summaryrefslogtreecommitdiff
path: root/docs/routing
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2021-01-24 22:14:00 +0100
committerGitHub <noreply@github.com>2021-01-24 22:14:00 +0100
commitc25c40dfa96dfeb022b203280c607c1f1835417b (patch)
treeed05f81d48c65639e621ee3a067f435cb204ea9e /docs/routing
parentce9f2016218f0c162bd48457a41a18db15e52749 (diff)
downloadvyos-documentation-c25c40dfa96dfeb022b203280c607c1f1835417b.tar.gz
vyos-documentation-c25c40dfa96dfeb022b203280c607c1f1835417b.zip
Migrate new file structure to crux (#435)
* order workflows and add submodule * rename gitmodules file * delete docs/.gitignore * add vyos custom linter * correct __pycache__ in gitignore * add test-coverage.py * move draw.io folder * arrange changelog, install history and about * arrange: firewall * arrange: highavailability * arrange: loadbalancing * arrange: nat * arrange: services * sort configexamples and configuration interfaces * wireles: rename wireless * rearrange: Protocols and Policy * rearrange: Firewall and Zone Policy * rearrange: Interfaces * rearrange: Interfaces * rearrange: dynamic DNS * hostinfo: add page to index * rearrange: appendix * venv: add Pipfile * rearrange: contributing * index: remove debugging * rearrange: fix all figure and refs * rearrange: commandtree * fix: cli, openvpn, install headline level * protocols: change headline * firewall: move mss clamping * ip: separate ipv4 and ipv6 * arp: move to static page * igmp: rename multicast page * Update to year 2021
Diffstat (limited to 'docs/routing')
-rw-r--r--docs/routing/arp.rst34
-rw-r--r--docs/routing/bgp.rst144
-rw-r--r--docs/routing/index.rst22
-rw-r--r--docs/routing/ip-commands.rst281
-rw-r--r--docs/routing/mss-clamp.rst64
-rw-r--r--docs/routing/multicast.rst246
-rw-r--r--docs/routing/ospf.rst139
-rw-r--r--docs/routing/pbr.rst98
-rw-r--r--docs/routing/rip.rst22
-rw-r--r--docs/routing/routing-policy.rst59
-rw-r--r--docs/routing/static.rst30
11 files changed, 0 insertions, 1139 deletions
diff --git a/docs/routing/arp.rst b/docs/routing/arp.rst
deleted file mode 100644
index 2d08e436..00000000
--- a/docs/routing/arp.rst
+++ /dev/null
@@ -1,34 +0,0 @@
-.. _routing-arp:
-
-Address Resolution Protocol (ARP)
----------------------------------
-
-To manipulate or display ARP_ table entries, the following commands are implemented.
-
-adding a static arp entry
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. code-block:: none
-
- set protocols static arp 10.1.1.100 hwaddr 08:00:27:de:23:aa
- commit
-
-display arp table entries
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. code-block:: none
-
- show protocols static arp
-
- Address HWtype HWaddress Flags Mask Iface
- 10.1.1.1 ether 08:00:27:de:23:2e C eth1
- 10.1.1.100 ether 08:00:27:de:23:aa CM eth1
-
-.. code-block:: none
-
- show protocols static arp interface eth1
- Address HWtype HWaddress Flags Mask Iface
- 10.1.1.1 ether 08:00:27:de:23:2e C eth1
- 10.1.1.100 ether 08:00:27:de:23:aa CM eth1
-
-.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol
diff --git a/docs/routing/bgp.rst b/docs/routing/bgp.rst
deleted file mode 100644
index f0550fd4..00000000
--- a/docs/routing/bgp.rst
+++ /dev/null
@@ -1,144 +0,0 @@
-.. _routing-bgp:
-
-Border Gateway Protocol (BGP)
------------------------------
-
-IPv4
-^^^^
-
-A simple eBGP configuration:
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols bgp 65534 neighbor 192.168.0.2 ebgp-multihop '2'
- set protocols bgp 65534 neighbor 192.168.0.2 remote-as '65535'
- set protocols bgp 65534 neighbor 192.168.0.2 update-source '192.168.0.1'
- set protocols bgp 65534 address-family ipv4-unicast network '172.16.0.0/16'
- set protocols bgp 65534 parameters router-id '192.168.0.1'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols bgp 65535 neighbor 192.168.0.1 ebgp-multihop '2'
- set protocols bgp 65535 neighbor 192.168.0.1 remote-as '65534'
- set protocols bgp 65535 neighbor 192.168.0.1 update-source '192.168.0.2'
- set protocols bgp 65535 address-family ipv4-unicast network '172.17.0.0/16'
- set protocols bgp 65535 parameters router-id '192.168.0.2'
-
-
-Don't forget, the CIDR declared in the network statement MUST **exist in your
-routing table (dynamic or static), the best way to make sure that is true is
-creating a static route:**
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols static route 172.16.0.0/16 blackhole distance '254'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols static route 172.17.0.0/16 blackhole distance '254'
-
-
-IPv6
-^^^^
-
-A simple BGP configuration via IPv6.
