diff options
Diffstat (limited to 'docs/_include')
| -rw-r--r-- | docs/_include/interface-common-with-dhcp.txt | 4 | ||||
| -rw-r--r-- | docs/_include/interface-common.txt | 5 | ||||
| -rw-r--r-- | docs/_include/interface-dhcpv6-options.txt | 11 | ||||
| -rw-r--r-- | docs/_include/interface-ip.txt | 157 | ||||
| -rw-r--r-- | docs/_include/interface-ipv6-addr-autoconf.txt | 19 | ||||
| -rw-r--r-- | docs/_include/interface-ipv6-addr-eui64.txt | 9 | ||||
| -rw-r--r-- | docs/_include/interface-ipv6.txt | 55 | ||||
| -rw-r--r-- | docs/_include/interface-vlan-8021ad.txt | 16 | ||||
| -rw-r--r-- | docs/_include/interface-vlan-8021q.txt | 13 |
9 files changed, 241 insertions, 48 deletions
diff --git a/docs/_include/interface-common-with-dhcp.txt b/docs/_include/interface-common-with-dhcp.txt index 1cacdd53..46dddb9b 100644 --- a/docs/_include/interface-common-with-dhcp.txt +++ b/docs/_include/interface-common-with-dhcp.txt @@ -15,3 +15,7 @@ .. cmdinclude:: /_include/interface-dhcpv6-options.txt :var0: {{ var0 }} :var1: {{ var1 }} + +.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt + :var0: {{ var0 }} + :var1: {{ var1 }} diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt index 68c9c448..79269fe3 100644 --- a/docs/_include/interface-common.txt +++ b/docs/_include/interface-common.txt @@ -22,15 +22,14 @@ :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: /_include/interface-ipv6-addr-autoconf.txt +.. cmdinclude:: ../_include/interface-ip.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: /_include/interface-ipv6-addr-eui64.txt +.. cmdinclude:: ../_include/interface-ipv6.txt :var0: {{ var0 }} :var1: {{ var1 }} .. cmdinclude:: /_include/interface-vrf.txt :var0: {{ var0 }} :var1: {{ var1 }} - diff --git a/docs/_include/interface-dhcpv6-options.txt b/docs/_include/interface-dhcpv6-options.txt index a47d9f32..e7eaffb1 100644 --- a/docs/_include/interface-dhcpv6-options.txt +++ b/docs/_include/interface-dhcpv6-options.txt @@ -29,14 +29,3 @@ .. code-block:: none set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options temporary - -.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt - :var0: {{ var0 }} - :var1: {{ var1 }} - :var2: {{ var2 }} - :var3: {{ var3 }} - :var4: {{ var4 }} - :var5: {{ var5 }} - :var6: {{ var6 }} - :var7: {{ var7 }} - diff --git a/docs/_include/interface-ip.txt b/docs/_include/interface-ip.txt new file mode 100644 index 00000000..89937806 --- /dev/null +++ b/docs/_include/interface-ip.txt @@ -0,0 +1,157 @@ +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip arp-cache-timeout + + Once a neighbor has been found, the entry is considered to be valid for at + least for this specifc time. An entry's validity will be extended if it + receives positive feedback from higher level protocols. + + This defaults to 30 seconds. + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip arp-cache-timeout 180 + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip disable-arp-filter + + If set the kernel can respond to arp requests with addresses from other + interfaces. This may seem wrong but it usually makes sense, because it + increases the chance of successful communication. IP addresses are owned by + the complete host on Linux, not by particular interfaces. Only for more + complex setups like load-balancing, does this behaviour cause problems. + + If not set (default) allows you to have multiple network interfaces on the + same subnet, and have the ARPs for each interface be answered based on whether + or not the kernel would route a packet from the ARP'd IP out that interface + (therefore you must use source based routing for this to work). + + In other words it allows control of which cards (usually 1) will respond to an + arp request. + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip disable-arp-filter + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip disable-forwarding + + Configure interface-specific Host/Router behaviour. If set, the interface will + switch to host mode and IPv6 forwarding will be disabled on this interface. + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip disable-forwarding + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip enable-arp-accept + + Define behavior for gratuitous ARP frames who's IP is not already present in + the ARP table. If configured create new entries in the ARP table. + + Both replies and requests type gratuitous arp will trigger the ARP table to be + updated, if this setting is on. + + If the ARP table already contains the IP address of the gratuitous arp frame, + the arp table will be updated regardless if this