced failover can be implemented
+  by server sockets with different preference values.
+
+* If no connection to an RPKI cache server can be established after a
+  pre-defined timeout, the router will process routes without prefix origin
+  validation. It still will try to establish a connection to an RPKI cache
+  server in the background.
+
+* By default, enabling RPKI does not change best path selection. In particular,
+  invalid prefixes will still be considered during best path selection. However,
+  the router can be configured to ignore all invalid prefixes.
+
+* Route maps can be configured to match a specific RPKI validation state. This
+  allows the creation of local policies, which handle BGP routes based on the
+  outcome of the Prefix Origin Validation.
+
+* Updates from the RPKI cache servers are directly applied and path selection is
+  updated accordingly. (Soft reconfiguration must be enabled for this to work).
+
+*************
+Configuration
+*************
+
+.. cfgcmd:: protocols rpki polling-period <1-86400>
+
+  Define the time interval to update the local cache
+
+  The default value is 300 seconds.
+
+.. cfgcmd:: protocols rpki cache <address> port <port>
+
+  Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching
+  instance which is used.
+
+  This is a mandatory setting.
+
+.. cfgcmd:: protocols rpki cache <address> preference <preference>
+
+  Multiple RPKI caching instances can be supplied and they need a preference in
+  which their result sets are used.
+
+  This is a mandatory setting.
+
+SSH
+===
+
+Connections to the RPKI caching server can not only be established by HTTP/TLS
+but you can also rely on a secure SSH session to the server. To enable SSH you
+first need to create yoursels an SSH client keypair using ``generate ssh
+client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup
+the connection.
+
+.. cfgcmd:: protocols rpki cache <address> ssh username <user>
+
+  SSH username to establish an SSH connection to the cache server.
+
+.. cfgcmd:: protocols rpki cache <address> ssh known-hosts-file <filepath>
+
+  Local path that includes the known hosts file.
+
+.. cfgcmd:: protocols rpki cache <address> ssh private-key-file <filepath>
+
+  Local path that includes the private key file of the router.
+
+.. cfgcmd:: protocols rpki cache <address> ssh public-key-file <filepath
+
+  Local path that includes the public key file of the router.
+
+.. note:: When using SSH, known-hosts-file, private-key-file and public-key-file
+  are mandatory options.
+
+*******
+Example
+*******
+
+We can build route-maps for import based on these states. Here is a simple
+RPKI configuration, where `routinator` is the RPKI-validating "cache"
+server with ip `192.0.2.1`:
+
+.. code-block:: none
+
+  set protocols rpki cache 192.0.2.1 port '3323'
+  set protocols rpki cache 192.0.2.1 preference '1'
+
+Here is an example route-map to apply to routes learned at import. In this
+filter we reject prefixes with the state `invalid`, and set a higher
+`local-preference` if the prefix is RPKI `valid` rather than merely
+`notfound`.
+
+.. code-block:: none
+
+  set policy route-map ROUTES-IN rule 10 action 'permit'
+  set policy route-map ROUTES-IN rule 10 match rpki 'valid'
+  set policy route-map ROUTES-IN rule 10 set local-preference '300'
+  set policy route-map ROUTES-IN rule 20 action 'permit'
+  set policy route-map ROUTES-IN rule 20 match rpki 'notfound'
+  set policy route-map ROUTES-IN rule 20 set local-preference '125'
+  set policy route-map ROUTES-IN rule 30 action 'deny'
+  set policy route-map ROUTES-IN rule 30 match rpki 'invalid'
+
+Once your routers are configured to reject RPKI-invalid prefixes, you can
+test whether the configuration is working correctly using the `RIPE Labs RPKI
+Test`_ experimental tool.
+
+.. stop_vyoslinter
+
+.. _tweet by EvilMog: https://twitter.com/Evil_Mog/status/1230924170508169216
+.. _Routinator: https://www.nlnetlabs.nl/projects/rpki/routinator/
+.. _GoRTR: https://github.com/cloudflare/gortr
+.. _OctoRPKI: https://github.com/cloudflare/cfrpki#octorpki
+.. _Validator: https://www.ripe.net/manage-ips-and-asns/resource-management/certification/tools-and-resources
+.. _some instructions: https://labs.ripe.net/Members/tashi_phuntsho_3/how-to-install-an-rpki-validator
+.. _Krill: https://www.nlnetlabs.nl/projects/rpki/krill/
+.. _RPKI analytics: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/
+.. _RIPE Labs RPKI Test: https://sg-pub.ripe.net/jasper/rpki-web-test/
+.. _excellent guide to RPKI: https://rpki.readthedocs.io/
+.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.htm
+
+.. start_vyoslinter
diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst
new file mode 100644
index 00000000..723db727
--- /dev/null
+++ b/docs/configuration/protocols/static.rst
@@ -0,0 +1,208 @@
+.. _static-routing:
+
+######
+Static
+######
+
+Static routes are manually configured routes, which, in general, cannot be
+updated dynamically from information VyOS learns about the network topology from
+other routing protocols. However, if a link fails, the router will remove
+routes, including static routes, from the :abbr:`RIPB (Routing Information
+Base)` that used this interface to reach the next hop. In general, static
+routes should only be used for very simple network topologies, or to override
+the behavior of a dynamic routing protocol for a small number of routes. The
+collection of all routes the router has learned from its configuration or from
+its dynamic routing protocols is stored in the RIB. Unicast routes are directly
+used to determine the forwarding table used for unicast packet forwarding.
+
+*************
+Static Routes
+*************
+
+.. cfgcmd:: set protocols static route <subnet> next-hop <address>
+
+   Configure next-hop `<address>` for an IPv4 static route. Multiple static
+   routes can be created.