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols bgp 65534 neighbor 2001:db8::2 ebgp-multihop '2'
- set protocols bgp 65534 neighbor 2001:db8::2 remote-as '65535'
- set protocols bgp 65534 neighbor 2001:db8::2 update-source '2001:db8::1'
- set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast
- set protocols bgp 65534 address-family ipv6-unicast network '2001:db8:1::/48'
- set protocols bgp 65534 parameters router-id '10.1.1.1'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols bgp 65535 neighbor 2001:db8::1 ebgp-multihop '2'
- set protocols bgp 65535 neighbor 2001:db8::1 remote-as '65534'
- set protocols bgp 65535 neighbor 2001:db8::1 update-source '2001:db8::2'
- set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast
- set protocols bgp 65535 address-family ipv6-unicast network '2001:db8:2::/48'
- set protocols bgp 65535 parameters router-id '10.1.1.2'
-
-Don't forget, the CIDR declared in the network statement **MUST exist in your
-routing table (dynamic or static), the best way to make sure that is true is
-creating a static route:**
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols static route6 2001:db8:1::/48 blackhole distance '254'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols static route6 2001:db8:2::/48 blackhole distance '254'
-
-Route Filter
-^^^^^^^^^^^^
-
-Route filter can be applied using a route-map:
-
-**Node1:**
-
-.. code-block:: none
-
- set policy prefix-list AS65535-IN rule 10 action 'permit'
- set policy prefix-list AS65535-IN rule 10 prefix '172.16.0.0/16'
- set policy prefix-list AS65535-OUT rule 10 action 'deny'
- set policy prefix-list AS65535-OUT rule 10 prefix '172.16.0.0/16'
- set policy prefix-list6 AS65535-IN rule 10 action 'permit'
- set policy prefix-list6 AS65535-IN rule 10 prefix '2001:db8:2::/48'
- set policy prefix-list6 AS65535-OUT rule 10 action 'deny'
- set policy prefix-list6 AS65535-OUT rule 10 prefix '2001:db8:2::/48'
- set policy route-map AS65535-IN rule 10 action 'permit'
- set policy route-map AS65535-IN rule 10 match ip address prefix-list 'AS65535-IN'
- set policy route-map AS65535-IN rule 10 match ipv6 address prefix-list 'AS65535-IN'
- set policy route-map AS65535-IN rule 20 action 'deny'
- set policy route-map AS65535-OUT rule 10 action 'deny'
- set policy route-map AS65535-OUT rule 10 match ip address prefix-list 'AS65535-OUT'
- set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT'
- set policy route-map AS65535-OUT rule 20 action 'permit'
- set protocols bgp 65534 neighbor 2001:db8::2 route-map export 'AS65535-OUT'
- set protocols bgp 65534 neighbor 2001:db8::2 route-map import 'AS65535-IN'
-
-**Node2:**
-
-.. code-block:: none
-
- set policy prefix-list AS65534-IN rule 10 action 'permit'
- set policy prefix-list AS65534-IN rule 10 prefix '172.17.0.0/16'
- set policy prefix-list AS65534-OUT rule 10 action 'deny'
- set policy prefix-list AS65534-OUT rule 10 prefix '172.17.0.0/16'
- set policy prefix-list6 AS65534-IN rule 10 action 'permit'
- set policy prefix-list6 AS65534-IN rule 10 prefix '2001:db8:1::/48'
- set policy prefix-list6 AS65534-OUT rule 10 action 'deny'
- set policy prefix-list6 AS65534-OUT rule 10 prefix '2001:db8:1::/48'
- set policy route-map AS65534-IN rule 10 action 'permit'
- set policy route-map AS65534-IN rule 10 match ip address prefix-list 'AS65534-IN'
- set policy route-map AS65534-IN rule 10 match ipv6 address prefix-list 'AS65534-IN'
- set policy route-map AS65534-IN rule 20 action 'deny'
- set policy route-map AS65534-OUT rule 10 action 'deny'
- set policy route-map AS65534-OUT rule 10 match ip address prefix-list 'AS65534-OUT'
- set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT'
- set policy route-map AS65534-OUT rule 20 action 'permit'
- set protocols bgp 65535 neighbor 2001:db8::1 route-map export 'AS65534-OUT'
- set protocols bgp 65535 neighbor 2001:db8::1 route-map import 'AS65534-IN'
-
-We could expand on this and also deny link local and multicast in the rule 20
-action deny.
diff --git a/docs/routing/index.rst b/docs/routing/index.rst
deleted file mode 100644
index dcc67bc7..00000000
--- a/docs/routing/index.rst
+++ /dev/null
@@ -1,22 +0,0 @@
-.. _routing:
-
-Routing
-=======
-
-VyOS is a "router first" network operating system. It supports static routing,
-policy routing, and dynamic routing using standard protocols (RIP, OSPF, and
-BGP).
