summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/appendix/vyos-on-clouds.rst7
-rw-r--r--docs/qos.rst85
-rw-r--r--docs/system/flow-accounting.rst4
-rw-r--r--docs/vpn/wireguard.rst2
4 files changed, 57 insertions, 41 deletions
diff --git a/docs/appendix/vyos-on-clouds.rst b/docs/appendix/vyos-on-clouds.rst
index 7fbd1b04..33b7011e 100644
--- a/docs/appendix/vyos-on-clouds.rst
+++ b/docs/appendix/vyos-on-clouds.rst
@@ -98,6 +98,13 @@ Deploy VyOS on Azure.
ssh -i ~/.ssh/vyos_azure vyos@203.0.113.3
vyos@vyos-doc-r1:~$
+Add interface
+-------------
+
+If instance was deployed with one **eth0** ``WAN`` interface and want to add new one.
+To add new interface an example **eth1** ``LAN`` you need shutdown the instance. Attach the interface in the Azure portal and then start the instance.
+
+.. NOTE:: Azure does not allow you attach interface when the instance in the **Running** state.
References
----------
diff --git a/docs/qos.rst b/docs/qos.rst
index c0266461..a4e56665 100644
--- a/docs/qos.rst
+++ b/docs/qos.rst
@@ -1029,7 +1029,7 @@ the higher the priority.
Use this command to configure a Shaper policy, set its name, define
a class and set the size of the `tocken bucket`_ in bytes, which will
- be available to be sent at maximum speed (default: 15Kb).
+ be available to be sent at ceiling speed (default: 15Kb).
.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> ceiling <bandwidth>
@@ -1083,6 +1083,12 @@ parameters.
+.. note:: If you configure a class for **VoIP traffic**, don't give it any
+ *ceiling*, otherwise new VoIP calls could start when there is available
+ bandwidth and get suddenly dropped when other classes start using
+ their bandwidth.
+
+
Example
^^^^^^^
@@ -1092,14 +1098,12 @@ A simple example of Shaper using priorities.
.. code-block:: none
set traffic-policy shaper MY-HTB bandwidth '50mbit'
- set traffic-policy shaper MY-HTB class 10 bandwidth '10%'
- set traffic-policy shaper MY-HTB class 10 ceiling '15%'
- set traffic-policy shaper MY-HTB class 10 match ADDRESS10 ip source address '192.168.10.0/24'
- set traffic-policy shaper MY-HTB class 10 priority '0'
- set traffic-policy shaper MY-HTB class 10 queue-type 'fair-queue'
+ set traffic-policy shaper MY-HTB class 10 bandwidth '20%'
+ set traffic-policy shaper MY-HTB class 10 match DSCP ip dscp 'EF'
+ set traffic-policy shaper MY-HTB class 10 queue-type 'fq-codel'
set traffic-policy shaper MY-HTB class 20 bandwidth '10%'
set traffic-policy shaper MY-HTB class 20 ceiling '50%'
- set traffic-policy shaper MY-HTB class 20 match ADDRESS20 ip source address '192.168.20.0/24'
+ set traffic-policy shaper MY-HTB class 20 match PORT666 ip destination port '666'
set traffic-policy shaper MY-HTB class 20 priority '3'
set traffic-policy shaper MY-HTB class 20 queue-type 'fair-queue'
set traffic-policy shaper MY-HTB class 30 bandwidth '10%'
@@ -1111,7 +1115,42 @@ A simple example of Shaper using priorities.
