summaryrefslogtreecommitdiff
path: root/docs/routing
diff options
context:
space:
mode:
Diffstat (limited to 'docs/routing')
-rw-r--r--docs/routing/arp.rst59
-rw-r--r--docs/routing/bfd.rst117
-rw-r--r--docs/routing/bgp.rst335
-rw-r--r--docs/routing/index.rst22
-rw-r--r--docs/routing/ip-commands.rst258
-rw-r--r--docs/routing/mpls.rst157
-rw-r--r--docs/routing/mss-clamp.rst63
-rw-r--r--docs/routing/multicast.rst244
-rw-r--r--docs/routing/ospf.rst141
-rw-r--r--docs/routing/rip.rst37
-rw-r--r--docs/routing/rpki.rst113
-rw-r--r--docs/routing/static.rst134
12 files changed, 0 insertions, 1680 deletions
diff --git a/docs/routing/arp.rst b/docs/routing/arp.rst
deleted file mode 100644
index 5f3115ab..00000000
--- a/docs/routing/arp.rst
+++ /dev/null
@@ -1,59 +0,0 @@
-.. _routing-arp:
-
-###
-ARP
-###
-
-:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for
-discovering the link layer address, such as a MAC address, associated with a
-given internet layer address, typically an IPv4 address. This mapping is a
-critical function in the Internet protocol suite. ARP was defined in 1982 by
-:rfc:`826` which is Internet Standard STD 37.
-
-In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is
-provided by the Neighbor Discovery Protocol (NDP).
-
-To manipulate or display ARP_ table entries, the following commands are
-implemented.
-
-Configure
-=========
-
-.. cfgcmd:: set protocols static arp <address> hwaddr <mac>
-
- This will configure a static ARP entry always resolving `<address>` to
- `<mac>`.
-
- Example:
-
- .. code-block:: none
-
- set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
-
-Operation
-=========
-
-.. opcmd:: show protocols static arp
-
- Display all known ARP table entries spanning across all interfaces
-
-.. code-block:: none
-
- vyos@vyos:~$ show protocols static arp
- Address HWtype HWaddress Flags Mask Iface
- 10.1.1.1 ether 00:53:00:de:23:2e C eth1
- 10.1.1.100 ether 00:53:00:de:23:aa CM eth1
-
-
-.. opcmd:: show protocols static arp interface eth1
-
- Display all known ARP table entries on a given interface only (`eth1`):
-
-.. code-block:: none
-
- vyos@vyos:~$ show protocols static arp interface eth1
- Address HWtype HWaddress Flags Mask Iface
- 10.1.1.1 ether 00:53:00:de:23:2e C eth1
- 10.1.1.100 ether 00:53:00:de:23:aa CM eth1
-
-.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol
diff --git a/docs/routing/bfd.rst b/docs/routing/bfd.rst
deleted file mode 100644
index b8fdf489..00000000
--- a/docs/routing/bfd.rst
+++ /dev/null
@@ -1,117 +0,0 @@
-.. include:: /_include/need_improvement.txt
-
-.. _routing-bfd:
-
-###
-BFD
-###
-
-:abbr:`BFD (Bidirectional Forwarding Detection)` is described and extended by
-the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`.