-
-.. toctree::
- :maxdepth: 1
-
- arp
- bgp
- ip-commands
- multicast
- ospf
- pbr
- rip
- routing-policy
- static
- mss-clamp
diff --git a/docs/routing/ip-commands.rst b/docs/routing/ip-commands.rst
deleted file mode 100644
index 60eb582a..00000000
--- a/docs/routing/ip-commands.rst
+++ /dev/null
@@ -1,281 +0,0 @@
-.. _ip-commands:
-
-***********
-IP commands
-***********
-
-
-IPv4
-====
-
-System configuration commands
------------------------------
-
-
-.. cfgcmd:: set system ip disable-forwarding
-
- Use this command to disable IPv4 forwarding on all interfaces.
-
-
-.. cfgcmd:: set system ip arp table-size <number>
-
- Use this command to define the maximum number of entries to keep in
- the ARP cache (1024, 2048, 4096, 8192, 16384, 32768).
-
-
-.. cfgcmd:: set system ip multipath layer4-hashing
-
- Use this command to use Layer 4 information for IPv4 ECMP hashing.
-
-
-Operational commands
---------------------
-
-
-show commands
-^^^^^^^^^^^^^
-
-See below the different parameters available for the IPv4 **show** command:
-
-.. code-block::
-
- vyos@vyos:~$ show ip
- Possible completions:
- access-list Show all IP access-lists
- as-path-access-list
- Show all as-path-access-lists
- bgp Show Border Gateway Protocol (BGP) information
- community-list
- Show IP community-lists
- extcommunity-list
- Show extended IP community-lists
- forwarding Show IP forwarding status
- groups Show IP multicast group membership
- igmp Show IGMP (Internet Group Management Protocol) information
- large-community-list
- Show IP large-community-lists
- multicast Show IP multicast
- ospf Show IPv4 Open Shortest Path First (OSPF) routing information
- pim Show PIM (Protocol Independent Multicast) information
- ports Show IP ports in use by various system services
- prefix-list Show all IP prefix-lists
- protocol Show IP route-maps per protocol
- rip Show Routing Information Protocol (RIP) information
- route Show IP routes
-
-
-reset commands
-^^^^^^^^^^^^^^
-
-And the different IPv4 **reset** commands available:
-
-.. code-block::
-
- vyos@vyos:~$ reset ip
- Possible completions:
- arp Reset Address Resolution Protocol (ARP) cache
- bgp Clear Border Gateway Protocol (BGP) statistics or status
- igmp IGMP clear commands
- multicast IP multicast routing table
- route Reset IP route
-
-
-IPv6
-====
-
-System configuration commands
------------------------------
-
-.. cfgcmd:: set system ipv6 disable
-
- Use this command to disable assignment of IPv6 addresses on all
- interfaces.
-
-
-.. cfgcmd:: set system ipv6 disable-forwarding
-
- Use this command to disable IPv6 forwarding on all interfaces.
-
-
-.. cfgcmd:: set system ipv6 neighbor table-size <number>
-
- Use this command to define the maximum number of entries to keep in
- the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768).
-
-
-.. cfgcmd:: set system ipv6 strict-dad
-
- Use this command to disable IPv6 operation on interface when
- Duplicate Address Detection fails on Link-Local address.
-
-
-.. cfgcmd:: set system ipv6 multipath layer4-hashing
-
- Use this command to user Layer 4 information for ECMP hashing.
-
-.. cfgcmd:: set system ipv6 blacklist
-
- Use this command to prevent the IPv6 kernel module from being loaded.
-
-
-
-Operational commands
---------------------
-
-Show commands
-^^^^^^^^^^^^^
-
-
-.. opcmd:: show ipv6 neighbors
-
- Use this command to show IPv6 Neighbor Discovery Protocol information.
-
-
-.. opcmd:: show ipv6 groups
-
- Use this command to show IPv6 multicast group membership.
-
-
-.. opcmd:: show ipv6 forwarding
-
- Use this command to show IPv6 forwarding status.
-
-.. opcmd:: show ipv6 route
-
- Use this command to show IPv6 routes.
-
-
- Check the many parameters available for the `show ipv6 route` command:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 route
- Possible completions:
- <Enter> Execute the current command
- <X:X::X:X> Show IPv6 routes of given address or prefix
- <X:X::X:X/M>
- bgp Show IPv6 BGP routes
- cache Show kernel IPv6 route cache
- connected Show IPv6 connected routes
- forward Show kernel IPv6 route table
- isis Show IPv6 ISIS routes
- kernel Show IPv6 kernel routes
- ospfv3 Show IPv6 OSPF6 routes
- ripng Show IPv6 RIPNG routes
- static Show IPv6 static routes
- summary Show IPv6 routes summary
- table Show IP routes in policy table
-
-
-.. opcmd:: show ipv6 prefix-list
-
- Use this command to show all IPv6 prefix lists
-
- There are different parameters for getting prefix-list information:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 prefix-list
- Possible completions:
- <Enter> Execute the current command
- <WORD> Show specified IPv6 prefix-list
- detail Show detail of IPv6 prefix-lists
- summary Show summary of IPv6 prefix-lists
-
-.. opcmd:: show ipv6 access-list
-
- Use this command to show all IPv6 access lists
-
- You can also specify which IPv6 access-list should be shown:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 access-list
- Possible completions:
- <Enter> Execute the current command
- <text> Show specified IPv6 access-list
-
-
-
-.. opcmd:: show ipv6 bgp
-
- Use this command to show IPv6 Border Gateway Protocol information.
