summaryrefslogtreecommitdiff
path: root/docs/configuration/protocols
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration/protocols')
-rw-r--r--docs/configuration/protocols/bfd.rst2
-rw-r--r--docs/configuration/protocols/bgp.rst27
-rw-r--r--docs/configuration/protocols/failover.rst103
-rw-r--r--docs/configuration/protocols/igmp.rst2
-rw-r--r--docs/configuration/protocols/index.rst1
-rw-r--r--docs/configuration/protocols/isis.rst263
-rw-r--r--docs/configuration/protocols/mpls.rst14
-rw-r--r--docs/configuration/protocols/ospf.rst182
-rw-r--r--docs/configuration/protocols/static.rst7
9 files changed, 522 insertions, 79 deletions
diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst
index dac1bf0f..faec71bc 100644
--- a/docs/configuration/protocols/bfd.rst
+++ b/docs/configuration/protocols/bfd.rst
@@ -1,4 +1,4 @@
-:lastproofread: 2022-02-05
+:lastproofread: 2023-01-27
.. include:: /_include/need_improvement.txt
diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst
index 24d81cef..6593730f 100644
--- a/docs/configuration/protocols/bgp.rst
+++ b/docs/configuration/protocols/bgp.rst
@@ -37,7 +37,7 @@ The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of
BGP. BGP is a distance vector routing protocol, and the AS-Path framework
provides distance vector metric and loop detection to BGP.
-.. cfgcmd:: set protocols bgp local-as <asn>
+.. cfgcmd:: set protocols bgp system-as <asn>
Set local :abbr:`ASN (Autonomous System Number)` that this router represents.
This is a a mandatory option!
@@ -174,10 +174,10 @@ The BGP protocol uses the AS number for detecting whether the BGP connection
is internal or external. VyOS does not have a special command to start the BGP
process. The BGP process starts when the first neighbor is configured.
-.. cfgcmd:: set protocols bgp local-as <asn>
+.. cfgcmd:: set protocols bgp system-as <asn>
Set local autonomous system number that this router represents. This is a
- a mandatory option!
+ mandatory option!
Peers Configuration
-------------------
@@ -431,7 +431,7 @@ Peer Parameters
This command enforces Generalized TTL Security Mechanism (GTSM),
as specified in :rfc:`5082`. With this command, only neighbors
- that are the specified number of hops away will be allowed to
+ that are specified number of hops away will be allowed to
become neighbors. The number of hops range is 1 to 254. This
command is mutually exclusive with :cfgcmd:`ebgp-multihop`.
@@ -563,11 +563,6 @@ Common parameters
Path (both AS number and AS path length), Origin code, MED, IGP
metric. Also, the next hop address for each path must be different.
-.. cfgcmd:: set protocols bgp parameters default no-ipv4-unicast
-
- This command allows the user to specify that IPv4 peering is turned off by
- default.
-
.. cfgcmd:: set protocols bgp parameters log-neighbor-changes
This command enable logging neighbor up/down changes and reset reason.
@@ -984,7 +979,7 @@ Show
.. opcmd:: show ip bgp filter-list <name>
- This command displays BGP routes allowed by by the specified AS Path
+ This command displays BGP routes allowed by the specified AS Path
access list.
.. opcmd:: show <ip|ipv6> bgp neighbors <address> advertised-routes
@@ -1074,7 +1069,7 @@ A simple eBGP configuration:
.. code-block:: none
- set protocols bgp local-as 65534
+ set protocols bgp system-as 65534
set protocols bgp neighbor 192.168.0.2 ebgp-multihop '2'
set protocols bgp neighbor 192.168.0.2 remote-as '65535'
set protocols bgp neighbor 192.168.0.2 update-source '192.168.0.1'
@@ -1085,7 +1080,7 @@ A simple eBGP configuration:
.. code-block:: none
- set protocols bgp local-as 65535
+ set protocols bgp system-as 65535
set protocols bgp neighbor 192.168.0.1 ebgp-multihop '2'
set protocols bgp neighbor 192.168.0.1 remote-as '65534'
set protocols bgp neighbor 192.168.0.1 update-source '192.168.0.2'
@@ -1119,7 +1114,7 @@ A simple BGP configuration via IPv6.
