summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
m---------docs/_include/vyos-1x0
-rw-r--r--docs/automation/cloud-init.rst2
-rw-r--r--docs/automation/command-scripting.rst8
-rw-r--r--docs/changelog/1.3.rst6
-rw-r--r--docs/changelog/1.4.rst29
-rw-r--r--docs/configuration/interfaces/wireless.rst21
-rw-r--r--docs/configuration/system/acceleration.rst146
-rw-r--r--docs/configuration/system/index.rst1
-rw-r--r--docs/configuration/system/ipv6.rst2
-rw-r--r--docs/installation/vyos-on-baremetal.rst2
10 files changed, 211 insertions, 6 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x
-Subproject f75da014ae295e6cdf352754bfd998a453e8174
+Subproject 3d0cae6c7636d82f0089562fb8bd84beefedc27
diff --git a/docs/automation/cloud-init.rst b/docs/automation/cloud-init.rst
index ccfb6275..2fa102b1 100644
--- a/docs/automation/cloud-init.rst
+++ b/docs/automation/cloud-init.rst
@@ -267,7 +267,7 @@ Most important keys that needs to be considered:
Generate qcow image
-------------------
-A VyOS qcow image with cloud-init options is needed. This can be obteined
+A VyOS qcow image with cloud-init options is needed. This can be obtained
using `vyos-vm-images`_ repo. After clonning the repo, edit the file
**qemu.yml** and comment the **download-iso** role.
diff --git a/docs/automation/command-scripting.rst b/docs/automation/command-scripting.rst
index 7cf31232..db4724cd 100644
--- a/docs/automation/command-scripting.rst
+++ b/docs/automation/command-scripting.rst
@@ -83,10 +83,10 @@ Here is a simple example:
.. code-block:: python
- #!/usr/bin/env python
- print "delete firewall group address-group somehosts"
- print "set firewall group address-group somehosts address '192.0.2.3'"
- print "set firewall group address-group somehosts address '203.0.113.55'"
+ #!/usr/bin/env python3
+ print("delete firewall group address-group somehosts")
+ print("set firewall group address-group somehosts address '192.0.2.3'")
+ print("set firewall group address-group somehosts address '203.0.113.55'")
.. code-block:: none
diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst
index b71b630d..a80e1873 100644
--- a/docs/changelog/1.3.rst
+++ b/docs/changelog/1.3.rst
@@ -8,6 +8,12 @@
_ext/releasenotes.py
+2022-07-01
+==========
+
+* :vytask:`T4489` (bug): MPLS sysctl not persistent for tunnel interfaces
+
+
2022-06-20
==========
diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst
index 1ef142fe..3c98b823 100644
--- a/docs/changelog/1.4.rst
+++ b/docs/changelog/1.4.rst
@@ -8,6 +8,35 @@
_ext/releasenotes.py
+2022-07-01
+==========
+
+* :vytask:`T2455` (bug): No support for the IPv6 VTI
+* :vytask:`T4490` (feature): BGP- warning message that AFI/SAFI is needed to establish the neighborship
+* :vytask:`T4489` (bug): MPLS sysctl not persistent for tunnel interfaces
+
+
+2022-06-29
+==========
+
+* :vytask:`T4477` (feature): router-advert: support RDNSS lifetime option
+
+
+2022-06-28
+==========
+
+* :vytask:`T4486` (bug): Container can't be deleted
+* :vytask:`T4473` (bug): Use container network without network declaration error
+* :vytask:`T4458` (feature): Firewall - add support for matching ip ttl in firewall rules
+* :vytask:`T3907` (feature): Firewall - Set log levels
+
+
+2022-06-27
+==========
+
+* :vytask:`T4484` (default): Firewall op-mode summary doesn't correctly handle address group containing ranges
+
+
2022-06-25
==========
diff --git a/docs/configuration/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst
index b775011f..231652a0 100644
--- a/docs/configuration/interfaces/wireless.rst
+++ b/docs/configuration/interfaces/wireless.rst
@@ -590,3 +590,24 @@ To get it to work as an access point with this configuration you will need
to set up a DHCP server to work with that network. You can - of course - also
bridge the Wireless interface with any configured bridge
(:ref:`bridge-interface`) on the system.
+
+.. _wireless-interface-intel-ax200:
+
+Intel AX200
+===========
+
+The Intel AX200 card does not work out of the box in AP mode, see
+https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can
+still put this card into AP mode using the following configuration:
+
+.. stop_vyoslinter
+.. code-block:: none
+
+ set interfaces wireless wlan0 channel '1'
+ set interfaces wireless wlan0 country-code 'us'
+ set interfaces wireless wlan0 mode 'n'
+ set interfaces wireless wlan0 physical-device 'phy0'
+ set interfaces wireless wlan0 ssid 'VyOS'
+ set interfaces wireless wlan0 type 'access-point'
+
+.. start_vyoslinter
diff --git a/docs/configuration/system/acceleration.rst b/docs/configuration/system/acceleration.rst
new file mode 100644
index 00000000..4c595022
--- /dev/null
+++ b/docs/configuration/system/acceleration.rst
@@ -0,0 +1,146 @@
+.. _acceleration:
+
+############
+Acceleration
+############
+
+In this command tree, all hardware acceleration options will be handled.