-
-
- In addition, you can specify many other parameters to get BGP
- information:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 bgp
- Possible completions:
- <Enter> Execute the current command
- <X:X::X:X> Show BGP information for given address or prefix
- <X:X::X:X/M>
- community Show routes matching the communities
- community-list
- Show routes matching the community-list
- filter-list Show routes conforming to the filter-list
- large-community
- Show routes matching the large-community-list
- large-community-list
- neighbors Show detailed information on TCP and BGP neighbor connections
- prefix-list Show routes matching the prefix-list
- regexp Show routes matching the AS path regular expression
- summary Show summary of BGP neighbor status
-
-
-
-.. opcmd:: show ipv6 ospfv3
-
- Use this command to get information about OSPFv3.
-
- You can get more specific OSPFv3 information by using the parameters
- shown below:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 ospfv3
- Possible completions:
- <Enter> Execute the current command
- area Show OSPFv3 spf-tree information
- border-routers
- Show OSPFv3 border-router (ABR and ASBR) information
- database Show OSPFv3 Link state database information
- interface Show OSPFv3 interface information
- linkstate Show OSPFv3 linkstate routing information
- neighbor Show OSPFv3 neighbor information
- redistribute Show OSPFv3 redistribute External information
- route Show OSPFv3 routing table information
-
-.. opcmd:: show ipv6 ripng
-
- Use this command to get information about the RIPNG protocol
-
-.. opcmd:: show ipv6 ripng status
-
- Use this command to show the status of the RIPNG protocol
-
-
-
-Reset commands
-^^^^^^^^^^^^^^
-
-.. opcmd:: reset ipv6 bgp <address>
-
- Use this command to clear Border Gateway Protocol statistics or
- status.
-
-
-.. opcmd:: reset ipv6 neighbors <address | interface>
-
- Use this command to reset IPv6 Neighbor Discovery Protocol cache for
- an address or interface.
-
-.. opcmd:: reset ipv6 route cache
-
- Use this command to flush the kernel IPv6 route cache.
- An address can be added to flush it only for that route.
-
-
-
diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst
deleted file mode 100644
index a4edf1c6..00000000
--- a/docs/routing/mss-clamp.rst
+++ /dev/null
@@ -1,64 +0,0 @@
-.. _routing-mss-clamp:
-
-TCP-MSS Clamping
-----------------
-
-As Internet wide PMTU discovery rarely works, we sometimes need to clamp
-our TCP MSS value to a specific value. This is a field in the TCP
-Options part of a SYN packet. By setting the MSS value, you are telling
-the remote side unequivocally 'do not try to send me packets bigger than
-this value'.
-
-Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS
-value for IPv4 and IPv6.
-
-
-.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting
- in 1452 bytes on a 1492 byte MTU.
-
-
-IPv4
-^^^^
-
-.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes>
-
- Use this command to set the maximum segment size for IPv4 transit
- packets on a specific interface (500-1460 bytes).
-
-
-Example
-"""""""
-
-Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and
-`1372`
-for your WireGuard `wg02` tunnel.
-
-.. code-block:: none
-
- set firewall options interface pppoe0 adjust-mss '1452'
- set firewall options interface wg02 adjust-mss '1372'
-
-IPv6
-^^^^^
-
-.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes>
-
- Use this command to set the maximum segment size for IPv6 transit
- packets on a specific interface (1280-1492 bytes).
-
-
-Example
-"""""""
-
-Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
-`wg02` interface.
-
-.. code-block:: none
-
- set firewall options interface pppoe0 adjust-mss6 '1280'
- set firewall options interface wg02 adjust-mss6 '1280'
-
-
-
-.. hint:: When doing your byte calculations, you might find useful this
- `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_.
diff --git a/docs/routing/multicast.rst b/docs/routing/multicast.rst
deleted file mode 100644
index 421c9f0f..00000000
--- a/docs/routing/multicast.rst
+++ /dev/null
@@ -1,246 +0,0 @@
-.. _multicast:
-
-#########
-Multicast
-#########
-
-VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**,
-**IGMP** and **IGMP-Proxy**.
-
-
-************
-PIM and IGMP
-************
-
-PIM (Protocol Independent Multicast) must be configured in every
-interface of every participating router. Every router must also have the
-location of the Rendevouz Point manually configured. Then,
-unidirectional shared trees rooted at the Rendevouz Point will
-automatically be built for multicast distribution.