-
-
-Configure BFD
-=============
-
-.. cfgcmd:: set protocols bfd peer <address>
-
- Set BFD peer IPv4 address or IPv6 address
-
-.. cfgcmd:: set protocols bfd peer <address> echo-mode
-
- Enables the echo transmission mode
-
-.. cfgcmd:: set protocols bfd peer <address> multihop
-
- Allow this BFD peer to not be directly connected
-
-.. cfgcmd:: set protocols bfd peer <address> source [address <address> | interface <interface>]
-
- Bind listener to specifid interface/address, mandatory for IPv6
-
-.. cfgcmd:: set protocols bfd peer <address> interval echo-interval <10-60000>
-
- The minimal echo receive transmission interval that this system is capable of handling
-
-.. cfgcmd:: set protocols bfd peer <address> interval multiplier <2-255>
-
- Remote transmission interval will be multiplied by this value
-
-.. cfgcmd:: set protocols bfd peer <address> interval [receive | transmit] <10-60000>
-
- Interval in milliseconds
-
-.. cfgcmd:: set protocols bfd peer <address> shutdown
-
- Disable a BFD peer
-
-
-Enable BFD in BGP
------------------
-
-.. cfgcmd:: set protocols bgp <asn> neighbor <address> bfd
-
- Enable BFD on a single BGP neighbor
-
-.. cfgcmd:: set protocols bgp <asn> peer-group <group> bfd
-
- Enable BFD on a BGP peer group
-
-
-
-Enable BFD in OSPF
-------------------
-
-.. cfgcmd:: set interfaces ethernet <ethN> ip ospf bfd
-
- Enable BFD for ospf on a interface
-
-.. cfgcmd:: set interfaces ethernet <ethN> ipv6 ospfv3 bfd
-
- Enable BFD for ospfv3 on a interface
-
-
-
-Operational Commands
-====================
-
-.. opcmd:: show protocols bfd peer
-
- Show all BFD peers
-
- .. code-block:: none
-
- BFD Peers:
- peer 198.51.100.33 vrf default interface eth4.100
- ID: 4182341893
- Remote ID: 12678929647
- Status: up
- Uptime: 1 month(s), 16 hour(s), 29 minute(s), 38 second(s)
- Diagnostics: ok
- Remote diagnostics: ok
- Local timers:
- Receive interval: 300ms
- Transmission interval: 300ms
- Echo transmission interval: 50ms
- Remote timers:
- Receive interval: 300ms
- Transmission interval: 300ms
- Echo transmission interval: 0ms
-
- peer 198.51.100.55 vrf default interface eth4.101
- ID: 4618932327
- Remote ID: 3312345688
- Status: up
- Uptime: 20 hour(s), 16 minute(s), 19 second(s)
- Diagnostics: ok
- Remote diagnostics: ok
- Local timers:
- Receive interval: 300ms
- Transmission interval: 300ms
- Echo transmission interval: 50ms
- Remote timers:
- Receive interval: 300ms
- Transmission interval: 300ms
- Echo transmission interval: 0ms
-
-
diff --git a/docs/routing/bgp.rst b/docs/routing/bgp.rst
deleted file mode 100644
index c576d836..00000000
--- a/docs/routing/bgp.rst
+++ /dev/null
@@ -1,335 +0,0 @@
-.. _bgp:
-
-###
-BGP
-###
-
-:abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols
-and the de facto standard interdomain routing protocol. The latest BGP version
-is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858`
-adds multiprotocol support to BGP.
-
-VyOS makes use of :abbr:`FRR (Free Range Routing)` and we would like to thank
-them for their effort!
-
-Basic Concepts
-==============
-
-.. _bgp-autonomous-systems:
-
-Autonomous Systems
-------------------
-
-From :rfc:`1930`:
-
- An AS is a connected group of one or more IP prefixes run by one or more
- network operators which has a SINGLE and CLEARLY DEFINED routing policy.
-
-Each AS has an identifying number associated with it called an :abbr:`ASN
-(Autonomous System Number)`. This is a two octet value ranging in value from 1
-to 65535. The AS numbers 64512 through 65535 are defined as private AS numbers.
-Private AS numbers must not be advertised on the global Internet.
-
-The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of
-BGP. BGP is a distance vector routing protocol, and the AS-Path framework
-provides distance vector metric and loop detection to BGP.
-
-.. _bgp-address-families:
-
-Address Families
-----------------
-
-Multiprotocol extensions enable BGP to carry routing information for multiple
-network layer protocols. BGP supports an Address Family Identifier (AFI) for
-IPv4 and IPv6.
-
-.. _bgp-route-selection:
-
-Route Selection
----------------
-
-The route selection process used by FRR's BGP implementation uses the following
-decision criterion, starting at the top of the list and going towards the
-bottom until one of the factors can be used.
-
-1. **Weight check**
-
- Prefer higher local weight routes to lower routes.
-
-2. **Local preference check**
-
- Prefer higher local preference routes to lower.
-
-3. **Local route check**
-
- Prefer local routes (statics, aggregates, redistributed) to received routes.
-
-4. **AS path length check**
-
- Prefer shortest hop-count AS_PATHs.
-
-5. **Origin check**
-
- Prefer the lowest origin type route. That is, prefer IGP origin routes to
- EGP, to Incomplete routes.
-
-6. **MED check**
-
- Where routes with a MED were received from the same AS, prefer the route
- with the lowest MED.
-
-7. **External check**
-
- Prefer the route received from an external, eBGP peer over routes received
- from other types of peers.
-
-8. **IGP cost check**
-
- Prefer the route with the lower IGP cost.
-
-9. **Multi-path check**
-
- If multi-pathing is enabled, then check whether the routes not yet
- distinguished in preference may be considered equal. If
- :cfgcmd:`bgp bestpath as-path multipath-relax` is set, all such routes are
- considered equal, otherwise routes received via iBGP with identical AS_PATHs
- or routes received from eBGP neighbours in the same AS are considered equal.
