diff options
Diffstat (limited to 'docs/configuration/interfaces')
-rw-r--r-- | docs/configuration/interfaces/bonding.rst | 8 | ||||
-rw-r--r-- | docs/configuration/interfaces/ethernet.rst | 36 | ||||
-rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 16 |
3 files changed, 45 insertions, 15 deletions
diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst index 92601b37..bf7cfc2c 100644 --- a/docs/configuration/interfaces/bonding.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -256,6 +256,13 @@ Bond options The maximum number of targets that can be specified is 16. The default value is no IP addresses. +Offloading +---------- + +.. cmdinclude:: /_include/interface-xdp.txt + :var0: bonding + :var1: bond0 + VLAN ==== @@ -265,6 +272,7 @@ VLAN Port Mirror (SPAN) ================== + .. cmdinclude:: ../../_include/interface-mirror.txt :var0: bonding :var1: bond1 diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index 25eebf25..3eae0d95 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -92,13 +92,9 @@ Offloading the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO. - .. warning:: Recent 1.3 rolling images also support XDP offloading which - stands for eXpress Data Path in the Linux Kernel. You must enable it for - every interface which should participate in the XDP forwarding. - - Enabling this feature will break any form of NAT or Firewalling on this - interface, as XDP is handled way earlier in the driver then NfTables. - +.. cmdinclude:: /_include/interface-xdp.txt + :var0: ethernet + :var1: eth0 VLAN ==== @@ -269,3 +265,29 @@ Operation Vendor SN : FNS092xxxxx Date code : 0506xx +.. stop_vyoslinter + +.. opcmd:: show interfaces ethernet <interface> xdp + + Display XDP forwarding statistics + + .. code-block:: none + + vyos@vyos:~$ show interfaces ethernet eth1 xdp + + Collecting stats from BPF map + - BPF map (bpf_map_type:6) id:176 name:xdp_stats_map key_size:4 value_size:16 max_entries:5 + XDP-action + XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250340 + XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250317 + XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250314 + XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313 + XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313 + + XDP-action + XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000410 + XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 + diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 0e4e9d74..2c273b34 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -317,16 +317,16 @@ commands: vyos@vyos:/config/my-easy-rsa-config$./easyrsa revoke client1 vyos@vyos:/config/my-easy-rsa-config$ ./easyrsa gen-crl -Copy the files to /config/auth/ovpn/ to use in OpenVPN tunnel creation +Copy the files to /config/auth/openvpn/ to use in OpenVPN tunnel creation .. code-block:: none - vyos@vyos:/config/my-easy-rsa-config$ sudo mkdir /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/ca.crt /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/dh.pem /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/private/central.key /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/issued/central.crt /config/auth/ovpn - vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/crl.pem /config/auth/ovpn + vyos@vyos:/config/my-easy-rsa-config$ sudo mkdir /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/ca.crt /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/dh.pem /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/private/central.key /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/issued/central.crt /config/auth/openvpn + vyos@vyos:/config/my-easy-rsa-config$ sudo cp pki/crl.pem /config/auth/openvpn Additionally, each client needs a copy of ca.crt and its own client key and cert files. The files are plaintext so they may be copied either manually, @@ -336,7 +336,7 @@ For example, Branch 1's router might have the following files: .. code-block:: none - vyos@branch1-rtr:$ ls /config/auth/ovpn + vyos@branch1-rtr:$ ls /config/auth/openvpn ca.crt branch1.crt branch1.key Client Authentication |