.. code-block:: none
- set protocols bgp local-as 65534
+ set protocols bgp system-as 65534
set protocols bgp neighbor 2001:db8::2 ebgp-multihop '2'
set protocols bgp neighbor 2001:db8::2 remote-as '65535'
set protocols bgp neighbor 2001:db8::2 update-source '2001:db8::1'
@@ -1131,7 +1126,7 @@ A simple BGP configuration via IPv6.
.. code-block:: none
- set protocols bgp local-as 65535
+ set protocols bgp system-as 65535
set protocols bgp neighbor 2001:db8::1 ebgp-multihop '2'
set protocols bgp neighbor 2001:db8::1 remote-as '65534'
set protocols bgp neighbor 2001:db8::1 update-source '2001:db8::2'
@@ -1182,7 +1177,7 @@ Route filter can be applied using a route-map:
set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT'
set policy route-map AS65535-OUT rule 20 action 'permit'
- set protocols bgp local-as 65534
+ set protocols bgp system-as 65534
set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT'
set protocols bgp neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN'
set protocols bgp neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT'
@@ -1210,7 +1205,7 @@ Route filter can be applied using a route-map:
set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT'
set policy route-map AS65534-OUT rule 20 action 'permit'
- set protocols bgp local-as 65535
+ set protocols bgp system-as 65535
set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT'
set protocols bgp neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN'
set protocols bgp neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT'
diff --git a/docs/configuration/protocols/failover.rst b/docs/configuration/protocols/failover.rst
new file mode 100644
index 00000000..72201ade
--- /dev/null
+++ b/docs/configuration/protocols/failover.rst
@@ -0,0 +1,103 @@
+.. _routing-static:
+
+########
+Failover
+########
+
+Failover routes are manually configured routes, but they install
+to the routing table if the health-check target is alive.
+If the target is not alive the route is removed from the routing table
+until the target will be available.
+
+***************
+Failover Routes
+***************
+
+.. cfgcmd:: set protocols failover route <subnet> next-hop <address> check
+ target <target-address>
+
+ Configure next-hop `<address>` and `<target-address>` for an IPv4 static
+ route. Specify the target
+ IPv4 address for health checking.
+
+.. cfgcmd:: set protocols failover route <subnet> next-hop <address> check
+ timeout <timeout>
+
+ Timeout in seconds between health target checks.
+
+ Range is 1 to 300, default is 10.
+
+.. cfgcmd:: set protocols failover route <subnet> next-hop <address> check
+ type <protocol>
+
+ Defines protocols for checking ARP, ICMP, TCP
+
+ Default is ``icmp``.
+
+.. cfgcmd:: set protocols failover route <subnet> next-hop <address>
+ interface <interface>
+
+ Next-hop interface for the route
+
+.. cfgcmd:: set protocols failover route <subnet> next-hop <address>
+ metric <metric>
+
+ Route metric
+
+ Default 1.