set traffic-policy shaper MY-HTB default ceiling '100%'
set traffic-policy shaper MY-HTB default priority '7'
set traffic-policy shaper MY-HTB default queue-type 'fair-queue'
-
+
+
+Applying a traffic policy
+=========================
+
+Once a traffic-policy is created, you can apply it to an interface:
+
+.. code-block:: none
+
+ set interfaces etherhet eth0 traffic-policy out WAN-OUT
+
+You can only apply one policy per interface and direction, but you could
+reuse a policy on different interfaces and directions:
+
+.. code-block:: none
+
+ set interfaces ethernet eth0 traffic-policy in WAN-IN
+ set interfaces etherhet eth0 traffic-policy out WAN-OUT
+ set interfaces etherhet eth1 traffic-policy in LAN-IN
+ set interfaces etherhet eth1 traffic-policy out LAN-OUT
+ set interfaces ethernet eth2 traffic-policy in LAN-IN
+ set interfaces ethernet eth2 traffic-policy out LAN-OUT
+ set interfaces etherhet eth3 traffic-policy in TWO-WAY-POLICY
+ set interfaces etherhet eth3 traffic-policy out TWO-WAY-POLICY
+ set interfaces etherhet eth4 traffic-policy in TWO-WAY-POLICY
+ set interfaces etherhet eth4 traffic-policy out TWO-WAY-POLICY
+
+Getting queueing information
+----------------------------
+
+.. opcmd:: show queueing <interface-type> <interface-name>
+
+ Use this command to see the queueing information for an interface.
+ You will be able to see a packet counter (Sent, Dropped, Overlimit
+ and Backlog) per policy and class configured.
+
.. _ingress-shaping:
@@ -1146,36 +1185,6 @@ That is how it is possible to do the so-called "ingress shaping".
-Applying a traffic policy
-=========================
-
-Once a traffic-policy is created, you can apply it to an interface:
-
-.. code-block:: none
-
- set interfaces etherhet eth0 traffic-policy out WAN-OUT
-
-You can only apply one policy per interface and direction, but you can
-have several policies working at the same time:
-
-.. code-block:: none
-
- set interfaces ethernet eth0 traffic-policy in WAN-IN
- set interfaces etherhet eth0 traffic-policy out WAN-OUT
- set interfaces etherhet eth1 traffic-policy out WAN-OUT
- set interfaces ethernet eth2 traffic-policy out LAN-IN
- set interfaces ethernet eth2 traffic-policy out LAN-OUT
-
-
-Getting queueing information
-----------------------------
-
-.. opcmd:: show queueing <interface-type> <interface-name>
-
- Use this command to see the queueing information for an interface.
- You will be able to see a packet counter (Sent, Dropped, Overlimit
- and Backlog) per policy and class configured.
-
.. _that can give you a great deal of flexibility: https://blog.vyos.io/using-the-policy-route-and-packet-marking-for-custom-qos-matches
.. _tc: https://en.wikipedia.org/wiki/Tc_(Linux)
diff --git a/docs/system/flow-accounting.rst b/docs/system/flow-accounting.rst
index 64c20dcf..f09c1c9a 100644
--- a/docs/system/flow-accounting.rst
+++ b/docs/system/flow-accounting.rst
@@ -39,8 +39,8 @@ NetFlow is usually enabled on a per-interface basis to limit load on the router
components involved in NetFlow, or to limit the amount of NetFlow records
exported.
-Configururation
-===============
+Configuration
+=============
In order for flow accounting information to be collected and displayed for an
interface, the interface must be configured for flow accounting.
diff --git a/docs/vpn/wireguard.rst b/docs/vpn/wireguard.rst
index 0bf53159..3580fac3 100644
--- a/docs/vpn/wireguard.rst
+++ b/docs/vpn/wireguard.rst
@@ -74,7 +74,7 @@ one.
set interfaces wireguard wg01 address '10.1.0.1/24'
set interfaces wireguard wg01 description 'VPN-to-wg02'
set interfaces wireguard wg01 peer to-wg02 allowed-ips '10.2.0.0/24'
- set interfaces wireguard wg01 peer to-wg02 address '192.168.0.142:12345'
+ set interfaces wireguard wg01 peer to-wg02 address '192.168.0.142'
set interfaces wireguard wg01 peer to-wg02 port '12345'
set interfaces wireguard wg01 peer to-wg02 pubkey 'XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI='
set interfaces wireguard wg01 port '12345'