-
-10. **Already-selected external check**
-
- Where both routes were received from eBGP peers, then prefer the route
- which is already selected. Note that this check is not applied if
- :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can
- prevent some cases of oscillation.
-
-11. **Router-ID check**
-
- Prefer the route with the lowest `router-ID`. If the route has an
- `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is
- used, otherwise the `router-ID` of the peer the route was received from is
- used.
-
-12. **Cluster-List length check**
-
- The route with the shortest cluster-list length is used. The cluster-list
- reflects the iBGP reflection path the route has taken.
-
-13. **Peer address**
-
- Prefer the route received from the peer with the higher transport layer
- address, as a last-resort tie-breaker.
-
-.. _bgp-capability-negotiation:
-
-Capability Negotiation
-----------------------
-
-When adding IPv6 routing information exchange feature to BGP. There were some
-proposals. :abbr:`IETF (Internet Engineering Task Force)`
-:abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol
-Extension for BGP. The specification is described in :rfc:`2283`. The protocol
-does not define new protocols. It defines new attributes to existing BGP. When
-it is used exchanging IPv6 routing information it is called BGP-4+. When it is
-used for exchanging multicast routing information it is called MBGP.
-
-*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports
-the protocol, *bgpd* can exchange IPv6 and/or multicast routing information.
-
-Traditional BGP did not have the feature to detect a remote peer's
-capabilities, e.g. whether it can handle prefix types other than IPv4 unicast
-routes. This was a big problem using Multiprotocol Extension for BGP in an
-operational network. :rfc:`2842` adopted a feature called Capability
-Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's
-capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd*
-does not send these Capability Negotiation packets (at least not unless other
-optional BGP features require capability negotiation).
-
-By default, FRR will bring up peering with minimal common capability for the
-both sides. For example, if the local router has unicast and multicast
-capabilities and the remote router only has unicast capability the local router
-will establish the connection with unicast only capability. When there are no
-common capabilities, FRR sends Unsupported Capability error and then resets the
-connection.
-
-.. _bgp-router-configuration:
-
-BGP Router Configuration
-========================
-
-ASN and Router ID
------------------
-
-.. cfgcmd:: set protocols bgp <asn>
-
- First of all you must configure BGP router with the :abbr:`ASN (Autonomous
- System Number)`. The AS number is an identifier for the autonomous system.
- The BGP protocol uses the AS number for detecting whether the BGP connection
- is internal or external.
-
-.. cfgcmd:: set protocols bgp <asn> parameters router-id
-
- This command specifies the router-ID. If router ID is not specified it will
- use the highest interface IP address.
-
-Route Selection
----------------
-
-.. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path confed
-
- This command specifies that the length of confederation path sets and
- sequences should be taken into account during the BGP best path
- decision process.
-
-.. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path multipath-relax
-
- This command specifies that BGP decision process should consider paths
- of equal AS_PATH length candidates for multipath computation. Without
- the knob, the entire AS_PATH must match for multipath computation.
-
-.. cfgcmd:: set protocols bgp <asn> parameters bestpath as-path ignore
-
- Ignore AS_PATH length when selecting a route
-
-IPv4
-^^^^
-
-A simple eBGP configuration:
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols bgp 65534 neighbor 192.168.0.2 ebgp-multihop '2'
- set protocols bgp 65534 neighbor 192.168.0.2 remote-as '65535'
- set protocols bgp 65534 neighbor 192.168.0.2 update-source '192.168.0.1'
- set protocols bgp 65534 address-family ipv4-unicast network '172.16.0.0/16'
- set protocols bgp 65534 parameters router-id '192.168.0.1'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols bgp 65535 neighbor 192.168.0.1 ebgp-multihop '2'
- set protocols bgp 65535 neighbor 192.168.0.1 remote-as '65534'
- set protocols bgp 65535 neighbor 192.168.0.1 update-source '192.168.0.2'
- set protocols bgp 65535 address-family ipv4-unicast network '172.17.0.0/16'
- set protocols bgp 65535 parameters router-id '192.168.0.2'
-
-
-Don't forget, the CIDR declared in the network statement MUST **exist in your
-routing table (dynamic or static), the best way to make sure that is true is
-creating a static route:**
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols static route 172.16.0.0/16 blackhole distance '254'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols static route 172.17.0.0/16 blackhole distance '254'
-
-
-IPv6
-^^^^
-
-A simple BGP configuration via IPv6.