+
+
+*******
+Example
+*******
+
+**One gateway:**
+
+.. code-block:: none
+
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 check target '192.0.2.1'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 check timeout '5'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 check type 'icmp'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 interface 'eth0'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 metric '10'
+
+Show the route
+
+.. code-block:: none
+
+ vyos@vyos:~$ show ip route 203.0.113.1
+ Routing entry for 203.0.113.1/32
+ Known via "kernel", distance 0, metric 10, best
+ Last update 00:00:39 ago
+ * 192.0.2.1, via eth0
+
+**Two gateways and different metrics:**
+
+.. code-block:: none
+
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 check target '192.0.2.1'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 check timeout '5'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 check type 'icmp'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 interface 'eth0'
+ set protocols failover route 203.0.113.1/32 next-hop 192.0.2.1 metric '10'
+
+ set protocols failover route 203.0.113.1/32 next-hop 198.51.100.1 check target '198.51.100.99'
+ set protocols failover route 203.0.113.1/32 next-hop 198.51.100.1 check timeout '5'
+ set protocols failover route 203.0.113.1/32 next-hop 198.51.100.1 check type 'icmp'
+ set protocols failover route 203.0.113.1/32 next-hop 198.51.100.1 interface 'eth2'
+ set protocols failover route 203.0.113.1/32 next-hop 198.51.100.1 metric '20'
+
+Show the route
+
+.. code-block:: none
+
+ vyos@vyos:~$ show ip route 203.0.113.1
+ Routing entry for 203.0.113.1/32
+ Known via "kernel", distance 0, metric 10, best
+ Last update 00:08:06 ago
+ * 192.0.2.1, via eth0
+
+ Routing entry for 203.0.113.1/32
+ Known via "kernel", distance 0, metric 20
+ Last update 00:08:14 ago
+ * 198.51.100.1, via eth2
diff --git a/docs/configuration/protocols/igmp.rst b/docs/configuration/protocols/igmp.rst
index 0c7a470b..d3492632 100644
--- a/docs/configuration/protocols/igmp.rst
+++ b/docs/configuration/protocols/igmp.rst
@@ -1,4 +1,4 @@
-:lastproofread: 2021-09-30
+:lastproofread: 2023-01-27
.. _multicast:
diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst
index c302d6a9..b7fc6289 100644
--- a/docs/configuration/protocols/index.rst
+++ b/docs/configuration/protocols/index.rst
@@ -9,6 +9,7 @@ Protocols
bfd
bgp
+ failover
igmp
isis
mpls
diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst
index 416a42c3..ef9cc960 100644
--- a/docs/configuration/protocols/isis.rst
+++ b/docs/configuration/protocols/isis.rst
@@ -7,14 +7,18 @@ IS-IS
#####
:abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state
-interior gateway routing protocol which is described in ISO10589,
-:rfc:`1195`, :rfc:`5308`. Like OSPF, IS-IS runs the Dijkstra shortest-path
-first (SPF) algorithm to create a database of the network’s topology and,
-from that database, to determine the best (that is, shortest) path to a
-destination. The routers exchange topology information with their nearest
-neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS
-addresses are called :abbr:`NETs (Network Entity Titles)` and can be
-8 to 20 bytes long, but are generally 10 bytes long.
+interior gateway protocol (IGP) which is described in ISO10589,
+:rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF)
+algorithm to create a database of the network’s topology, and
+from that database to determine the best (that is, lowest cost) path to a
+destination. The intermediate systems (the name for routers) exchange topology
+information with their directly conencted neighbors. IS-IS runs directly on
+the data link layer (Layer 2). IS-IS addresses are called
+:abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are
+generally 10 bytes long. The tree database that is created with IS-IS is
+similar to the one that is created with OSPF in that the paths chosen should
+be similar. Comparisons to OSPF are inevitable and often are reasonable ones
+to make in regards to the way a network will respond with either IGP.
*******
General
@@ -26,60 +30,76 @@ Configuration
Mandatory Settings
------------------
+For IS-IS top operate correctly, one must do the equivalent of a Router ID in
+CLNS. This Router ID is called the :abbr:`NET (Network Entity Title)`. This
+must be unique for each and every router that is operating in IS-IS. It also
+must not be duplicated otherwise the same issues that occur within OSPF will
+occur within IS-IS when it comes to said duplication.
+
+
.. cfgcmd:: set protocols isis net <network-entity-title>
- This commad also sets network entity title (NET) provided in ISO format.
+ This commad sets network entity title (NET) provided in ISO format.
- For example :abbr:`NET (Network Entity Title)`
+ Here is an example :abbr:`NET (Network Entity Title)` value:
.. code-block:: none
49.0001.1921.6800.1002.00
- The IS-IS address consists of the following parts:
+ The CLNS address consists of the following parts:
* :abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value
49 is what IS-IS uses for private addressing.
