diff options
-rw-r--r-- | docs/_include/interface-xdp.txt | 27 | ||||
m--------- | docs/_include/vyos-1x | 0 | ||||
-rw-r--r-- | docs/configuration/highavailability/index.rst | 2 | ||||
-rw-r--r-- | docs/configuration/interfaces/bonding.rst | 8 | ||||
-rw-r--r-- | docs/configuration/interfaces/ethernet.rst | 36 | ||||
-rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 16 | ||||
-rw-r--r-- | docs/configuration/protocols/mpls.rst | 6 |
7 files changed, 79 insertions, 16 deletions
diff --git a/docs/_include/interface-xdp.txt b/docs/_include/interface-xdp.txt new file mode 100644 index 00000000..d87151fc --- /dev/null +++ b/docs/_include/interface-xdp.txt @@ -0,0 +1,27 @@ +.. cfgcmd:: set interfaces {{ var0 }} <interface> xdp + + Enable support for Linux :abbr:`XDP (eXpress Data Path)` on recent 1.3 rolling + releases. You must enable it for every interface which should participate in + the XDP forwarding. + + XDP is an eBPF based high performance data path merged in the Linux kernel + since version 4.8. The idea behind XDP is to add an early hook in the RX path + of the kernel, and let a user supplied eBPF program decide the fate of the + packet. The hook is placed in the NIC driver just after the interrupt + processing, and before any memory allocation needed by the network stack + itself, because memory allocation can be an expensive operation. + + .. warning:: This is highly experimental! + + .. note:: Enabling this feature will break any form of NAT or Firewalling on + this interface, as XDP is handled way earlier in the driver then iptables/ + nftables. + + Enabling this feature will only load the XDP router code as described here: + https://blog.apnic.net/2020/04/30/how-to-build-an-xdp-based-bgp-peering-router/ + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} xdp
\ No newline at end of file diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 86f377f65248263e85fd0156e22daf0daf3c5fc +Subproject 089b5f10aaa3f7976eb3f9165e805babdbf2a56 diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst index c4dc443f..a223c283 100644 --- a/docs/configuration/highavailability/index.rst +++ b/docs/configuration/highavailability/index.rst @@ -3,7 +3,7 @@ High availability ================= -VRRP (Virtual Redundancy Protocol) provides active/backup redundancy for +VRRP (Virtual Router Redundancy Protocol) provides active/backup redundancy for routers. Every VRRP router has a physical IP/IPv6 address, and a virtual address. On startup, routers elect the master, and the router with the highest priority becomes the master and assigns the virtual address to its interface. diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst index 92601b37..bf7cfc2c 100644 --- a/docs/configuration/interfaces/bonding.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -256,6 +256,13 @@ Bond options The maximum number of targets that can be specified is 16. The default value is no IP addresses. +Offloading +---------- + +.. cmdinclude:: /_include/interface-xdp.txt + :var0: bonding + :var1: bond0 + VLAN ==== @@ -265,6 +272,7 @@ VLAN Port Mirror (SPAN) ================== + .. cmdinclude:: ../../_include/interface-mirror.txt :var0: bonding :var1: bond1 diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index 25eebf25..3eae0d95 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -92,13 +92,9 @@ Offloading the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO. - .. warning:: Recent 1.3 rolling images also support XDP offloading which - stands for eXpress Data Path in the Linux Kernel. You must enable it for - every interface which should participate in the XDP forwarding. - - Enabling this feature will break any form of NAT or Firewalling on this - interface, as XDP is handled way earlier in the driver then NfTables. - +.. cmdinclude:: /_include/interface-xdp.txt + :var0: ethernet + :var1: eth0 VLAN ==== @@ -269,3 +265,29 @@ Operation Vendor SN : FNS092xxxxx Date code : 0506xx +.. stop_vyoslinter + +.. opcmd:: show interfaces ethernet <interface> xdp + + Display XDP forwarding statistics + + .. code-block:: none + + vyos@vyos:~$ show interfaces ethernet eth1 xdp + + Collecting stats from BPF map + - BPF map (bpf_map_type:6) id:176 name:xdp_stats_map key_size:4 value_size:16 max_entries:5 + XDP-action + XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250340 + XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250317 + XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250314 + XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313 + XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313 + + XDP-action + XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000410 + XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 0e4e9d74..2c273b34 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -317,16 +317,16 @@ commands: vyos@vyos:/config/my-easy-rsa-config$./easyrsa revoke client1 vyos@vyos:/config/my-easy-rsa-config$ ./easyrsa gen-crl -Copy the files to /config/auth/ovpn/ to use in OpenVPN tunnel creation +Copy the files to /config/auth/openvpn/ to use in OpenVPN tunnel creation .. code-block:: none - vyos@vyos:/config/my-easy-rsa-config$ sudo mkdir /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/ca.crt /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/dh.pem /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/private/central.key /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/issued/central.crt /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/crl.pem /config/auth/ovpn + vyos@vyos:/config/my-easy-rsa-config$ sudo mkdir /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/ca.crt /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/dh.pem /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/private/central.key /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/issued/central.crt /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/crl.pem /config/auth/openvpn Additionally, each client needs a copy of ca.crt and its own client key and cert files. The files are plaintext so they may be copied either manually, @@ -336,7 +336,7 @@ For example, Branch 1's router might have the following files: .. code-block:: none - vyos@branch1-rtr:$ ls /config/auth/ovpn + vyos@branch1-rtr:$ ls /config/auth/openvpn ca.crt branch1.crt branch1.key Client Authentication diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst index 3b59d8ea..312a0df2 100644 --- a/docs/configuration/protocols/mpls.rst +++ b/docs/configuration/protocols/mpls.rst @@ -155,6 +155,12 @@ Configuration Options the Dual-Stack capability TLV for IPv6 LDP communications. This is related to :rfc:`7552`. +.. cfgcmd:: set protocols mpls ldp parameters ordered-control + + Use this command to use ordered label distribution control mode. FRR + by default uses independent label distribution control mode for label + distribution. This is related to :rfc:`5036`. + .. cfgcmd:: set protocols mpls ldp parameters transport-prefer-ipv4 Use this command to prefer IPv4 for TCP peer transport connection for LDP |