setting is on or off. + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-arp-accept + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip enable-arp-announce + + Define different restriction levels for announcing the local source IP address + from IP packets in ARP requests sent on interface. + + Use any local address, configured on any interface if this is not set. + + If configured, try to avoid local addresses that are not in the target's + subnet for this interface. This mode is useful when target hosts reachable via + this interface require the source IP address in ARP requests to be part of + their logical network configured on the receiving interface. When we generate + the request we will check all our subnets that include the target IP and will + preserve the source address if it is from such subnet. If there is no such + subnet we select source address according to the rules for level 2. + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-arp-announce + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip enable-arp-ignore + + Define different modes for sending replies in response to received ARP + requests that resolve local target IP addresses: + + If configured, reply only if the target IP address is local address configured + on the incoming interface. + + If this option is unset (default), reply for any local target IP address, + configured on any interface. + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-arp-ignore + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip enable-proxy-arp + + Use this command to enable proxy Address Resolution Protocol (ARP) on this + interface. Proxy ARP allows an Ethernet interface to respond with its own + :abbr:`MAC (Media Access Control)` address to ARP requests for destination IP + addresses on subnets attached to other interfaces on the system. Subsequent + packets sent to those destination IP addresses are forwarded appropriately by + the system. + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ip enable-proxy-arp + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip proxy-arp-pvlan + + Private VLAN proxy arp. Basically allow proxy arp replies back to the same + interface (from which the ARP request/solicitation was received). + + This is done to support (ethernet) switch features, like :rfc:`3069`, where + the individual ports are NOT allowed to communicate with each other, but they + are allowed to talk to the upstream router. As described in :rfc:`3069`, it is + possible to allow these hosts to communicate through the upstream router by + proxy_arp'ing. + + .. note:: Don't need to be used together with proxy_arp. + + This technology is known by different names: + + - In :rfc:`3069` it is called VLAN Aggregation + + - Cisco and Allied Telesyn call it Private VLAN + + - Hewlett-Packard call it Source-Port filtering or port-isolation + + - Ericsson call it MAC-Forced Forwarding (RFC Draft) + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ip source-validation <strict | loose | disable> + + Enable policy for source validation by reversed path, as specified in + :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict + mode to prevent IP spoofing from DDos attacks. If using asymmetric routing + or other complicated routing, then loose mode is recommended. + + - strict: Each incoming packet is tested against the FIB and if the interface + is not the best reverse path the packet check will fail. By default failed + packets are discarded. + + - loose: Each incoming packet's source address is also tested against the FIB + and if the source address is not reachable via any interface the packet + check will fail. + + - disable: No source validation diff --git a/docs/_include/interface-ipv6-addr-autoconf.txt b/docs/_include/interface-ipv6-addr-autoconf.txt deleted file mode 100644 index fea1125e..00000000 --- a/docs/_include/interface-ipv6-addr-autoconf.txt +++ /dev/null @@ -1,19 +0,0 @@ -.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} - {{ var5 }} {{ var6 }} ipv6 address autoconf - - :abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts - can configure themselves automatically when connected to an IPv6 network using - the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message - Protocol version 6)` router discovery messages. When first connected to a - network, a host sends a link-local router solicitation multicast request for - its configuration parameters; routers respond to such a request with a router - advertisement packet that contains Internet Layer configuration parameters. - - .. note:: This method automatically disables IPv6 traffic forwarding on the - interface in question. - - Example: - - .. code-block:: none - - set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address autoconf diff --git a/docs/_include/interface-ipv6-addr-eui64.txt b/docs/_include/interface-ipv6-addr-eui64.txt deleted file mode 100644 index e6a58372..00000000 --- a/docs/_include/interface-ipv6-addr-eui64.txt +++ /dev/null @@ -1,9 +0,0 @@ -.