- * Area identifier: ``0001`` IS-IS area number (Area1)
+ * Area identifier: ``0001`` IS-IS area number (numberical area ``1``)
* System identifier: ``1921.6800.1002`` - for system idetifiers we recommend
- to use IP address or MAC address of the router itself.
+ to use IP address or MAC address of the router itself. The way to construct
+ this is to keep all of the zeroes of the router IP address, and then change
+ the periods from being every three numbers to every four numbers. The
+ address that is listed here is ``192.168.1.2``, which if expanded will turn
+ into ``192.168.001.002``. Then all one has to do is move the dots to have
+ four numbers instead of three. This gives us ``1921.6800.1002``.
- * NET selector: ``00`` Must always be 00, to indicate "this system".
+ * :abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This
+ setting indicates "this system" or "local system."
.. cfgcmd:: set protocols isis interface <interface>
- This command activates ISIS adjacency on this interface. Note that the name
- of ISIS instance must be the same as the one used to configure the ISIS
- process.
+ This command enables IS-IS on this interface, and allows for
+ adjacency to occur. Note that the name of IS-IS instance must be
+ the same as the one used to configure the IS-IS process.
+
+IS-IS Global Configuration
+--------------------------
.. cfgcmd:: set protocols isis dynamic-hostname
- This command enables support for dynamic hostname. Dynamic hostname mapping
- determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism
- for IS-IS.
+ This command enables support for dynamic hostname TLV. Dynamic hostname
+ mapping determined as described in :rfc:`2763`, Dynamic Hostname
+ Exchange Mechanism for IS-IS.
.. cfgcmd:: set protocols isis level <level-1|level-1-2|level-2>
- This command defines the ISIS router behavior:
+ This command defines the IS-IS router behavior:
- **level-1** Act as a station router only.
- **level-1-2** Act as both a station router and an area router.
- **level-2-only** Act as an area router only.
+ * **level-1** - Act as a station (Level 1) router only.
+ * **level-1-2** - Act as a station (Level 1) router and area (Level 2) router.
+ * **level-2-only** - Act as an area (Level 2) router only.
.. cfgcmd:: set protocols isis lsp-mtu <size>
- This command configures the maximum size of generated LSPs, in bytes. The
- size range is 128 to 4352.
+ This command configures the maximum size of generated
+ :abbr:`LSPs (Link State PDUs)`, in bytes. The size range is 128 to 4352.
.. cfgcmd:: set protocols isis metric-style <narrow|transition|wide>
- This command sets old-style (ISO 10589) or new-style packet formats:
+ This command sets old-style (ISO 10589) or new style packet formats:
- **narrow** Use old style of TLVs with narrow metric.
- **transition** Send and accept both styles of TLVs during transition.
- **wide** Use new style of TLVs to carry wider metric.
+ * **narrow** - Use old style of TLVs with narrow metric.
+ * **transition** - Send and accept both styles of TLVs during transition.
+ * **wide** - Use new style of TLVs to carry wider metric.
.. cfgcmd:: set protocols isis purge-originator
@@ -117,9 +137,9 @@ Interface Configuration
This command specifies circuit type for interface:
- * **level-1** Level-1 only adjacencies are formed.
- * **level-1-2** Level-1-2 adjacencies are formed
- * **level-2-only** Level-2 only adjacencies are formed
+ * **level-1** - Level-1 only adjacencies are formed.
+ * **level-1-2** - Level-1-2 adjacencies are formed
+ * **level-2-only** - Level-2 only adjacencies are formed
.. cfgcmd:: set protocols isis interface <interface> hello-interval
<seconds>
@@ -261,12 +281,87 @@ Timers
to IGP events. The process described in :rfc:`8405`.
