diff options
| -rw-r--r-- | docs/_static/images/Wan_load_balancing1.png | bin | 0 -> 373848 bytes | |||
| -rw-r--r-- | docs/_static/images/Wan_load_balancing_exclude1.png | bin | 0 -> 382563 bytes | |||
| -rw-r--r-- | docs/appendix/examples/index.rst | 1 | ||||
| -rw-r--r-- | docs/appendix/examples/wan-load-balancing.rst | 170 | ||||
| -rw-r--r-- | docs/install.rst | 6 | ||||
| -rw-r--r-- | docs/system/config-management.rst | 32 | ||||
| -rw-r--r-- | docs/system/index.rst | 2 | ||||
| -rw-r--r-- | docs/system/system-dns.rst | 68 |
8 files changed, 243 insertions, 36 deletions
diff --git a/docs/_static/images/Wan_load_balancing1.png b/docs/_static/images/Wan_load_balancing1.png Binary files differnew file mode 100644 index 00000000..bde1edb6 --- /dev/null +++ b/docs/_static/images/Wan_load_balancing1.png diff --git a/docs/_static/images/Wan_load_balancing_exclude1.png b/docs/_static/images/Wan_load_balancing_exclude1.png Binary files differnew file mode 100644 index 00000000..1111535d --- /dev/null +++ b/docs/_static/images/Wan_load_balancing_exclude1.png diff --git a/docs/appendix/examples/index.rst b/docs/appendix/examples/index.rst index 0f340872..5216b18f 100644 --- a/docs/appendix/examples/index.rst +++ b/docs/appendix/examples/index.rst @@ -17,3 +17,4 @@ This chapter contains various configuration Examples azure-vpn-dual-bgp tunnelbroker-ipv6 dhcp-relay-through-gre-bridge + wan-load-balancing diff --git a/docs/appendix/examples/wan-load-balancing.rst b/docs/appendix/examples/wan-load-balancing.rst new file mode 100644 index 00000000..7093defe --- /dev/null +++ b/docs/appendix/examples/wan-load-balancing.rst @@ -0,0 +1,170 @@ +.. _wan-load-balancing: + +WAN Load Balancer examples +========================== + + +Example 1: Distributing load evenly +----------------------------------- + +The setup used in this example is shown in the following diagram: + +.. image:: /_static/images/Wan_load_balancing1.png + :width: 80% + :align: center + :alt: Network Topology Diagram + + +Overview +^^^^^^^^ + * All traffic coming in trough eth2 is balanced between eth0 and eth1 + on the router. + * Pings will be sent to four targets for health testing (33.44.55.66, + 44.55.66.77, 55.66.77.88 and 66.77.88.99). + * All outgoing packets are assigned the source address of the assigned + interface (SNAT). + * eth0 is set to be removed from the load balancer's interface pool + after 5 ping failures, eth1 will be removed after 4 ping failures. + +Create static routes to ping targets +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Create static routes through the two ISPs towards the ping targets and +commit the changes: + +.. code-block:: none + + set protocols static route 33.44.55.66/32 next-hop 11.22.33.1 + set protocols static route 44.55.66.77/32 next-hop 11.22.33.1 + set protocols static route 55.66.77.88/32 next-hop 22.33.44.1 + set protocols static route 66.77.88.99/32 next-hop 22.33.44.1 + +Configure the load balancer +^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Configure the WAN load balancer with the parameters described above: + +.. code-block:: none + + set load-balancing wan interface-health eth0 failure-count 5 + set load-balancing wan interface-health eth0 nexthop 11.22.33.1 + set load-balancing wan interface-health eth0 test 10 type ping + set load-balancing wan interface-health eth0 test 10 target 33.44.55.66 + set load-balancing wan interface-health eth0 test 20 type ping + set load-balancing wan interface-health eth0 test 20 target 44.55.66.77 + set load-balancing wan interface-health eth1 failure-count 4 + set load-balancing wan interface-health eth1 nexthop 22.33.44.1 + set load-balancing wan interface-health eth1 test 10 type ping + set load-balancing wan interface-health eth1 test 10 target 55.66.77.88 + set load-balancing wan interface-health eth1 test 20 type ping + set load-balancing wan interface-health eth1 test 20 target 66.77.88.99 + set load-balancing wan rule 10 inbound-interface eth2 + set load-balancing wan rule 10 interface eth0 + set load-balancing wan rule 10 interface eth1 + +Example 2: Failover based on interface weights +---------------------------------------------- + +This examples uses the failover mode. + +Overview +^^^^^^^^ +In this example eth0 is the primary interface and eth1 is the secondary +interface to provide