diff options
| -rw-r--r-- | README.md | 5 | ||||
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/changelog/1.3.rst | 34 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 66 | ||||
| -rw-r--r-- | docs/configuration/interfaces/vxlan.rst | 32 | ||||
| -rw-r--r-- | docs/configuration/protocols/index.rst | 1 | ||||
| -rw-r--r-- | docs/configuration/protocols/pim6.rst | 94 |
7 files changed, 229 insertions, 3 deletions
@@ -29,7 +29,8 @@ largest. There are 88 of them, here's the ### Sphinx Debian requires some extra steps for -installing `sphinx`, `sphinx-autobuild` and `sphinx-rtd-theme` packages: +installing `sphinx`, `sphinx-autobuild`, `sphinx-notfound-page`, `sphinx-panels`, +`sphinx-rtd-theme`, `lxml`, and `myst-parser` packages: First ensure that Python 2 & Python 3 are installed and Python 3 is the default: ```bash @@ -58,7 +59,7 @@ python --version Then run: ```bash -sudo pip install sphinx-rtd-theme +sudo pip install sphinx-autobuild sphinx-notfound-page sphinx-panels sphinx-rtd-theme lxml myst-parser ``` Do the following to build the HTML and start a web server: diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject bbcf94bba674e4c001d9439439b8fd405f39501 +Subproject 6c3defcc1e5e89cd2c031fdaa0975737529d7d5 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 1c90609b..52b7d2f3 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,40 @@ _ext/releasenotes.py +2023-09-11 +========== + +* :vytask:`T5557` ``(bug): bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802`` +* :vytask:`T3424` ``(default): PPPoE IA-PD doesn't work in VRF`` + + +2023-09-10 +========== + +* :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)`` +* :vytask:`T5545` ``(bug): sflow is not working`` + + +2023-09-08 +========== + +* :vytask:`T4426` ``(default): Add arpwatch to the image`` + + +2023-09-05 +========== + +* :vytask:`T5524` ``(feature): Add config directory to liveCD`` +* :vytask:`T2958` ``(bug): DHCP server doesn't work from a live CD`` +* :vytask:`T5428` ``(bug): dhcp: client renewal fails when running inside VRF`` + + +2023-09-04 +========== + +* :vytask:`T5506` ``(bug): Container bridge interfaces do not have a link-local address`` + + 2023-08-31 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 64902a9c..f99c72bb 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,72 @@ _ext/releasenotes.py +2023-09-11 +========== + +* :vytask:`T3424` ``(default): PPPoE IA-PD doesn't work in VRF`` +* :vytask:`T2773` ``(feature): EIGRP support for VRF`` + + +2023-09-10 +========== + +* :vytask:`T5565` ``(bug): Builds as vyos-999-timestamp instead of vyos-1.4-rolling-timestamp`` +* :vytask:`T5555` ``(bug): Fix timezone migrator (system 13-to-14)`` +* :vytask:`T5529` ``(bug): Missing symbolic link in linux-firmware package.`` + + +2023-09-09 +========== + +* :vytask:`T5540` ``(bug): vyos-1x: Wrong VHT configuration for WiFi 802.11ac`` +* :vytask:`T5423` ``(bug): ipsec: no output for op-cmd "show vpn ike secrets"`` +* :vytask:`T3700` ``(feature): Support VLAN tunnel mapping of VLAN aware bridges`` + + +2023-09-08 +========== + +* :vytask:`T5502` ``(bug): Firewall - wrong parser for inbound and/or outbound interface`` +* :vytask:`T5460` ``(feature): Firewall - remove config-trap`` +* :vytask:`T5450` ``(feature): Firewall interface group - Allow inverted matcher`` +* :vytask:`T4426` ``(default): Add arpwatch to the image`` +* :vytask:`T4356` ``(bug): DHCP v6 client only supports single interface configuration`` + + +2023-09-07 +========== + +* :vytask:`T5489` ``(feature): Change to BBR as TCP congestion control, or at least make it an config option`` +* :vytask:`T5510` ``(feature): Shrink imagesize and improve read performance by changing mksquashfs syntax`` + + +2023-09-06 +========== + +* :vytask:`T5542` ``(bug): ipoe-server: external-dhcp(dhcp-relay) not woking / not implemented`` +* :vytask:`T5548` ``(bug): HAProxy renders timeouts incorrectly`` +* :vytask:`T5544` ``(feature): Allow CAP_SYS_MODULE to be set on containers`` + + +2023-09-05 +========== + +* :vytask:`T5524` ``(feature): Add config directory to liveCD`` +* :vytask:`T5519` ``(bug): Function `call` sometimes hangs`` +* :vytask:`T5508` ``(bug): Configuration Migration Fails to New Netfilter Firewall Syntax`` +* :vytask:`T5495` ``(feature): Enable snmp module also for frr/ldpd`` +* :vytask:`T2958` ``(bug): DHCP server doesn't work from a live CD`` +* :vytask:`T5428` ``(bug): dhcp: client renewal fails when running inside VRF`` + + +2023-09-04 +========== + +* :vytask:`T5536` ``(bug): show dhcp client leases caues No module named 'vyos.validate'`` +* :vytask:`T5506` ``(bug): Container bridge interfaces do not have a link-local address`` + + 2023-09-03 ========== diff --git a/docs/configuration/interfaces/vxlan.rst b/docs/configuration/interfaces/vxlan.rst index 86568686..2cb0b2f1 100644 --- a/docs/configuration/interfaces/vxlan.rst +++ b/docs/configuration/interfaces/vxlan.rst @@ -132,6 +132,36 @@ For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this. +Single VXLAN device (SVD) +========================= + +FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when +working with the Linux kernel. In this new way, the mapping of a VLAN to a +:abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured +against a container VXLAN interface which is referred to as a +:abbr:`SVD (Single VXLAN device)`. + +Multiple VLAN to VNI mappings can be configured against the same SVD. This +allows for a significant scaling of the number of VNIs since a separate VXLAN +interface is no longer required for each VNI. + +.. cfgcmd:: set interfaces vxlan <interface> vlan-to-vni <vlan> vni <vni> + + Maps the VNI to the specified VLAN id. The VLAN can then be consumed by + a bridge. + + Sample configuration of SVD with VLAN to VNI mappings is shown below. + + .. code-block:: none + + set interfaces bridge br0 member interface vxlan0 + set interfaces vxlan vxlan0 external + set interfaces vxlan vxlan0 source-interface 'dum0' + set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' + set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' + set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' + set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031' + Example ------- @@ -252,7 +282,7 @@ advertised. set interfaces bridge br241 member interface 'eth1.241' set interfaces bridge br241 member interface 'vxlan241' -Binds eth1.241 and vxlan241 to each other by making them both member +Binds eth1.241 and vxlan241 to each other by making them both member interfaces of the same bridge. .. code-block:: none diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst index 29dc230f..237608a1 100644 --- a/docs/configuration/protocols/index.rst +++ b/docs/configuration/protocols/index.rst @@ -16,6 +16,7 @@ Protocols mpls segment-routing ospf + pim6 rip rpki static diff --git a/docs/configuration/protocols/pim6.rst b/docs/configuration/protocols/pim6.rst new file mode 100644 index 00000000..1d316cfb --- /dev/null +++ b/docs/configuration/protocols/pim6.rst @@ -0,0 +1,94 @@ +.. _pim6: + +############## +IPv6 Multicast +############## + +VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**. + +PIMv6 (Protocol Independent Multicast for IPv6) must be configured in every +interface of every participating router. Every router must also have the +location of the Rendevouz Point manually configured. +Then, unidirectional shared trees rooted at the Rendevouz Point will +automatically be built for multicast distribution. + +Traffic from multicast sources will go to the Rendezvous Point, and receivers +will pull it from a shared tree using MLD (Multicast Listener Discovery). + +Multicast receivers will talk MLD to their local router, so, besides having +PIMv6 configured in every router, MLD must also be configured in any router +where there could be a multicast receiver locally connected. + +VyOS supports both MLD version 1 and version 2 +(which allows source-specific multicast). + +Basic commands +============== +These are the commands for a basic setup. + +.. cfgcmd:: set protocols pim6 interface <interface-name> + + Use this command to enable PIMv6 in the selected interface so that it + can communicate with PIMv6 neighbors. This command also enables MLD reports + and query on the interface unless :cfgcmd:`mld disable` is configured. + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld disable + + Disable MLD reports and query on the interface. + + +Tuning commands +=============== +You can also tune multicast with the following commands. + + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld interval <seconds> + + Use this command to configure in the selected interface the MLD + host query interval (1-65535) in seconds that PIM will use. + The default value is 125 seconds. + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld join <multicast-address> + + Use this command to allow the selected interface to join a multicast group. + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld join <multicast-address> source <source-address> + + Use this command to allow the selected interface to join a source-specific multicast + group. + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld last-member-query-count <count> + + Set the MLD last member query count. The default value is 2. + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld last-member-query-interval <milliseconds> + + Set the MLD last member query interval in milliseconds (100-6553500). The default value is 1000 milliseconds. + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld max-response-time <milliseconds> + + Set the MLD query response timeout in milliseconds (100-6553500). The default value is 10000 milliseconds. + +.. cfgcmd:: set protocols pim6 interface <interface-name> mld version <version-number> + + Set the MLD version used on this interface. The default value is 2. + +********************* +Configuration Example +********************* + +To enable MLD reports and query on interfaces `eth0` and `eth1`: + +.. code-block:: none + + set protocols pim6 interface eth0 + set protocols pim6 interface eth1 + +The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` +and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface +`eth1`: + +.. code-block:: none + + set protocols pim6 interface eth0 mld join ff15::1234 + set protocols pim6 interface eth1 mld join ff15::5678 source 2001:db8::1 |