-*******
-Example
-*******
+********
+Examples
+********
+
+Enable IS-IS
+============
+
+**Node 1:**
+
+.. code-block:: none
+
+ set interfaces loopback lo address '192.168.255.255/32'
+ set interfaces ethernet eth1 address '192.0.2.1/24'
+
+ set protocols isis interface eth1
+ set protocols isis interface lo
+ set protocols isis net '49.0001.1921.6825.5255.00'
+
+**Node 2:**
+
+.. code-block:: none
+
+ set interfaces ethernet eth1 address '192.0.2.2/24'
+
+ set interfaces loopback lo address '192.168.255.254/32'
+ set interfaces ethernet eth1 address '192.0.2.2/24'
+
+ set protocols isis interface eth1
+ set protocols isis interface lo
+ set protocols isis net '49.0001.1921.6825.5254.00'
+
+
+
+This gives us the following neighborships, Level 1 and Level 2:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show isis neighbor
+ Area VyOS:
+ System Id Interface L State Holdtime SNPA
+ vyos eth1 1 Up 28 0c87.6c09.0001
+ vyos eth1 2 Up 28 0c87.6c09.0001
+
+ Node-2@vyos:~$ show isis neighbor
+ Area VyOS:
+ System Id Interface L State Holdtime SNPA
+ vyos eth1 1 Up 29 0c33.0280.0001
+ vyos eth1 2 Up 28 0c33.0280.0001
+
+
+
+Here's the IP routes that are populated. Just the loopback:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show ip route isis
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
+
+ I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:02:22
+ I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, weight 1, 00:02:22
+
+ Node-2@vyos:~$ show ip route isis
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
-Simple IS-IS configuration using 2 nodes and redistributing connected
-interfaces.
+ I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:02:21
+ I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, weight 1, 00:02:21
+
+
+
+Enable IS-IS and redistribute routes not natively in IS-IS
+==========================================================
**Node 1:**
@@ -293,11 +388,11 @@ interfaces.
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6800.2002.00'
-Show ip routes on Node2:
+Routes on Node 2:
.. code-block:: none
- vyos@r2:~$ show ip route isis
+ Node-2@r2:~$ show ip route isis
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
@@ -305,3 +400,91 @@ Show ip routes on Node2:
> - selected route, * - FIB route, q - queued route, r - rejected route
I 203.0.113.0/24 [115/10] via 192.0.2.1, eth1, 00:03:42
+
+
+
+
+Enable IS-IS with Segment Routing (Experimental)
+================================================
+
+**Node 1:**
+
+.. code-block:: none
+
+ set interfaces loopback lo address '192.168.255.255/32'
+ set interfaces ethernet eth1 address '192.0.2.1/24'
+
+ set protocols isis interface eth1
+ set protocols isis interface lo
+ set protocols isis net '49.0001.1921.6825.5255.00'
+ set protocols isis segment-routing global-block high-label-value '599'
+ set protocols isis segment-routing global-block low-label-value '550'
+ set protocols isis segment-routing prefix 192.168.255.255/32 index value '1'
+ set protocols isis segment-routing prefix 192.168.255.255/32 index explicit-null
+ set protocols mpls interface 'eth1'
+
+**Node 2:**
+
+.. code-block:: none
+
+ set interfaces loopback lo address '192.168.255.254/32'
+ set interfaces ethernet eth1 address '192.0.2.2/24'
+
+ set protocols isis interface eth1
+ set protocols isis interface lo
+ set protocols isis net '49.0001.1921.6825.5254.00'
+ set protocols isis segment-routing global-block high-label-value '599'
+ set protocols isis segment-routing global-block low-label-value '550'
+ set protocols isis segment-routing prefix 192.168.255.254/32 index value '2'
+ set protocols isis segment-routing prefix 192.168.255.254/32 index explicit-null
+ set protocols mpls interface 'eth1'
+
+
+
