diff options
-rw-r--r-- | docs/appendix/vyos-on-clouds.rst | 7 | ||||
-rw-r--r-- | docs/qos.rst | 85 | ||||
-rw-r--r-- | docs/system/flow-accounting.rst | 4 | ||||
-rw-r--r-- | docs/vpn/wireguard.rst | 2 |
4 files changed, 57 insertions, 41 deletions
diff --git a/docs/appendix/vyos-on-clouds.rst b/docs/appendix/vyos-on-clouds.rst index 7fbd1b04..33b7011e 100644 --- a/docs/appendix/vyos-on-clouds.rst +++ b/docs/appendix/vyos-on-clouds.rst @@ -98,6 +98,13 @@ Deploy VyOS on Azure. ssh -i ~/.ssh/vyos_azure vyos@203.0.113.3 vyos@vyos-doc-r1:~$ +Add interface +------------- + +If instance was deployed with one **eth0** ``WAN`` interface and want to add new one. +To add new interface an example **eth1** ``LAN`` you need shutdown the instance. Attach the interface in the Azure portal and then start the instance. + +.. NOTE:: Azure does not allow you attach interface when the instance in the **Running** state. References ---------- diff --git a/docs/qos.rst b/docs/qos.rst index c0266461..a4e56665 100644 --- a/docs/qos.rst +++ b/docs/qos.rst @@ -1029,7 +1029,7 @@ the higher the priority. Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will - be available to be sent at maximum speed (default: 15Kb). + be available to be sent at ceiling speed (default: 15Kb). .. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> ceiling <bandwidth> @@ -1083,6 +1083,12 @@ parameters. +.. note:: If you configure a class for **VoIP traffic**, don't give it any + *ceiling*, otherwise new VoIP calls could start when there is available + bandwidth and get suddenly dropped when other classes start using + their bandwidth. + + Example ^^^^^^^ @@ -1092,14 +1098,12 @@ A simple example of Shaper using priorities. .. code-block:: none set traffic-policy shaper MY-HTB bandwidth '50mbit' - set traffic-policy shaper MY-HTB class 10 bandwidth '10%' - set traffic-policy shaper MY-HTB class 10 ceiling '15%' - set traffic-policy shaper MY-HTB class 10 match ADDRESS10 ip source address '192.168.10.0/24' - set traffic-policy shaper MY-HTB class 10 priority '0' - set traffic-policy shaper MY-HTB class 10 queue-type 'fair-queue' + set traffic-policy shaper MY-HTB class 10 bandwidth '20%' + set traffic-policy shaper MY-HTB class 10 match DSCP ip dscp 'EF' + set traffic-policy shaper MY-HTB class 10 queue-type 'fq-codel' set traffic-policy shaper MY-HTB class 20 bandwidth '10%' set traffic-policy shaper MY-HTB class 20 ceiling '50%' - set traffic-policy shaper MY-HTB class 20 match ADDRESS20 ip source address '192.168.20.0/24' + set traffic-policy shaper MY-HTB class 20 match PORT666 ip destination port '666' set traffic-policy shaper MY-HTB class 20 priority '3' set traffic-policy shaper MY-HTB class 20 queue-type 'fair-queue' set traffic-policy shaper MY-HTB class 30 bandwidth '10%' @@ -1111,7 +1115,42 @@ A simple example of Shaper using priorities. set traffic-policy shaper MY-HTB default ceiling '100%' set traffic-policy shaper MY-HTB default priority '7' set traffic-policy shaper MY-HTB default queue-type 'fair-queue' - + + +Applying a traffic policy +========================= + +Once a traffic-policy is created, you can apply it to an interface: + +.. code-block:: none + + set interfaces etherhet eth0 traffic-policy out WAN-OUT + +You can only apply one policy per interface and direction, but you could +reuse a policy on different interfaces and directions: + +.. code-block:: none + + set interfaces ethernet eth0 traffic-policy in WAN-IN + set interfaces etherhet eth0 traffic-policy out WAN-OUT + set interfaces etherhet eth1 traffic-policy in LAN-IN + set interfaces etherhet eth1 traffic-policy out LAN-OUT + set interfaces ethernet eth2 traffic-policy in LAN-IN + set interfaces ethernet eth2 traffic-policy out LAN-OUT + set interfaces etherhet eth3 traffic-policy in TWO-WAY-POLICY + set interfaces etherhet eth3 traffic-policy out TWO-WAY-POLICY + set interfaces etherhet eth4 traffic-policy in TWO-WAY-POLICY + set interfaces etherhet eth4 traffic-policy out TWO-WAY-POLICY + +Getting queueing information +---------------------------- + +.. opcmd:: show queueing <interface-type> <interface-name> + + Use this command to see the queueing information for an interface. + You will be able to see a packet counter (Sent, Dropped, Overlimit + and Backlog) per policy and class configured. + .. _ingress-shaping: @@ -1146,36 +1185,6 @@ That is how it is possible to do the so-called "ingress shaping". -Applying a traffic policy -========================= - -Once a traffic-policy is created, you can apply it to an interface: - -.. code-block:: none - - set interfaces etherhet eth0 traffic-policy out WAN-OUT - -You can only apply one policy per interface and direction, but you can -have several policies working at the same time: - -.. code-block:: none - - set interfaces ethernet eth0 traffic-policy in WAN-IN - set interfaces etherhet eth0 traffic-policy out WAN-OUT - set interfaces etherhet eth1 traffic-policy out WAN-OUT - set interfaces ethernet eth2 traffic-policy out LAN-IN - set interfaces ethernet eth2 traffic-policy out LAN-OUT - - -Getting queueing information ----------------------------- - -.. opcmd:: show queueing <interface-type> <interface-name> - - Use this command to see the queueing information for an interface. - You will be able to see a packet counter (Sent, Dropped, Overlimit - and Backlog) per policy and class configured. - .. _that can give you a great deal of flexibility: https://blog.vyos.io/using-the-policy-route-and-packet-marking-for-custom-qos-matches .. _tc: https://en.wikipedia.org/wiki/Tc_(Linux) diff --git a/docs/system/flow-accounting.rst b/docs/system/flow-accounting.rst index 64c20dcf..f09c1c9a 100644 --- a/docs/system/flow-accounting.rst +++ b/docs/system/flow-accounting.rst @@ -39,8 +39,8 @@ NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported. -Configururation -=============== +Configuration +============= In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting. diff --git a/docs/vpn/wireguard.rst b/docs/vpn/wireguard.rst index 0bf53159..3580fac3 100644 --- a/docs/vpn/wireguard.rst +++ b/docs/vpn/wireguard.rst @@ -74,7 +74,7 @@ one. set interfaces wireguard wg01 address '10.1.0.1/24' set interfaces wireguard wg01 description 'VPN-to-wg02' set interfaces wireguard wg01 peer to-wg02 allowed-ips '10.2.0.0/24' - set interfaces wireguard wg01 peer to-wg02 address '192.168.0.142:12345' + set interfaces wireguard wg01 peer to-wg02 address '192.168.0.142' set interfaces wireguard wg01 peer to-wg02 port '12345' set interfaces wireguard wg01 peer to-wg02 pubkey 'XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI=' set interfaces wireguard wg01 port '12345' |