+At the moment only `Intel® QAT`_ is supported
+
+**********
+Intel® QAT
+**********
+
+.. opcmd:: show system acceleration qat
+
+ use this command to check if there is an Intel® QAT supported Processor in
+ your system.
+
+ .. code-block::
+
+ vyos@vyos:~$ show system acceleration qat
+ 01:00.0 Co-processor [0b40]: Intel Corporation Atom Processor C3000 Series QuickAssist Technology [8086:19e2] (rev 11)
+
+ if there is non device the command will show ```No QAT device found```
+
+.. cfgcmd:: set system acceleration qat
+
+ if there is a supported device, enable Intel® QAT
+
+.. opcmd:: show system acceleration qat status
+
+ Check if the Intel® QAT device is up and ready to do the job.
+
+ .. code-block::
+
+ vyos@vyos:~$ show system acceleration qat status
+ Checking status of all devices.
+ There is 1 QAT acceleration device(s) in the system:
+ qat_dev0 - type: c3xxx, inst_id: 0, node_id: 0, bsf: 0000:01:00.0, #accel: 3 #engines: 6 state: up
+
+Operation Mode
+==============
+
+.. opcmd:: show system acceleration qat device <device> config
+
+ Show the full config uploaded to the QAT device.
+
+.. opcmd:: show system acceleration qat device <device> flows
+
+ Get an overview over the encryption counters.
+
+.. opcmd:: show system acceleration qat interrupts
+
+ Show binded qat device interrupts to certain core.
+
+
+Example
+=======
+
+Let's build a simple VPN between 2 Intel® QAT ready devices.
+
+Side A:
+
+.. code-block::
+
+ set interfaces vti vti1 address '192.168.1.2/24'
+ set vpn ipsec esp-group MyESPGroup proposal 1 encryption 'aes256'
+ set vpn ipsec esp-group MyESPGroup proposal 1 hash 'sha256'
+ set vpn ipsec ike-group MyIKEGroup proposal 1 dh-group '14'
+ set vpn ipsec ike-group MyIKEGroup proposal 1 encryption 'aes256'
+ set vpn ipsec ike-group MyIKEGroup proposal 1 hash 'sha256'
+ set vpn ipsec ipsec-interfaces interface 'eth0'
+ set vpn ipsec site-to-site peer 10.10.10.1 authentication mode 'pre-shared-secret'
+ set vpn ipsec site-to-site peer 10.10.10.1 authentication pre-shared-secret 'Qwerty123'
+ set vpn ipsec site-to-site peer 10.10.10.1 connection-type 'initiate'
+ set vpn ipsec site-to-site peer 10.10.10.1 default-esp-group 'MyESPGroup'
+ set vpn ipsec site-to-site peer 10.10.10.1 ike-group 'MyIKEGroup'
+ set vpn ipsec site-to-site peer 10.10.10.1 local-address '10.10.10.2'
+ set vpn ipsec site-to-site peer 10.10.10.1 vti bind 'vti1'
+
+Side B:
+
+.. code-block::
+
+ set interfaces vti vti1 address '192.168.1.1/24'
+ set vpn ipsec esp-group MyESPGroup proposal 1 encryption 'aes256'
+ set vpn ipsec esp-group MyESPGroup proposal 1 hash 'sha256'
+ set vpn ipsec ike-group MyIKEGroup proposal 1 dh-group '14'
+ set vpn ipsec ike-group MyIKEGroup proposal 1 encryption 'aes256'
+ set vpn ipsec ike-group MyIKEGroup proposal 1 hash 'sha256'
+ set vpn ipsec ipsec-interfaces interface 'eth0'
+ set vpn ipsec site-to-site peer 10.10.10.2 authentication mode 'pre-shared-secret'
+ set vpn ipsec site-to-site peer 10.10.10.2 authentication pre-shared-secret 'Qwerty123'
+ set vpn ipsec site-to-site peer 10.10.10.2 connection-type 'initiate'
+ set vpn ipsec site-to-site peer 10.10.10.2 default-esp-group 'MyESPGroup'
+ set vpn ipsec site-to-site peer 10.10.10.2 ike-group 'MyIKEGroup'
+ set vpn ipsec site-to-site peer 10.10.10.2 local-address '10.10.10.1'
+ set vpn ipsec site-to-site peer 10.10.10.2 vti bind 'vti1'
+
+a bandwidth test over the VPN got these results:
+
+.. code-block::
+
+ Connecting to host 192.168.1.2, port 5201
+ [ 9] local 192.168.1.1 port 51344 connected to 192.168.1.2 port 5201
+ [ ID] Interval Transfer Bitrate Retr Cwnd
+ [ 9] 0.00-1.01 sec 32.3 MBytes 268 Mbits/sec 0 196 KBytes
+ [ 9] 1.01-2.03 sec 32.5 MBytes 268 Mbits/sec 0 208 KBytes
+ [ 9] 2.03-3.03 sec 32.5 MBytes 271 Mbits/sec 0 208 KBytes
+ [ 9] 3.03-4.04 sec 32.5 MBytes 272 Mbits/sec 0 208 KBytes
+ [ 9] 4.04-5.00 sec 31.2 MBytes 272 Mbits/sec 0 208 KBytes
+ [ 9] 5.00-6.01 sec 32.5 MBytes 272 Mbits/sec 0 234 KBytes
+ [ 9] 6.01-7.04 sec 32.5 MBytes 265 Mbits/sec 0 234 KBytes
+ [ 9] 7.04-8.04 sec 32.5 MBytes 272 Mbits/sec 0 234 KBytes
+ [ 9] 8.04-9.04 sec 32.5 MBytes 273 Mbits/sec 0 336 KBytes
+ [ 9] 9.04-10.00 sec 31.2 MBytes 272 Mbits/sec 0 336 KBytes
+ - - - - - - - - - - - - - - - - - - - - - - - - -
+ [ ID] Interval Transfer Bitrate Retr
+ [ 9] 0.00-10.00 sec 322 MBytes 270 Mbits/sec 0 sender
+ [ 9] 0.00-10.00 sec 322 MBytes 270 Mbits/sec receiver
+
+with :cfgcmd:`set system acceleration qat` on both systems the bandwidth
+increases.
+
+.. code-block::
+
+ Connecting to host 192.168.1.2, port 5201
+ [ 9] local 192.168.1.1 port 51340 connected to 192.168.1.2 port 5201
+ [ ID] Interval Transfer Bitrate Retr Cwnd
+ [ 9] 0.00-1.00 sec 97.3 MBytes 817 Mbits/sec 0 1000 KBytes
+ [ 9] 1.00-2.00 sec 92.5 MBytes 776 Mbits/sec 0 1.07 MBytes
+ [ 9] 2.00-3.00 sec 92.5 MBytes 776 Mbits/sec 0 820 KBytes
+ [ 9] 3.00-4.00 sec 92.5 MBytes 776 Mbits/sec 0 899 KBytes
+ [ 9] 4.00-5.00 sec 91.2 MBytes 765 Mbits/sec 0 972 KBytes
+ [ 9] 5.00-6.00 sec 92.5 MBytes 776 Mbits/sec 0 1.02 MBytes
+ [ 9] 6.00-7.00 sec 92.5 MBytes 776 Mbits/sec 0 1.08 MBytes
+ [ 9] 7.00-8.00 sec 92.5 MBytes 776 Mbits/sec 0 1.14 MBytes
+ [ 9] 8.00-9.00 sec 91.2 MBytes 765 Mbits/sec 0 915 KBytes
+ [ 9] 9.00-10.00 sec 92.5 MBytes 776 Mbits/sec 0 1000 KBytes
+ - - - - - - - - - - - - - - - - - - - - - - - - -
+ [ ID] Interval Transfer Bitrate Retr
+ [ 9] 0.00-10.00 sec 927 MBytes 778 Mbits/sec 0 sender
+ [ 9] 0.00-10.01 sec 925 MBytes 775 Mbits/sec receiver
+
+
+.. _`Intel® QAT`: https://www.intel.com/content/www/us/en/architecture-and-technology/intel-quick-assist-technology-overview.html \ No newline at end of file
diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst
index 5a6cb7b1..5bf781af 100644
--- a/docs/configuration/system/index.rst
+++ b/docs/configuration/system/index.rst
@@ -7,6 +7,7 @@ System
:maxdepth: 1
:includehidden:
+ acceleration
conntrack
console
flow-accounting
diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst
index 19016e7b..0b9f9cc8 100644
--- a/docs/configuration/system/ipv6.rst
+++ b/docs/configuration/system/ipv6.rst
@@ -160,7 +160,7 @@ Show commands
Reset commands
^^^^^^^^^^^^^^
-.. opcmd:: reset ipv6 bgp <address>
+.. opcmd:: reset bgp ipv6 <address>
Use this command to clear Border Gateway Protocol statistics or
status.
diff --git a/docs/installation/vyos-on-baremetal.rst b/docs/installation/vyos-on-baremetal.rst
index 738f5e07..367e6df1 100644
--- a/docs/installation/vyos-on-baremetal.rst
+++ b/docs/installation/vyos-on-baremetal.rst
@@ -115,6 +115,8 @@ Refer to :ref:`wireless-interface` for additional information, below listed
modules have been tested successfully on this Hardware platform:
* Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1.
+* Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1.
+ (see :ref:`wireless-interface-intel-ax200`)
WWAN
""""