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols bgp 65534 neighbor 2001:db8::2 ebgp-multihop '2'
- set protocols bgp 65534 neighbor 2001:db8::2 remote-as '65535'
- set protocols bgp 65534 neighbor 2001:db8::2 update-source '2001:db8::1'
- set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast
- set protocols bgp 65534 address-family ipv6-unicast network '2001:db8:1::/48'
- set protocols bgp 65534 parameters router-id '10.1.1.1'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols bgp 65535 neighbor 2001:db8::1 ebgp-multihop '2'
- set protocols bgp 65535 neighbor 2001:db8::1 remote-as '65534'
- set protocols bgp 65535 neighbor 2001:db8::1 update-source '2001:db8::2'
- set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast
- set protocols bgp 65535 address-family ipv6-unicast network '2001:db8:2::/48'
- set protocols bgp 65535 parameters router-id '10.1.1.2'
-
-Don't forget, the CIDR declared in the network statement **MUST exist in your
-routing table (dynamic or static), the best way to make sure that is true is
-creating a static route:**
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols static route6 2001:db8:1::/48 blackhole distance '254'
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols static route6 2001:db8:2::/48 blackhole distance '254'
-
-Route Filter
-^^^^^^^^^^^^
-
-Route filter can be applied using a route-map:
-
-**Node1:**
-
-.. code-block:: none
-
- set policy prefix-list AS65535-IN rule 10 action 'permit'
- set policy prefix-list AS65535-IN rule 10 prefix '172.16.0.0/16'
- set policy prefix-list AS65535-OUT rule 10 action 'deny'
- set policy prefix-list AS65535-OUT rule 10 prefix '172.16.0.0/16'
- set policy prefix-list6 AS65535-IN rule 10 action 'permit'
- set policy prefix-list6 AS65535-IN rule 10 prefix '2001:db8:2::/48'
- set policy prefix-list6 AS65535-OUT rule 10 action 'deny'
- set policy prefix-list6 AS65535-OUT rule 10 prefix '2001:db8:2::/48'
- set policy route-map AS65535-IN rule 10 action 'permit'
- set policy route-map AS65535-IN rule 10 match ip address prefix-list 'AS65535-IN'
- set policy route-map AS65535-IN rule 10 match ipv6 address prefix-list 'AS65535-IN'
- set policy route-map AS65535-IN rule 20 action 'deny'
- set policy route-map AS65535-OUT rule 10 action 'deny'
- set policy route-map AS65535-OUT rule 10 match ip address prefix-list 'AS65535-OUT'
- set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT'
- set policy route-map AS65535-OUT rule 20 action 'permit'
- set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT'
- set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN'
- set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT'
- set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN'
-
-**Node2:**
-
-.. code-block:: none
-
- set policy prefix-list AS65534-IN rule 10 action 'permit'
- set policy prefix-list AS65534-IN rule 10 prefix '172.17.0.0/16'
- set policy prefix-list AS65534-OUT rule 10 action 'deny'
- set policy prefix-list AS65534-OUT rule 10 prefix '172.17.0.0/16'
- set policy prefix-list6 AS65534-IN rule 10 action 'permit'
- set policy prefix-list6 AS65534-IN rule 10 prefix '2001:db8:1::/48'
- set policy prefix-list6 AS65534-OUT rule 10 action 'deny'
- set policy prefix-list6 AS65534-OUT rule 10 prefix '2001:db8:1::/48'
- set policy route-map AS65534-IN rule 10 action 'permit'
- set policy route-map AS65534-IN rule 10 match ip address prefix-list 'AS65534-IN'
- set policy route-map AS65534-IN rule 10 match ipv6 address prefix-list 'AS65534-IN'
- set policy route-map AS65534-IN rule 20 action 'deny'
- set policy route-map AS65534-OUT rule 10 action 'deny'
- set policy route-map AS65534-OUT rule 10 match ip address prefix-list 'AS65534-OUT'
- set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT'
- set policy route-map AS65534-OUT rule 20 action 'permit'
- set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT'
- set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN'
- set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT'
- set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN'
-
-We could expand on this and also deny link local and multicast in the rule 20
-action deny.
diff --git a/docs/routing/index.rst b/docs/routing/index.rst
deleted file mode 100644
index 63d7c7d8..00000000
--- a/docs/routing/index.rst
+++ /dev/null
@@ -1,22 +0,0 @@
-.. _routing:
-
-#######
-Routing
-#######
-
-.. toctree::
- :maxdepth: 1
-
- arp
- bfd
- bgp
- mpls
- mss-clamp
- multicast
- ip-commands
- ospf
- pbr
- rip
- policy
- rpki
- static
diff --git a/docs/routing/ip-commands.rst b/docs/routing/ip-commands.rst
deleted file mode 100644
index eba4fd90..00000000
--- a/docs/routing/ip-commands.rst
+++ /dev/null
@@ -1,258 +0,0 @@
-.. _ip-commands:
-
-###########
-IP commands
-###########
-
-IPv4
-====
-
-System configuration commands
------------------------------
-
-.. cfgcmd:: set system ip disable-forwarding
-
- Use this command to disable IPv4 forwarding on all interfaces.