-
-Traffic from multicast sources will go to the Rendezvous Point, and
-receivers will pull it from a shared tree using IGMP (Internet Group
-Management Protocol).
-
-Multicast receivers will talk IGMP to their local router, so, besides
-having PIM configured in every router, IGMP must also be configured in
-any router where there could be a multicast receiver locally connected.
-
-VyOS supports both IGMP version 2 and version 3 (which allows
-source-specific multicast).
-
-
-Example
-=======
-
-In the following example we can see a basic multicast setup:
-
-.. image:: /_static/images/multicast-basic.png
- :width: 90%
- :align: center
- :alt: Network Topology Diagram
-
-
-
-**Router 1**
-
-.. code-block:: none
-
- set interfaces ethernet eth2 address '172.16.0.2/24'
- set interfaces ethernet eth1 address '100.64.0.1/24'
- set protocols ospf area 0 network '172.16.0.0/24'
- set protocols ospf area 0 network '100.64.0.0/24'
- set protocols igmp interface eth1
- set protocols pim interface eth1
- set protocols pim interface eth2
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-**Router 3**
-
-.. code-block:: none
-
- set interfaces dummy dum0 address '172.16.255.1/24'
- set interfaces ethernet eth0 address '172.16.0.1/24'
- set interfaces ethernet eth1 address '172.16.1.1/24'
- set protocols ospf area 0 network '172.16.0.0/24'
- set protocols ospf area 0 network '172.16.255.0/24'
- set protocols ospf area 0 network '172.16.1.0/24'
- set protocols pim interface dum0
- set protocols pim interface eth0
- set protocols pim interface eth1
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-**Router 2**
-
-.. code-block:: none
-
- set interfaces ethernet eth1 address '10.0.0.1/24'
- set interfaces ethernet eth2 address '172.16.1.2/24'
- set protocols ospf area 0 network '10.0.0.0/24'
- set protocols ospf area 0 network '172.16.1.0/24'
- set protocols pim interface eth1
- set protocols pim interface eth2
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-
-
-
-
-Basic commands
-==============
-
-These are the commands for a basic setup.
-
-.. cfgcmd:: set protocols pim interface <interface-name>
-
- Use this command to enable PIM in the selected interface so that it
- can communicate with PIM neighbors.
-
-
-.. cfgcmd:: set protocols pim rp address <address> group <multicast-address/mask-bits>
-
- Use this comand to manually configure a Rendevouz Point for PIM so
- that join messages can be sent there. Set the Rendevouz Point address
- and the matching prefix of group ranges covered. These values must
- be shared with every router participating in the PIM network.
-
-
-.. cfgcmd:: set protocols igmp interface eth1
-
- Use this command to configure an interface with IGMP so that PIM can
- receive IGMP reports and query on the selected interface. By defaul
- IGMP version 3 will be used.
-
-
-
-Tuning commands
-===============
-
-You can also tune multicast with the following commands.
-
-.. cfgcmd:: set protocols pim interface <interface> dr-priority <value>
-
- Use this PIM command in the selected interface to set the priority
- (1-4294967295) you want to influence in the election of a node to
- become the Designated Router for a LAN segment. The default priority
- is 1, set a higher value to give the router more preference in the
- DR election process.
-
-
-.. cfgcmd:: set protocols pim int <interface> hello <seconds>
-
- Use this command to configure the PIM hello interval in seconds
- (1-180) for the selected interface.
-
-
-.. cfgcmd:: set protocols pim rp keep-alive-timer <seconds>
-
- Use this PIM command to modify the the time out value (31-60000
- seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_
- flow. 31 seconds is chosen for a lower bound as some hardware
- platforms cannot see data flowing in better than 30 second chunks.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> join <multicast-address> source <IP-address>
-
- Use this command to allow the selected interface join a multicast
- group defining the multicast address you want to join and the source
- IP address too.
-
-
-.. cfgcmd:: set protocols igmp interface <interface query-interval <seconds>
-
- Use this command to configure in the selected interface the IGMP
- host query interval (1-1800) in seconds that PIM will use.
-
-
-.. cfgcmd:: set protocols igmp interface <interface query-max-response-time <deciseconds>
-
- Use this command to configure in the selected interface the IGMP
- query response timeout value (10-250) in deciseconds. If a report is
- not returned in the specified time, it will be asumed the `(S,G) or
- (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has
- timed out.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> version <version-number>
-
- Use this command to define in the selected interface whether you
- choose IGMP version 2 or 3. The default value is 3.
-
-
-
-**********
-IGMP Proxy
-**********
-
-:abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host
-messages on behalf of a connected client. The configuration must define
-one, and only one upstream interface, and one or more downstream
-interfaces.
-
-Configuration
-=============
-
-.. cfgcmd:: set protocols igmp-proxy interface <interface> role <upstream | downstream>
-
- * **upstream:** The upstream network interface is the outgoing interface
- which is responsible for communicating to available multicast data sources.
- There can only be one upstream interface.