+
+.. cfgcmd:: set protocols static route <subnet> next-hop <address> disable
+
+   Disable this IPv4 static route entry.
+
+.. cfgcmd:: set protocols static route <subnet> next-hop <address>
+   distance <distance>
+
+   Defines next-hop distance for this route, routes with smaller administrative
+   distance are elected prior those with a higher distance.
+
+   Range is 1 to 255, default is 1.
+
+   .. note:: Routes with a distance of 255 are effectively disabled and not
+      installed into the kernel.
+
+.. cfgcmd:: set protocols static route6 <subnet> next-hop <address>
+
+   Configure next-hop `<address>` for an IPv6 static route. Multiple static
+   routes can be created.
+
+.. cfgcmd:: set protocols static route6 <subnet> next-hop <address> disable
+
+   Disable this IPv6 static route entry.
+
+.. cfgcmd:: set protocols static route6 <subnet> next-hop <address>
+   distance <distance>
+
+   Defines next-hop distance for this route, routes with smaller administrative
+   distance are elected prior those with a higher distance.
+
+   Range is 1 to 255, default is 1.
+
+   .. note:: Routes with a distance of 255 are effectively disabled and not
+      installed into the kernel.
+
+
+Interface Routes
+================
+
+.. cfgcmd:: set protocols static route <subnet> interface
+   <interface>
+
+   Allows you to configure the next-hop interface for an interface-based IPv4
+   static route. `<interface>` will be the next-hop interface where trafic is
+   routed for the given `<subnet>`.
+
+.. cfgcmd:: set protocols static route <subnet> interface
+   <interface> disable
+
+   Disables interface-based IPv4 static route.
+
+.. cfgcmd:: set protocols static route <subnet> interface
+   <interface> distance <distance>
+
+   Defines next-hop distance for this route, routes with smaller administrative
+   distance are elected prior those with a higher distance.
+
+   Range is 1 to 255, default is 1.
+
+.. cfgcmd:: set protocols static route6 <subnet> interface
+   <interface>
+
+   Allows you to configure the next-hop interface for an interface-based IPv6
+   static route. `<interface>` will be the next-hop interface where trafic is
+   routed for the given `<subnet>`.
+
+.. cfgcmd:: set protocols static route6 <subnet> interface
+   <interface> disable
+
+   Disables interface-based IPv6 static route.
+
+.. cfgcmd:: set protocols static route6 <subnet> interface
+   <interface> distance <distance>
+
+   Defines next-hop distance for this route, routes with smaller administrative
+   distance are elected prior those with a higher distance.
+
+   Range is 1 to 255, default is 1.
+
+
+Blackhole
+=========
+
+.. cfgcmd:: set protocols static route <subnet> blackhole
+
+   Use this command to configure a "black-hole" route on the router. A
+   black-hole route is a route for which the system silently discard packets
+   that are matched. This prevents networks leaking out public interfaces, but
+   it does not prevent them from being used as a more specific route inside your
+   network.
+
+.. cfgcmd:: set protocols static route <subnet> blackhole distance <distance>
+
+   Defines blackhole distance for this route, routes with smaller administrative
+   distance are elected prior those with a higher distance.
+
+.. cfgcmd:: set protocols static route6 <subnet> blackhole
+
+   Use this command to configure a "black-hole" route on the router. A
+   black-hole route is a route for which the system silently discard packets
+   that are matched. This prevents networks leaking out public interfaces, but
+   it does not prevent them from being used as a more specific route inside your
+   network.
+
+.. cfgcmd:: set protocols static route6 <subnet> blackhole distance <distance>
+
+   Defines blackhole distance for this route, routes with smaller administrative
+   distance are elected prior those with a higher distance.
+
+
+Alternate Routing Tables
+========================
+
+TBD
+
+Alternate routing tables are used with policy based routing of by utilizing
+:ref:`vrf`.
+
+
+.. _routing-arp:
+
+###
+ARP
+###
+
+:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for
+discovering the link layer address, such as a MAC address, associated with a
+given internet layer address, typically an IPv4 address. This mapping is a
+critical function in the Internet protocol suite. ARP was defined in 1982 by
+:rfc:`826` which is Internet Standard STD 37.
+
+In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is
+provided by the Neighbor Discovery Protocol (NDP).
+
+To manipulate or display ARP_ table entries, the following commands are
+implemented.
+
+*********
+Configure
+*********
+
+.. cfgcmd:: set protocols static arp <address> hwaddr <mac>
+
+   This will configure a static ARP entry always resolving `<address>` to
+   `<mac>`.
+
+   Example:
+
+   .. code-block:: none
+
+     set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
+
+
+*********
+Operation
+*********
+
+
+.. opcmd:: show protocols static arp
+
+   Display all known ARP table entries spanning across all interfaces
+
+.. code-block:: none
+
+  vyos@vyos:~$ show protocols static arp
+  Address                  HWtype  HWaddress           Flags Mask     Iface
+  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1
+  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1
+
+
+.. opcmd:: show protocols static arp interface eth1
+
+   Display all known ARP table entries on a given interface only (`eth1`):
+
+.. code-block:: none
+
+  vyos@vyos:~$ show protocols static arp interface eth1
+  Address                  HWtype  HWaddress           Flags Mask     Iface
+  10.1.1.1                 ether   00:53:00:de:23:2e   C              eth1
+  10.1.1.100               ether   00:53:00:de:23:aa   CM             eth1
+
+.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol
diff --git a/docs/configuration/protocols/vrf.disable b/docs/configuration/protocols/vrf.disable
new file mode 100644
index 00000000..e7609a77
--- /dev/null
+++ b/docs/configuration/protocols/vrf.disable
@@ -0,0 +1,3 @@
+#############
+Protocols VRF
+#############