simple failover functionality. If eth0 fails, eth1 +takes over. + +Create interface weight based configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The configuration steps are the same as in the previous example, except +rule 10 so we keep the configuration, remove rule 10 and add a new rule +for the failover mode: + +.. code-block:: none + + delete load-balancing wan rule 10 + set load-balancing wan rule 10 failover + set load-balancing wan rule 10 inbound-interface eth2 + set load-balancing wan rule 10 interface eth0 weight 10 + set load-balancing wan rule 10 interface eth1 weight 1 + +Example 3: Failover based on rule order +--------------------------------------- + +The previous example used the failover command to send traffic thorugh +eth1 if eth0 fails. In this example failover functionality is provided +by rule order. + +Overview +^^^^^^^^ +Two rules will be created, the first rule directs traffic coming in +from eth2 to eth0 and the second rule directs the traffic to eth1. If +eth0 fails the first rule is bypassed and the second rule matches, +directing traffic to eth1. + +Create rule order based configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +We keep the configurtation from the previous example, delete rule 10 +and create the two new rules as described: + +.. code-block:: none + + delete load-balancing wan rule 10 + set load-balancing wan rule 10 inbound-interface eth2 + set load-balancing wan rule 10 interface eth0 + set load-balancing wan rule 20 inbound-interface eth2 + set load-balancing wan rule 20 interface eth1 + +Example 4: Failover based on rule order - priority traffic +---------------------------------------------------------- + +A rule order for prioritising traffic is useful in scenarios where the +secondary link has a lower speed and should only carry high priority +traffic. It is assumed for this example that eth1 is connected to a +slower connection than eth0 and should prioritise VoIP traffic. + +Overview +^^^^^^^^ +A rule order for prioritising traffic is useful in scenarios where the +secondary link has a lower speed and should only carry high priority +traffic. It is assumed for this example that eth1 is connected to a +slower connection than eth0 and should prioritise VoIP traffic. + +Create rule order based configuration with low speed secondary link +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +We keep the configuration from the previous example, delete rule 20 and +create a new rule as described: + +.. code-block:: none + + delete load-balancing wan rule 20 + set load-balancing wan rule 20 inbound-interface eth2 + set load-balancing wan rule 20 interface eth1 + set load-balancing wan rule 20 destination port sip + set load-balancing wan rule 20 protocol tcp + set protocols static route 0.0.0.0/0 next-hop 11.22.33.1 + +Example 5: Exclude traffic from load balancing +---------------------------------------------- + +In this example two LAN interfaces exist in different subnets instead +of one like in the previous examples: + +.. image:: /_static/images/Wan_load_balancing_exclude1.png + :width: 80% + :align: center + :alt: Network Topology Diagram + +Adding a rule for the second interface +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Based on the previous example, another rule for traffic from the second +interface eth3 can be added to the load balancer. However, traffic meant +to flow between the LAN subnets will be sent to eth0 and eth1 as well. +To prevent this, another rule is required. This rule excludes traffic +between the local subnets from the load balancer. It also excludes +locally-sources packets (required for web caching with load balancing). +eth+ is used as an alias that refers to all ethernet interfaces: + +.. code-block:: none + + set load-balancing wan rule 5 exclude + set load-balancing wan rule 5 inbound-interface eth+ + set load-balancing wan rule 5 destination address 10.0.0.0/8 diff --git a/docs/install.rst b/docs/install.rst index a0455404..87be9561 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -47,7 +47,7 @@ https://downloads.vyos.io/ .. note:: Rolling releases contain all the latest enhancements and fixes. This means that there will be new bugs of course. If you think you hit a bug - please follow the guide at :ref:`bug_report`. To improve VyOS we depend on + please follow the guide at :ref:`issues_features`. To improve VyOS we depend on your feedback! The following link will always fetch the most recent VyOS build for AMD64 @@ -347,8 +347,8 @@ installation method which allows deploying VyOS through the network. **Requirements** * Clients (where VyOS is to be installed) with a PXE-enabled NIC -* :ref:`dhcp-server` -* :ref:`tftp-server` +* DHCP Server +* TFTP Server * Webserver (HTTP) - optional, but we will use it to speed up installation * VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3) * Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_ diff --git a/docs/system/config-management.rst b/docs/system/config-management.rst deleted file mode 100644 index b8c1d309..00000000 --- a/docs/system/config-management.rst +++ /dev/null @@ -1,32 +0,0 @@ -.. _config-management: - -######################## -Configuration Management -######################## - -VyOS comes with an integrated versioning system for the system configuration. -The configurations are versioned locally for rollback but they can also be -stored on a remote host for archiving/backup reasons. - -.. cfgcmd:: set system config-management commit-revisions <number> - -Change the number of commit revisions to `<number>`, the default setting for -this value is to store 20 revisions locally. - - -.. cfgcmd:: set system config-management commit-archive location '<url>' - -If you want to save all config changes to a remote destination. Set the -commit-archive location. Every time a commit is successfully the ``config.boot`` -file will be copied to the defined destination(s). The filename used on the -remote host used will be: ``config.boot-hostname.YYYYMMDD_HHMMSS`` - -Destinations will be configured as any of the below :abbr:`URI (Uniform -Resource Identifier)` - -* ``scp://<user>:<passwd>@<host>/<dir>`` -* ``sftp://<user>:<passwd>@<host>/<dir>`` -* ``ftp://<user>:<passwd>@<host>/<dir>`` -* ``tftp://<host>/<dir>`` - -.. note:: The number of revisions don't effect the commit-archive.
\ No newline at end of file diff --git a/docs/system/index.rst b/docs/system/index.rst index 0a51e23c..a0d470aa 100644 --- a/docs/system/index.rst +++ b/docs/system/index.rst @@ -11,7 +11,6 @@ should be ready for further configuration which is described in this chapter. :maxdepth: 2 :hidden: - config-management eventhandler flowaccounting host-information @@ -20,6 +19,7 @@ should be ready for further configuration which is described in this chapter. proxy serialconsole syslog + system-dns task-scheduler time-zone boot-options diff --git a/docs/system/system-dns.rst b/docs/system/system-dns.rst new file mode 100644 index 00000000..70848f6d --- /dev/null +++ b/docs/system/system-dns.rst @@ -0,0 +1,68 @@ +.. _system-dns: + +########## +System DNS +########## + + +This section describes configuring DNS on the system, namely: + + * DNS name servers + * Domain search order + + +DNS name servers +================ + +.. cfgcmd:: set system name-server <address> + + Use this command to specify a DNS server for the system to be used + for DNS lookups. More than one DNS server can be added, configuring + one at a time. Both IPv4 and IPv6 addresses are supported. + + + +Example +------- + +In this example, some *OpenNIC* servers are used, two IPv4 addresses +and two IPv6 addresses: + + +.. code-block:: none + + set system name-server 176.9.37.132 + set system name-server 195.10.195.195 + set system name-server 2a01:4f8:161:3441::1 + set system name-server 2a00:f826:8:2::195 + + +Domain search order +=================== + +In order for the system to use and complete unqualified host names, a +list can be defined which will be used for domain searches. + + +.. cfgcmd:: set system domain-search domain <domain> + + Use this command to define domains, one at a time, so that the system + uses them to complete unqualified host names. Maximum: 6 entries. + + +.. note:: Domain names can include letters, numbers, hyphens and periods + with a maximum length of 253 characters. + + +Example +------- + +The system is configured to attempt domain completion in the following +order: vyos.io (first), vyos.net (second) and vyos.network (last): + + +.. code-block:: none + + set system domain-search domain vyos.io + set system domain-search domain vyos.net + set system domain-search domain vyos.network |