-
- * **downstream:** Downstream network interfaces are the distribution
- interfaces to the destination networks, where multicast clients can join
- groups and receive multicast data. One or more downstream interfaces must
- be configured.
-
-.. cfgcmd:: set protocols igmp-proxy interface <interface> alt-subnet <network>
-
- Defines alternate sources for multicasting and IGMP data. The network address
- must be on the following format 'a.b.c.d/n'. By default the router will
- accept data from sources on the same network as configured on an interface.
- If the multicast source lies on a remote network, one must define from where
- traffic should be accepted.
-
- This is especially useful for the upstream interface, since the source for
- multicast traffic is often from a remote location.
-
- This option can be supplied multiple times.
-
-.. cfgcmd:: set protocols igmp-proxy disable-quickleave
-
- Disables quickleave mode. In this mode the daemon will not send a Leave IGMP
- message upstream as soon as it receives a Leave message for any downstream
- interface. The daemon will not ask for Membership reports on the downstream
- interfaces, and if a report is received the group is not joined again
- upstream.
-
- If it's vital that the daemon should act exactly as a real multicast client
- on the upstream interface, this function should be enabled.
-
- Enabling this function increases the risk of bandwidth saturation.
-
-.. cfgcmd:: set protocols igmp-proxy disable
-
- Disable this service.
-
-Example
--------
-
-Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23`
-subnet multicast which is in `eth0` WAN we need to configure igmp-proxy.
-
-.. code-block:: none
-
- set protocols igmp-proxy interface eth0 role upstream
- set protocols igmp-proxy interface eth0 alt-subnet 10.0.0.0/23
- set protocols igmp-proxy interface eth1 role downstream
-
-Operation
-=========
-
-.. opcmd:: restart igmp-proxy
-
- Restart the IGMP proxy process.
-
-
-
diff --git a/docs/routing/ospf.rst b/docs/routing/ospf.rst
deleted file mode 100644
index 1e70f644..00000000
--- a/docs/routing/ospf.rst
+++ /dev/null
@@ -1,139 +0,0 @@
-.. _routing-ospf:
-
-Open Shortest Path First (OSPF)
--------------------------------
-
-Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol
-(IP) networks. It uses a link state routing (LSR) algorithm and falls into the
-group of interior gateway protocols (IGPs), operating within a single autonomous
-system (AS). It is defined as OSPF Version 2 in RFC2328_ (1998) for IPv4. Updates
-for IPv6 are specified as OSPF Version 3 in RFC5340_ (2008). OSPF supports the
-Classless Inter-Domain Routing (CIDR) addressing model.
-
-OSPF is a widely used IGP in large enterprise networks.
-
-OSPFv2 (IPv4)
-^^^^^^^^^^^^^
-
-In order to have a VyOS system exchanging routes with OSPF neighbors, you will at least need to configure the area and a network,
-
-.. code-block:: none
-
- set protocols ospf area 0 network 192.168.0.0/24
-
-as well as the router ID.
-
-.. code-block:: none
-
- set protocols ospf parameters router-id 10.1.1.1
-
-That is the minimum configuration you will need.
-
-Below you can see a typical configuration using 2 nodes, redistribute loopback address and the node 1 sending the default route:
-
-**Node 1**
-
-.. code-block:: none
-
- set interfaces loopback lo address 10.1.1.1/32
- set protocols ospf area 0 network 192.168.0.0/24
- set protocols ospf default-information originate always
- set protocols ospf default-information originate metric 10
- set protocols ospf default-information originate metric-type 2
- set protocols ospf log-adjacency-changes
- set protocols ospf parameters router-id 10.1.1.1
- set protocols ospf redistribute connected metric-type 2
- set protocols ospf redistribute connected route-map CONNECT
-
- set policy route-map CONNECT rule 10 action permit
- set policy route-map CONNECT rule 10 match interface lo
-
-**Node 2**
-
-.. code-block:: none
-
- set interfaces loopback lo address 10.2.2.2/32
- set protocols ospf area 0 network 192.168.0.0/24
- set protocols ospf log-adjacency-changes
- set protocols ospf parameters router-id 10.2.2.2
- set protocols ospf redistribute connected metric-type 2
- set protocols ospf redistribute connected route-map CONNECT
-
- set policy route-map CONNECT rule 10 action permit
- set policy route-map CONNECT rule 10 match interface lo
-
-OSPFv3 (IPv6)
-^^^^^^^^^^^^^
-
-A typical configuration using 2 nodes.
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols ospfv3 area 0.0.0.0 interface eth1
- set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64
- set protocols ospfv3 parameters router-id 192.168.1.1
- set protocols ospfv3 redistribute connected
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols ospfv3 area 0.0.0.0 interface eth1
- set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64
- set protocols ospfv3 parameters router-id 192.168.2.1
- set protocols ospfv3 redistribute connected
-
-.. note:: You can not easily redistribute IPv6 routes via OSPFv3 on a WireGuard
- interface link. This requires you to configure link-local addresses manually
- on the WireGuard interfaces, see Phabricator task T1483_.
