diff options
Diffstat (limited to 'docs/configuration/protocols')
| -rw-r--r-- | docs/configuration/protocols/bfd.rst | 7 | ||||
| -rw-r--r-- | docs/configuration/protocols/bgp.rst | 50 | ||||
| -rw-r--r-- | docs/configuration/protocols/ospf.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/protocols/rpki.rst | 24 |
4 files changed, 61 insertions, 22 deletions
diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst index 496c0cf9..30876efc 100644 --- a/docs/configuration/protocols/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -56,6 +56,13 @@ Configure BFD Disable a BFD peer +.. cfgcmd:: set protocols bfd peer <address> minimum-ttl <1-254> + + For multi hop sessions only. Configure the minimum expected TTL for an + incoming BFD control packet. + + This feature serves the purpose of thightening the packet validation + requirements to avoid receiving BFD control packets from other sessions. Enable BFD in BGP ----------------- diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 737e98fa..85bb41ca 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -209,35 +209,35 @@ Defining Peers .. cfgcmd:: set protocols bgp neighbor <address|interface> local-role <role> [strict] - BGP roles are defined in RFC :rfc:`9234` and provide an easy way to - add route leak prevention, detection and mitigation. The local Role - value is negotiated with the new BGP Role capability which has a - built-in check of the corresponding value. In case of a mismatch the + BGP roles are defined in RFC :rfc:`9234` and provide an easy way to + add route leak prevention, detection and mitigation. The local Role + value is negotiated with the new BGP Role capability which has a + built-in check of the corresponding value. In case of a mismatch the new OPEN Roles Mismatch Notification <2, 11> would be sent. The correct Role pairs are: - + Provider - Customer Peer - Peer RS-Server - RS-Client - If :cfgcmd:`strict` is set the BGP session won’t become established - until the BGP neighbor sets local Role on its side. This + If :cfgcmd:`strict` is set the BGP session won’t become established + until the BGP neighbor sets local Role on its side. This configuration parameter is defined in RFC :rfc:`9234` and is used to enforce the corresponding configuration at your counter-parts side. - - Routes that are sent from provider, rs-server, or the peer local-role - (or if received by customer, rs-client, or the peer local-role) will + + Routes that are sent from provider, rs-server, or the peer local-role + (or if received by customer, rs-client, or the peer local-role) will be marked with a new Only to Customer (OTC) attribute. - + Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can - be received only if your local-role is customer or rs-client. - + be received only if your local-role is customer or rs-client. + In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number. - + All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set. @@ -584,6 +584,12 @@ General Configuration Common parameters ^^^^^^^^^^^^^^^^^ +.. cfgcmd:: set protocols bgp parameters allow-martian-nexthop + + When a peer receives a martian nexthop as part of the NLRI for a route + permit the nexthop to be used as such, instead of rejecting and resetting + the connection. + .. cfgcmd:: set protocols bgp parameters router-id <id> This command specifies the router-ID. If router ID is not specified it will @@ -598,6 +604,12 @@ Common parameters Path (both AS number and AS path length), Origin code, MED, IGP metric. Also, the next hop address for each path must be different. +.. cfgcmd:: set protocols bgp parameters no-hard-administrative-reset + + Do not send Hard Reset CEASE Notification for "Administrative Reset" + events. When set and Graceful Restart Notification capability is exchanged + between the peers, Graceful Restart procedures apply, and routes will be retained. + .. cfgcmd:: set protocols bgp parameters log-neighbor-changes This command enable logging neighbor up/down changes and reset reason. @@ -643,6 +655,16 @@ Common parameters compatibility with older versions of VyOS. With this option one can enable :rfc:`8212` functionality to operate. +.. cfgcmd:: set protocols bgp parameters labeled-unicast <explicit-null | + ipv4-explicit-null | ipv6-explicit-null> + + By default, locally advertised prefixes use the implicit-null label to + encode in the outgoing NLRI. + + The following command uses the explicit-null label value for all the + BGP instances. + + Administrative Distance ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 9891c77d..43680520 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -161,7 +161,7 @@ Optional This command specifies all interfaces as passive by default. Because this command changes the configuration logic to a default passive; therefore, interfaces where router adjacencies are expected need to be configured - with the :cfgcmd:`passive-interface-exclude` command. + by setting the :cfgcmd:`passive disable` flag for the specific interface. .. cfgcmd:: set protocols ospf maximum-paths <1-64> diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst index 294a91f8..d40bfb5c 100644 --- a/docs/configuration/protocols/rpki.rst +++ b/docs/configuration/protocols/rpki.rst @@ -30,8 +30,8 @@ in :rfc:`8210`. If you are new to these routing security technologies then there is an `excellent guide to RPKI`_ by NLnet Labs which will get you up to speed very quickly. Their documentation explains everything from what RPKI is to - deploying it in production. It also has some - `help and operational guidance`_ including "What can I do about my route + deploying it in production. It also has some + `help and operational guidance`_ including "What can I do about my route having an Invalid state?" *************** @@ -109,6 +109,20 @@ Configuration The default value is 300 seconds. +.. cfgcmd:: set protocols rpki expire-interval <600-172800> + + Set the number of seconds the router waits until the router + expires the cache. + + The default value is 7200 seconds. + +.. cfgcmd:: set protocols rpki retry-interval <1-7200> + + Set the number of seconds the router waits until retrying to connect + to the cache server. + + The default value is 600 seconds. + .. cfgcmd:: set protocols rpki cache <address> port <port> Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching @@ -136,10 +150,6 @@ the connection. SSH username to establish an SSH connection to the cache server. -.. cfgcmd:: set protocols rpki cache <address> ssh known-hosts-file <filepath> - - Local path that includes the known hosts file. - .. cfgcmd:: set protocols rpki cache <address> ssh private-key-file <filepath> Local path that includes the private key file of the router. @@ -148,7 +158,7 @@ the connection. Local path that includes the public key file of the router. -.. note:: When using SSH, known-hosts-file, private-key-file and public-key-file +.. note:: When using SSH, private-key-file and public-key-file are mandatory options. ******* |