summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/_include/interface-xdp.txt27
m---------docs/_include/vyos-1x0
-rw-r--r--docs/configuration/highavailability/index.rst2
-rw-r--r--docs/configuration/interfaces/bonding.rst8
-rw-r--r--docs/configuration/interfaces/ethernet.rst36
-rw-r--r--docs/configuration/interfaces/openvpn.rst16
-rw-r--r--docs/configuration/protocols/mpls.rst6
7 files changed, 79 insertions, 16 deletions
diff --git a/docs/_include/interface-xdp.txt b/docs/_include/interface-xdp.txt
new file mode 100644
index 00000000..d87151fc
--- /dev/null
+++ b/docs/_include/interface-xdp.txt
@@ -0,0 +1,27 @@
+.. cfgcmd:: set interfaces {{ var0 }} <interface> xdp
+
+ Enable support for Linux :abbr:`XDP (eXpress Data Path)` on recent 1.3 rolling
+ releases. You must enable it for every interface which should participate in
+ the XDP forwarding.
+
+ XDP is an eBPF based high performance data path merged in the Linux kernel
+ since version 4.8. The idea behind XDP is to add an early hook in the RX path
+ of the kernel, and let a user supplied eBPF program decide the fate of the
+ packet. The hook is placed in the NIC driver just after the interrupt
+ processing, and before any memory allocation needed by the network stack
+ itself, because memory allocation can be an expensive operation.
+
+ .. warning:: This is highly experimental!
+
+ .. note:: Enabling this feature will break any form of NAT or Firewalling on
+ this interface, as XDP is handled way earlier in the driver then iptables/
+ nftables.
+
+ Enabling this feature will only load the XDP router code as described here:
+ https://blog.apnic.net/2020/04/30/how-to-build-an-xdp-based-bgp-peering-router/
+
+ Example:
+
+ .. code-block:: none
+
+ set interfaces {{ var0 }} {{ var1 }} xdp \ No newline at end of file
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject 86f377f65248263e85fd0156e22daf0daf3c5fc
+Subproject 089b5f10aaa3f7976eb3f9165e805babdbf2a56
diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst
index c4dc443f..a223c283 100644
--- a/docs/configuration/highavailability/index.rst
+++ b/docs/configuration/highavailability/index.rst
@@ -3,7 +3,7 @@
High availability
=================
-VRRP (Virtual Redundancy Protocol) provides active/backup redundancy for
+VRRP (Virtual Router Redundancy Protocol) provides active/backup redundancy for
routers. Every VRRP router has a physical IP/IPv6 address, and a virtual
address. On startup, routers elect the master, and the router with the highest
priority becomes the master and assigns the virtual address to its interface.
diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst
index 92601b37..bf7cfc2c 100644
--- a/docs/configuration/interfaces/bonding.rst
+++ b/docs/configuration/interfaces/bonding.rst
@@ -256,6 +256,13 @@ Bond options
The maximum number of targets that can be specified is 16. The default value
is no IP addresses.
+Offloading
+----------
+
+.. cmdinclude:: /_include/interface-xdp.txt
+ :var0: bonding
+ :var1: bond0
+
VLAN
====
@@ -265,6 +272,7 @@ VLAN
Port Mirror (SPAN)
==================
+
.. cmdinclude:: ../../_include/interface-mirror.txt
:var0: bonding
:var1: bond1
diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst
index 25eebf25..3eae0d95 100644
--- a/docs/configuration/interfaces/ethernet.rst
+++ b/docs/configuration/interfaces/ethernet.rst
@@ -92,13 +92,9 @@ Offloading
the IPv4 ID is not sequentially incrementing it will be altered so that it is
when a frame assembled via GRO is segmented via GSO.
- .. warning:: Recent 1.3 rolling images also support XDP offloading which
- stands for eXpress Data Path in the Linux Kernel. You must enable it for
- every interface which should participate in the XDP forwarding.
-
- Enabling this feature will break any form of NAT or Firewalling on this
- interface, as XDP is handled way earlier in the driver then NfTables.
-
+.. cmdinclude:: /_include/interface-xdp.txt
+ :var0: ethernet
+ :var1: eth0
VLAN
====
@@ -269,3 +265,29 @@ Operation
Vendor SN : FNS092xxxxx
Date code : 0506xx
+.. stop_vyoslinter
+
+.. opcmd:: show interfaces ethernet <interface> xdp
+
+ Display XDP forwarding statistics
+
+ .. code-block:: none
+
+ vyos@vyos:~$ show interfaces ethernet eth1 xdp
+
+ Collecting stats from BPF map
+ - BPF map (bpf_map_type:6) id:176 name:xdp_stats_map key_size:4 value_size:16 max_entries:5
+ XDP-action
+ XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250340
+ XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250317
+ XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250314
+ XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313
+ XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313
+
+ XDP-action
+ XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000410
+ XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414
+ XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414
+ XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414
+ XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414
+
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst
index 0e4e9d74..2c273b34 100644
--- a/docs/configuration/interfaces/openvpn.rst
+++ b/docs/configuration/interfaces/openvpn.rst
@@ -317,16 +317,16 @@ commands:
vyos@vyos:/config/my-easy-rsa-config$./easyrsa revoke client1
vyos@vyos:/config/my-easy-rsa-config$ ./easyrsa gen-crl
-Copy the files to /config/auth/ovpn/ to use in OpenVPN tunnel creation
+Copy the files to /config/auth/openvpn/ to use in OpenVPN tunnel creation
.. code-block:: none
- vyos@vyos:/config/my-easy-rsa-config$ sudo mkdir /config/auth/ovpn
- vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/ca.crt /config/auth/ovpn
- vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/dh.pem /config/auth/ovpn
- vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/private/central.key /config/auth/ovpn
- vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/issued/central.crt /config/auth/ovpn
- vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/crl.pem /config/auth/ovpn
+ vyos@vyos:/config/my-easy-rsa-config$ sudo mkdir /config/auth/openvpn
+ vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/ca.crt /config/auth/openvpn
+ vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/dh.pem /config/auth/openvpn
+ vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/private/central.key /config/auth/openvpn
+ vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/issued/central.crt /config/auth/openvpn
+ vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/crl.pem /config/auth/openvpn
Additionally, each client needs a copy of ca.crt and its own client key and
cert files. The files are plaintext so they may be copied either manually,
@@ -336,7 +336,7 @@ For example, Branch 1's router might have the following files:
.. code-block:: none
- vyos@branch1-rtr:$ ls /config/auth/ovpn
+ vyos@branch1-rtr:$ ls /config/auth/openvpn
ca.crt branch1.crt branch1.key
Client Authentication
diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst
index 3b59d8ea..312a0df2 100644
--- a/docs/configuration/protocols/mpls.rst
+++ b/docs/configuration/protocols/mpls.rst
@@ -155,6 +155,12 @@ Configuration Options
the Dual-Stack capability TLV for IPv6 LDP communications. This is related to
:rfc:`7552`.
+.. cfgcmd:: set protocols mpls ldp parameters ordered-control
+
+ Use this command to use ordered label distribution control mode. FRR
+ by default uses independent label distribution control mode for label
+ distribution. This is related to :rfc:`5036`.
+
.. cfgcmd:: set protocols mpls ldp parameters transport-prefer-ipv4
Use this command to prefer IPv4 for TCP peer transport connection for LDP