-
-Example configuration for WireGuard interfaces:
-
-**Node 1**
-
-.. code-block:: none
-
- set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64'
- set interfaces wireguard wg01 address '192.168.0.1/24'
- set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0'
- set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0'
- set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345'
- set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...='
- set interfaces wireguard wg01 port '12345'
- set protocols ospfv3 parameters router-id 192.168.1.1
- set protocols ospfv3 area 0.0.0.0 interface 'wg01'
- set protocols ospfv3 area 0.0.0.0 interface 'lo'
-
-**Node 2**
-
-.. code-block:: none
-
- set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64'
- set interfaces wireguard wg01 address '192.168.0.2/24'
- set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0'
- set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0'
- set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345'
- set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...='
- set interfaces wireguard wg01 port '12345'
- set protocols ospfv3 parameters router-id 192.168.1.2
- set protocols ospfv3 area 0.0.0.0 interface 'wg01'
- set protocols ospfv3 area 0.0.0.0 interface 'lo'
-
-**Status**
-
-.. code-block:: none
-
- vyos@ospf01:~$ sh ipv6 ospfv3 neighbor
- Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
- 192.168.0.2 1 00:00:37 Full/PointToPoint 00:18:03 wg01[PointToPoint]
-
- vyos@ospf02# run sh ipv6 ospfv3 neighbor
- Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
- 192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint]
-
-.. _RFC2328: https://tools.ietf.org/html/rfc2328
-.. _RFC5340: https://tools.ietf.org/html/rfc2340
-.. _T1483: https://phabricator.vyos.net/T1483
-
diff --git a/docs/routing/pbr.rst b/docs/routing/pbr.rst
deleted file mode 100644
index b86e1c0b..00000000
--- a/docs/routing/pbr.rst
+++ /dev/null
@@ -1,98 +0,0 @@
-.. _routing-pbr:
-
-Policy-Based Routing (PBR)
---------------------------
-
-VyOS supports Policy Routing, allowing traffic to be assigned to a different
-routing table. Traffic can be matched using standard 5-tuple matching (source
-address, destination address, protocol, source port, destination port).
-
-Transparent Proxy
-^^^^^^^^^^^^^^^^^
-
-The following example will show how VyOS can be used to redirect web traffic to
-an external transparent proxy:
-
-.. code-block:: none
-
- set policy route FILTER-WEB rule 1000 destination port 80
- set policy route FILTER-WEB rule 1000 protocol tcp
- set policy route FILTER-WEB rule 1000 set table 100
-
-This creates a route policy called FILTER-WEB with one rule to set the routing
-table for matching traffic (TCP port 80) to table ID 100 instead of the
-default routing table.
-
-To create routing table 100 and add a new default gateway to be used by
-traffic matching our route policy:
-
-.. code-block:: none
-
- set protocols static table 100 route 0.0.0.0/0 next-hop 10.255.0.2
-
-This can be confirmed using the show ip route table 100 operational command.
-
-Finally, to apply the policy route to ingress traffic on our LAN interface,
-we use:
-
-.. code-block:: none
-
- set interfaces ethernet eth1 policy route FILTER-WEB
-
-
-Multiple Uplinks
-^^^^^^^^^^^^^^^^
-
-VyOS Policy-Based Routing (PBR) works by matching source IP address ranges and
-forwarding the traffic using different routing tables.
-
-Routing tables that will be used in this example are:
-
-* ``table 10`` Routing tabled used for VLAN 10 (192.168.188.0/24)
-* ``table 11`` Routing tabled used for VLAN 11 (192.168.189.0/24)
-* ``main`` Routing table used by VyOS and other interfaces not paritipating in PBR
-
-.. figure:: ../_static/images/pbr_example_1.png
- :scale: 80 %
- :alt: PBR multiple uplinks
-
- Policy-Based Routing with multiple ISP uplinks (source ./draw.io/pbr_example_1.drawio)
-
-Add default routes for routing ``table 10`` and ``table 11``
-
-.. code-block:: none
-
- set protocols static table 10 route 0.0.0.0/0 next-hop 192.0.1.1
- set protocols static table 11 route 0.0.0.0/0 next-hop 192.0.2.2
-
-Add policy route matching VLAN source addresses
-
-.. code-block:: none
-
- set policy route PBR rule 20 set table '10'
- set policy route PBR rule 20 description 'Route VLAN10 traffic to table 10'
- set policy route PBR rule 20 source address '192.168.188.0/24'
-
- set policy route PBR rule 30 set table '11'
- set policy route PBR rule 30 description 'Route VLAN11 traffic to table 11'
- set policy route PBR rule 30 source address '192.168.189.0/24'
-
-Apply routing policy to **inbound** direction of out VLAN interfaces
-
-.. code-block:: none
-
- set interfaces ethernet eth0 vif 10 policy route 'PBR'
- set interfaces ethernet eth0 vif 11 policy route 'PBR'
-
-
-**OPTIONAL:** Exclude Inter-VLAN traffic (between VLAN10 and VLAN11) from PBR
-
-.. code-block:: none
-
- set policy route PBR rule 10 description 'VLAN10 <-> VLAN11 shortcut'
- set policy route PBR rule 10 destination address '192.168.188.0/24'
- set policy route PBR rule 10 destination address '192.168.189.0/24'
- set policy route PBR rule 10 set table 'main'
-
-.. note:: Allows the VLAN10 and VLAN20 hosts to communicate with each other using the
- main routing table.
