diff options
m--------- | docs/_include/vyos-1x | 0 | ||||
-rw-r--r-- | docs/changelog/1.3.rst | 12 | ||||
-rw-r--r-- | docs/changelog/1.4.rst | 22 | ||||
-rw-r--r-- | docs/configuration/highavailability/index.rst | 59 | ||||
-rw-r--r-- | docs/configuration/service/dhcp-relay.rst | 33 | ||||
-rw-r--r-- | docs/configuration/service/dhcp-server.rst | 2 |
6 files changed, 123 insertions, 5 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 6eea12512e59cc28f5c2e5ca5ec7e9e7b21731d +Subproject 2622902ac76bc1c3356bb722f63e931119f3eb0 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index dfb4917e..1f3fa6e8 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,18 @@ _ext/releasenotes.py +2023-02-01 +========== + +* :vytask:`T4970` (default): pin OCaml pcre package to avoid JIT support + + +2023-01-30 +========== + +* :vytask:`T4954` (bug): DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init + + 2023-01-24 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index a1687f87..274c302f 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,28 @@ _ext/releasenotes.py +2023-02-01 +========== + +* :vytask:`T4970` (default): pin OCaml pcre package to avoid JIT support + + +2023-01-31 +========== + +* :vytask:`T4964` (bug): FRR bgp address-family l2vpn-evpn route-target export/import not working +* :vytask:`T4780` (feature): Firewall - Add interface group +* :vytask:`T4157` (default): Add jinja2 to pip test requirements + + +2023-01-30 +========== + +* :vytask:`T4958` (feature): Add OpenConnect RADIUS Accounting support +* :vytask:`T4954` (bug): DNS cannot be configured via Network-Config v1 received from ConfigDrive / Cloud-Init +* :vytask:`T4118` (default): IPsec syntax overhaul + + 2023-01-29 ========== diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst index 9150b1bd..bc8aad99 100644 --- a/docs/configuration/highavailability/index.rst +++ b/docs/configuration/highavailability/index.rst @@ -357,6 +357,21 @@ Forward method set high-availability virtual-server 203.0.113.1 forward-method 'nat' +Health-check +^^^^^^^^^^^^ +Custom health-check script allows checking real-server availability + +.. code-block:: none + + set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script <path-to-script> + +Fwmark +^^^^^^ +Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value + +.. code-block:: none + + set high-availability virtual-server 203.0.113.1 fwmark '111' Real server ^^^^^^^^^^^ @@ -395,3 +410,47 @@ Real server is auto-excluded if port check with this server fail. set high-availability virtual-server 203.0.113.1 protocol 'tcp' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '80' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.12 port '80' + + +A firewall mark ``fwmark`` allows using multiple ports for high-availability +virtual-server. +It uses fwmark value. + +In this example all traffic destined to ports "80, 2222, 8888" protocol TCP +marks to fwmark "111" and balanced between 2 real servers. +Port "0" is required if multiple ports are used. + +.. code-block:: none + + set interfaces ethernet eth0 address 'dhcp' + set interfaces ethernet eth0 description 'WAN' + set interfaces ethernet eth1 address '192.0.2.1/24' + set interfaces ethernet eth1 description 'LAN' + + set policy route PR interface 'eth0' + set policy route PR rule 10 destination port '80,2222,8888' + set policy route PR rule 10 protocol 'tcp' + set policy route PR rule 10 set mark '111' + + set high-availability virtual-server vyos fwmark '111' + set high-availability virtual-server vyos protocol 'tcp' + set high-availability virtual-server vyos real-server 192.0.2.11 health-check script '/config/scripts/check-real-server-first.sh' + set high-availability virtual-server vyos real-server 192.0.2.11 port '0' + set high-availability virtual-server vyos real-server 192.0.2.12 health-check script '/config/scripts/check-real-server-second.sh' + set high-availability virtual-server vyos real-server 192.0.2.12 port '0' + + set nat source rule 100 outbound-interface 'eth0' + set nat source rule 100 source address '192.0.2.0/24' + set nat source rule 100 translation address 'masquerade' + +Op-mode check virtual-server status + +.. code-block:: none + + vyos@r14:~$ run show virtual-server + IP Virtual Server version 1.2.1 (size=4096) + Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn + FWM 111 lc persistent 300 + -> 192.0.2.11:0 Masq 1 0 0 + -> 192.0.2.12:0 Masq 1 1 0 diff --git a/docs/configuration/service/dhcp-relay.rst b/docs/configuration/service/dhcp-relay.rst index a93c1046..43abf254 100644 --- a/docs/configuration/service/dhcp-relay.rst +++ b/docs/configuration/service/dhcp-relay.rst @@ -20,8 +20,20 @@ Configuration .. cfgcmd:: set service dhcp-relay interface <interface> - Interfaces that participate in the DHCP relay process, including the uplink - to the DHCP server. + Interfaces that participate in the DHCP relay process. If this command is + used, at least two entries of it are required: one for the interface that + captures the dhcp-requests, and one for the interface to forward such + requests. A warning message will be shown if this command is used, since + new implementations should use ``listen-interface`` and + ``upstream-interface``. + +.. cfgcmd:: set service dhcp-relay listen-interface <interface> + + Interface for DHCP Relay Agent to listen for requests. + +.. cfgcmd:: set service dhcp-relay upstream-interface <interface> + + Interface for DHCP Relay Agent to forward requests out. .. cfgcmd:: set service dhcp-relay server <server> @@ -70,8 +82,8 @@ Example * Listen for DHCP requests on interface ``eth1``. * DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``. -* Router receives DHCP client requests on ``eth1`` and relays them to the server - at 10.0.1.4 on ``eth2``. +* Router receives DHCP client requests on ``eth1`` and relays them to the + server at 10.0.1.4 on ``eth2``. .. figure:: /_static/images/service_dhcp-relay01.png :scale: 80 % @@ -84,6 +96,19 @@ The generated configuration will look like: .. code-block:: none show service dhcp-relay + listen-interface eth1 + upstrem-interface eth2 + server 10.0.1.4 + relay-options { + relay-agents-packets discard + } + +Also, for backwards compatibility this configuration, which uses generic +interface definition, is still valid: + +.. code-block:: none + + show service dhcp-relay interface eth1 interface eth2 server 10.0.1.4 diff --git a/docs/configuration/service/dhcp-server.rst b/docs/configuration/service/dhcp-server.rst index 3f4b7b89..b4245f0c 100644 --- a/docs/configuration/service/dhcp-server.rst +++ b/docs/configuration/service/dhcp-server.rst @@ -234,7 +234,7 @@ inside the subnet definition but can be outside of the range statement. **Example:** -* IP address ``192.168.1.100`` shall be statically mapped to client named ``client100`` +* IP address ``192.168.1.100`` shall be statically mapped to client named ``client1`` .. code-block:: none |