+This gives us MPLS segment routing enabled and labels for far end loopbacks:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show mpls table
+ Inbound Label Type Nexthop Outbound Label
+ ----------------------------------------------------------------------
+ 552 SR (IS-IS) 192.0.2.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1
+ 15000 SR (IS-IS) 192.0.2.2 implicit-null
+ 15001 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
+ 15002 SR (IS-IS) 192.0.2.2 implicit-null
+ 15003 SR (IS-IS) fe80::e87:6cff:fe09:1 implicit-null
+
+ Node-2@vyos:~$ show mpls table
+ Inbound Label Type Nexthop Outbound Label
+ ---------------------------------------------------------------------
+ 551 SR (IS-IS) 192.0.2.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2
+ 15000 SR (IS-IS) 192.0.2.1 implicit-null
+ 15001 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
+ 15002 SR (IS-IS) 192.0.2.1 implicit-null
+ 15003 SR (IS-IS) fe80::e33:2ff:fe80:1 implicit-null
+
+Here is the routing tables showing the MPLS segment routing label operations:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show ip route isis
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
+
+ I 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 inactive, weight 1, 00:07:48
+ I>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1, label IPv4 Explicit Null, weight 1, 00:03:39
+
+ Node-2@vyos:~$ show ip route isis
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
+
+ I 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 inactive, weight 1, 00:07:46
+ I>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1, label IPv4 Explicit Null, weight 1, 00:03:43
diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst
index d1d0cd87..550473d7 100644
--- a/docs/configuration/protocols/mpls.rst
+++ b/docs/configuration/protocols/mpls.rst
@@ -27,12 +27,14 @@ network transport of data packets.
For more information on how MPLS label switching works, please go visit
`Wikipedia (MPLS)`_.
-.. note:: MPLS support in VyOS is not finished yet, and therefore its
- functionality is limited. Currently there is no support for MPLS enabled VPN
- services such as L3VPNs, L2VPNs, and mVPNs. RSVP support is also not present
- as the underlying routing stack (FRR) does not implement it. Currently VyOS
- can be configured as a label switched router (MPLS P router), in both
- penultimate and ultimate hop popping operations.
+.. note:: MPLS support in VyOS is not finished yet, and therefore its
+ functionality is limited. Currently there is no support for MPLS enabled VPN
+ services such as L2VPNs and mVPNs. RSVP support is also not present as the
+ underlying routing stack (FRR) does not implement it. Currently VyOS
+ implements LDP as described in RFC 5036; other LDP standard are the
+ following ones: RFC 6720, RFC 6667, RFC 5919, RFC 5561, RFC 7552, RFC 4447.
+ Because MPLS is already available (FRR also supports RFC 3031).
+
Label Distribution Protocol
===========================
diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst
index e3f9759e..60f9c149 100644
--- a/docs/configuration/protocols/ospf.rst
+++ b/docs/configuration/protocols/ospf.rst
@@ -43,7 +43,8 @@ starts when the first ospf enabled interface is configured.
enable ospf on interface with address 192.168.1.1/23, but it does on
interface with address 192.168.1.129/25.
- In some cases it may be more convenient to enable OSPF on a per interface/subnet
+ In some cases it may be more convenient to enable OSPF on a per
+ interface/subnet
basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`
.. cfgcmd:: set protocols ospf auto-cost reference-bandwidth <number>
@@ -733,11 +734,85 @@ the "<metric of the router which advertised the link>/<link metric>" format.
This command displays LSAs in MaxAge list.