diff --git a/docs/routing/rip.rst b/docs/routing/rip.rst
deleted file mode 100644
index da00e7b1..00000000
--- a/docs/routing/rip.rst
+++ /dev/null
@@ -1,22 +0,0 @@
-.. _routing-rip:
-
-Routing Information Protocol (RIP)
-----------------------------------
-
-Simple RIP configuration using 2 nodes and redistributing connected interfaces.
-
-**Node 1:**
-
-.. code-block:: none
-
- set interfaces loopback address 10.1.1.1/32
- set protocols rip network 192.168.0.0/24
- set protocols rip redistribute connected
-
-**Node 2:**
-
-.. code-block:: none
-
- set interfaces loopback address 10.2.2.2/32
- set protocols rip network 192.168.0.0/24
- set protocols rip redistribute connected
diff --git a/docs/routing/routing-policy.rst b/docs/routing/routing-policy.rst
deleted file mode 100644
index 847f3574..00000000
--- a/docs/routing/routing-policy.rst
+++ /dev/null
@@ -1,59 +0,0 @@
-
-Routing-policy
---------------
-
-Routing Policies could be used to tell the router (self or neighbors) what routes and their attributes needs to be put into the routing table.
-
-There could be a wide range of routing policies. Some examples are below:
-
- * Set some metric to routes learned from a particular neighbor
- * Set some attributes (like AS PATH or Community value) to advertised routes to neighbors
- * Prefer a specific routing protocol routes over another routing protocol running on the same router
-
-Routing Policy Example
-~~~~~~~~~~~~~~~~~~~~~~
-
-**Policy definition:**
-
-.. code-block:: none
-
- #Create policy
- set policy route-map setmet rule 2 action 'permit'
- set policy route-map setmet rule 2 set as-path-prepend '2 2 2'
-
- #Apply policy to BGP
- set protocols bgp 1 neighbor 1.1.1.2 address-family ipv4-unicast route-map import 'setmet'
- set protocols bgp 1 neighbor 1.1.1.2 address-family ipv4-unicast soft-reconfiguration 'inbound' <<<< ***
-
- *** get policy update without bouncing the neighbor
-
-**Routes learned before routing policy applied:**
-
-.. code-block:: none
-
- vyos@vos1:~$ show ip bgp
- BGP table version is 0, local router ID is 192.168.56.101
- Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
- r RIB-failure, S Stale, R Removed
- Origin codes: i - IGP, e - EGP, ? - incomplete
-
- Network Next Hop Metric LocPrf Weight Path
- *> 22.22.22.22/32 1.1.1.2 1 0 2 i < Path
-
- Total number of prefixes 1
-
-**Routes learned after routing policy applied:**
-
-.. code-block:: none
-
- vyos@vos1:~$ sho ip b
- BGP table version is 0, local router ID is 192.168.56.101
- Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
- r RIB-failure, S Stale, R Removed
- Origin codes: i - IGP, e - EGP, ? - incomplete
-
- Network Next Hop Metric LocPrf Weight Path
- *> 22.22.22.22/32 1.1.1.2 1 0 2 2 2 2 i < longer AS_path length
-
- Total number of prefixes 1
- vyos@vos1:~$
diff --git a/docs/routing/static.rst b/docs/routing/static.rst
deleted file mode 100644
index 01e88988..00000000
--- a/docs/routing/static.rst
+++ /dev/null
@@ -1,30 +0,0 @@
-.. _routing-static:
-
-Static
-------
-
-Static routes are manually configured network routes.
-
-A typical use for a static route is a static default route for systems that do
-not make use of DHCP or dynamic routing protocols:
-
-.. code-block:: none
-
- set protocols static route 0.0.0.0/0 next-hop 10.1.1.1 distance '1'
-
-Another common use of static routes is to blackhole (drop) traffic. In the
-example below, RFC1918_ networks are set as blackhole routes.
-
-This prevents these networks leaking out public interfaces, but it does not prevent
-them from being used as the most specific route has the highest priority.
-
-.. code-block:: none
-
- set protocols static route 10.0.0.0/8 blackhole distance '254'
- set protocols static route 172.16.0.0/12 blackhole distance '254'
- set protocols static route 192.168.0.0/16 blackhole distance '254'
-
-.. note:: Routes with a distance of 255 are effectively disabled and not
- installed into the kernel.
-
-.. _RFC1918: https://tools.ietf.org/html/rfc1918