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} - {{ var5 }} {{ var6 }} ipv6 address eui64 <prefix> - - :abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in - :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address. - - .. code-block:: none - - set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address eui64 2001:db8:beef::/64 diff --git a/docs/_include/interface-ipv6.txt b/docs/_include/interface-ipv6.txt new file mode 100644 index 00000000..e03817cf --- /dev/null +++ b/docs/_include/interface-ipv6.txt @@ -0,0 +1,55 @@ +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ipv6 address autoconf + + :abbr:`SLAAC (Stateless Address Autoconfiguration)` :rfc:`4862`. IPv6 hosts + can configure themselves automatically when connected to an IPv6 network using + the Neighbor Discovery Protocol via :abbr:`ICMPv6 (Internet Control Message + Protocol version 6)` router discovery messages. When first connected to a + network, a host sends a link-local router solicitation multicast request for + its configuration parameters; routers respond to such a request with a router + advertisement packet that contains Internet Layer configuration parameters. + + .. note:: This method automatically disables IPv6 traffic forwarding on the + interface in question. + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address autoconf + + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ipv6 address eui64 <prefix> + + :abbr:`EUI-64 (64-Bit Extended Unique Identifier)` as specified in + :rfc:`4291` allows a host to assign iteslf a unique 64-Bit IPv6 address. + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address eui64 2001:db8:beef::/64 + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ipv6 address no-default-link-local + + Do not assign a link-local IPv6 address to this interface. + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 address no-default-link-local + +.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} + {{ var5 }} {{ var6 }} ipv6 disable-forwarding + + Configure interface-specific Host/Router behaviour. If set, the interface will + switch to host mode and IPv6 forwarding will be disabled on this interface. + + Example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} ipv6 disable-forwarding diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt index 74bc2080..6a34786f 100644 --- a/docs/_include/interface-vlan-8021ad.txt +++ b/docs/_include/interface-vlan-8021ad.txt @@ -88,7 +88,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: <vlan-id> :var7: 20 -.. cmdinclude:: /_include/interface-ipv6-addr-autoconf.txt +.. cmdinclude:: ../_include/interface-ip.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -98,7 +98,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: <vlan-id> :var7: 20 -.. cmdinclude:: /_include/interface-ipv6-addr-eui64.txt +.. cmdinclude:: ../_include/interface-ipv6.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -140,4 +140,14 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: <vlan-id> :var7: 20 -.. include:: /_include/common-references.txt +.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + :var2: vif-s + :var3: <vlan-id> + :var4: 1000 + :var5: vif-c + :var6: <vlan-id> + :var7: 20 + +.. include:: ../common-references.rst diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt index db22a1ce..e4ed9db0 100644 --- a/docs/_include/interface-vlan-8021q.txt +++ b/docs/_include/interface-vlan-8021q.txt @@ -71,14 +71,14 @@ term used for this is ``vif``. :var3: <vlan-id> :var4: 10 -.. cmdinclude:: /_include/interface-ipv6-addr-autoconf.txt +.. cmdinclude:: ../_include/interface-ip.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: <vlan-id> :var4: 10 -.. cmdinclude:: /_include/interface-ipv6-addr-eui64.txt +.. cmdinclude:: ../_include/interface-ipv6.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif @@ -108,4 +108,11 @@ term used for this is ``vif``. :var3: <vlan-id> :var4: 10 -.. include:: /_include/common-references.txt
\ No newline at end of file +.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt + :var0: {{ var0 }} + :var1: {{ var1 }} + :var2: vif + :var3: <vlan-id> + :var4: 10 + +.. include:: ../common-references.rst |