-Configuration Example
----------------------
+Examples
+--------
-Below you can see a typical configuration using 2 nodes, redistribute loopback
-address and the node 1 sending the default route:
+
+Enable OSPF
+^^^^^^^^^^^
+
+**Node 1**
+
+.. code-block:: none
+
+ set interfaces loopback lo address 10.1.1.1/32
+ set interfaces ethernet eth0 address 192.168.0.1/24
+ set protocols ospf area 0 network 192.168.0.0/24
+ set protocols ospf area 0 network 10.1.1.1/32
+ set protocols ospf parameters router-id 10.1.1.1
+
+**Node 2**
+
+.. code-block:: none
+
+ set interfaces loopback lo address 10.1.1.2/32
+ set interfaces ethernet eth0 address 192.168.0.2/24
+ set protocols ospf area 0 network 192.168.0.0/24
+ set protocols ospf area 0 network 10.1.1.2/32
+ set protocols ospf parameters router-id 10.1.1.2
+
+
+
+Here's the neighbors up:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show ip ospf neighbor
+
+ Neighbor ID Pri State Up Time Dead Time Address Interface RXmtL RqstL DBsmL
+ 10.1.1.2 1 Full/DR 3m43s 36.094s 192.168.0.2 eth0:192.168.0.1 0 0 0
+
+
+
+ Node-2@vyos:~$ show ip ospf neighbor
+
+ Neighbor ID Pri State Up Time Dead Time Address Interface RXmtL RqstL DBsmL
+ 10.1.1.1 1 Full/Backup 3m47s 31.736s 192.168.0.1 eth0:192.168.0.2 0 0 0
+
+Here's the routes:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show ip route ospf
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
+
+ O 10.1.1.1/32 [110/0] is directly connected, lo, weight 1, 00:00:14
+ O>* 10.1.1.2/32 [110/1] via 192.168.0.2, eth0, weight 1, 00:00:07
+ O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:32
+
+ Node-2@vyos:~$ show ip route ospf
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
+
+ O>* 10.1.1.1/32 [110/1] via 192.168.0.1, eth0, weight 1, 00:00:11
+ O 10.1.1.2/32 [110/0] is directly connected, lo, weight 1, 00:00:04
+ O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:18
+
+
+
+
+
+Enable OSPF with route redistribution of the loopback and default originate:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**Node 1**
@@ -771,6 +846,89 @@ address and the node 1 sending the default route:
set policy route-map CONNECT rule 10 match interface lo
+Enable OSPF with Segment Routing (Experimental):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+**Node 1**
+
+.. code-block:: none
+
+ set interfaces loopback lo address 10.1.1.1/32
+ set interfaces ethernet eth0 address 192.168.0.1/24
+ set protocols ospf area 0 network '192.168.0.0/24'
+ set protocols ospf area 0 network '10.1.1.1/32'
+ set protocols ospf parameters opaque-lsa
+ set protocols ospf parameters router-id '10.1.1.1'
+ set protocols ospf segment-routing global-block high-label-value '1100'
+ set protocols ospf segment-routing global-block low-label-value '1000'
+ set protocols ospf segment-routing prefix 10.1.1.1/32 index explicit-null
+ set protocols ospf segment-routing prefix 10.1.1.1/32 index value '1'
+
+**Node 2**
+
+.. code-block:: none
+
+ set interfaces loopback lo address 10.1.1.2/32
+ set interfaces ethernet eth0 address 192.168.0.2/24
+ set protocols ospf area 0 network '192.168.0.0/24'
+ set protocols ospf area 0 network '10.1.1.2/32'
+ set protocols ospf parameters opaque-lsa
+ set protocols ospf parameters router-id '10.1.1.2'
+ set protocols ospf segment-routing global-block high-label-value '1100'
+ set protocols ospf segment-routing global-block low-label-value '1000'
+ set protocols ospf segment-routing prefix 10.1.1.2/32 index explicit-null
+ set protocols ospf segment-routing prefix 10.1.1.2/32 index value '2'
+
+
+This gives us MPLS segment routing enabled and labels for far end loopbacks:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show mpls table
+ Inbound Label Type Nexthop Outbound Label
+ -----------------------------------------------------------
+ 1002 SR (OSPF) 192.168.0.2 IPv4 Explicit Null <-- Node-2 loopback learned on Node-1
+ 15000 SR (OSPF) 192.168.0.2 implicit-null
+ 15001 SR (OSPF) 192.168.0.2 implicit-null
+
+ Node-2@vyos:~$ show mpls table
+ Inbound Label Type Nexthop Outbound Label
+ -----------------------------------------------------------
+ 1001 SR (OSPF) 192.168.0.1 IPv4 Explicit Null <-- Node-1 loopback learned on Node-2
+ 15000 SR (OSPF) 192.168.0.1 implicit-null
+ 15001 SR (OSPF) 192.168.0.1 implicit-null
+
+Here is the routing tables showing the MPLS segment routing label operations:
+
+.. code-block:: none
+
+ Node-1@vyos:~$ show ip route ospf
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
+
+ O 10.1.1.1/32 [110/0] is directly connected, lo, weight 1, 00:03:43
+ O>* 10.1.1.2/32 [110/1] via 192.168.0.2, eth0, label IPv4 Explicit Null, weight 1, 00:03:32
+ O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:43
+
+ Node-2@vyos:~$ show ip route ospf
+ Codes: K - kernel route, C - connected, S - static, R - RIP,
+ O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
+ T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
+ f - OpenFabric,
+ > - selected route, * - FIB route, q - queued, r - rejected, b - backup
+ t - trapped, o - offload failure
+
+ O>* 10.1.1.1/32 [110/1] via 192.168.0.1, eth0, label IPv4 Explicit Null, weight 1, 00:03:36
+ O 10.1.1.2/32 [110/0] is directly connected, lo, weight 1, 00:03:51
+ O 192.168.0.0/24 [110/1] is directly connected, eth0, weight 1, 00:03:51
+
+
+
+
.. _routing-ospfv3:
*************
@@ -790,7 +948,7 @@ General
VyOS does not have a special command to start the OSPFv3 process. The OSPFv3
process starts when the first ospf enabled interface is configured.
-.. cfgcmd:: set protocols ospfv3 area <number> interface <interface>
+.. cfgcmd:: set protocols ospfv3 interface <interface> area <number>
This command specifies the OSPFv3 enabled interface. This command is also
used to enable the OSPF process. The area number can be specified in
@@ -987,7 +1145,7 @@ A typical configuration using 2 nodes.
.. code-block:: none
- set protocols ospfv3 area 0.0.0.0 interface eth1
+ set protocols ospfv3 interface eth1 area 0.0.0.0
set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64
set protocols ospfv3 parameters router-id 192.168.1.1
set protocols ospfv3 redistribute connected
@@ -996,7 +1154,7 @@ A typical configuration using 2 nodes.
.. code-block:: none
- set protocols ospfv3 area 0.0.0.0 interface eth1
+ set protocols ospfv3 interface eth1 area 0.0.0.0
set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64
set protocols ospfv3 parameters router-id 192.168.2.1
set protocols ospfv3 redistribute connected
@@ -1025,8 +1183,8 @@ Example configuration for WireGuard interfaces:
set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...='
set interfaces wireguard wg01 port '12345'
set protocols ospfv3 parameters router-id 192.168.1.1
- set protocols ospfv3 area 0.0.0.0 interface 'wg01'
- set protocols ospfv3 area 0.0.0.0 interface 'lo'
+ set protocols ospfv3 interface 'wg01' area 0.0.0.0
+ set protocols ospfv3 interface 'lo' area 0.0.0.0
**Node 2**
@@ -1040,8 +1198,8 @@ Example configuration for WireGuard interfaces:
set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...='
set interfaces wireguard wg01 port '12345'
set protocols ospfv3 parameters router-id 192.168.1.2
- set protocols ospfv3 area 0.0.0.0 interface 'wg01'
- set protocols ospfv3 area 0.0.0.0 interface 'lo'
+ set protocols ospfv3 interface 'wg01' area 0.0.0.0
+ set protocols ospfv3 interface 'lo' area 0.0.0.0
**Status**
diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst
index da471b86..1ad252e7 100644
--- a/docs/configuration/protocols/static.rst
+++ b/docs/configuration/protocols/static.rst
@@ -165,16 +165,17 @@ implemented.
Configure
*********
-.. cfgcmd:: set protocols static arp <address> hwaddr <mac>
+.. cfgcmd:: set protocols static arp interface <interface> address <host>
+ mac <mac>
This will configure a static ARP entry always resolving `<address>` to
- `<mac>`.
+ `<mac>` for interface `<interface>`.
Example:
.. code-block:: none
- set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
+ set protocols static arp interface eth0 address 192.0.2.1 mac 01:23:45:67:89:01
*********
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 13:27:49 +0000