-
-.. cfgcmd:: set system ip arp table-size <number>
-
- Use this command to define the maximum number of entries to keep in
- the ARP cache (1024, 2048, 4096, 8192, 16384, 32768).
-
-.. cfgcmd:: set system ip multipath layer4-hashing
-
- Use this command to use Layer 4 information for IPv4 ECMP hashing.
-
-
-Operational commands
---------------------
-
-show commands
-^^^^^^^^^^^^^
-
-See below the different parameters available for the IPv4 **show** command:
-
-.. code-block:: none
-
- vyos@vyos:~$ show ip
- Possible completions:
- access-list Show all IP access-lists
- as-path-access-list
- Show all as-path-access-lists
- bgp Show Border Gateway Protocol (BGP) information
- community-list
- Show IP community-lists
- extcommunity-list
- Show extended IP community-lists
- forwarding Show IP forwarding status
- groups Show IP multicast group membership
- igmp Show IGMP (Internet Group Management Protocol) information
- large-community-list
- Show IP large-community-lists
- multicast Show IP multicast
- ospf Show IPv4 Open Shortest Path First (OSPF) routing information
- pim Show PIM (Protocol Independent Multicast) information
- ports Show IP ports in use by various system services
- prefix-list Show all IP prefix-lists
- protocol Show IP route-maps per protocol
- rip Show Routing Information Protocol (RIP) information
- route Show IP routes
-
-
-reset commands
-^^^^^^^^^^^^^^
-
-And the different IPv4 **reset** commands available:
-
-.. code-block:: none
-
- vyos@vyos:~$ reset ip
- Possible completions:
- arp Reset Address Resolution Protocol (ARP) cache
- bgp Clear Border Gateway Protocol (BGP) statistics or status
- igmp IGMP clear commands
- multicast IP multicast routing table
- route Reset IP route
-
-IPv6
-====
-
-System configuration commands
------------------------------
-
-.. cfgcmd:: set system ipv6 disable
-
- Use this command to disable assignment of IPv6 addresses on all
- interfaces.
-
-.. cfgcmd:: set system ipv6 disable-forwarding
-
- Use this command to disable IPv6 forwarding on all interfaces.
-
-.. cfgcmd:: set system ipv6 neighbor table-size <number>
-
- Use this command to define the maximum number of entries to keep in
- the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768).
-
-.. cfgcmd:: set system ipv6 strict-dad
-
- Use this command to disable IPv6 operation on interface when
- Duplicate Address Detection fails on Link-Local address.
-
-.. cfgcmd:: set system ipv6 multipath layer4-hashing
-
- Use this command to user Layer 4 information for ECMP hashing.
-
-
-Operational commands
---------------------
-
-Show commands
-^^^^^^^^^^^^^
-
-.. opcmd:: show ipv6 neighbors
-
- Use this command to show IPv6 Neighbor Discovery Protocol information.
-
-.. opcmd:: show ipv6 groups
-
- Use this command to show IPv6 multicast group membership.
-
-.. opcmd:: show ipv6 forwarding
-
- Use this command to show IPv6 forwarding status.
-
-.. opcmd:: show ipv6 route
-
- Use this command to show IPv6 routes.
-
- Check the many parameters available for the `show ipv6 route` command:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 route
- Possible completions:
- <Enter> Execute the current command
- <X:X::X:X> Show IPv6 routes of given address or prefix
- <X:X::X:X/M>
- bgp Show IPv6 BGP routes
- cache Show kernel IPv6 route cache
- connected Show IPv6 connected routes
- forward Show kernel IPv6 route table
- isis Show IPv6 ISIS routes
- kernel Show IPv6 kernel routes
- ospfv3 Show IPv6 OSPF6 routes
- ripng Show IPv6 RIPNG routes
- static Show IPv6 static routes
- summary Show IPv6 routes summary
- table Show IP routes in policy table
- vrf Show IPv6 routes in VRF
-
-
-.. opcmd:: show ipv6 prefix-list
-
- Use this command to show all IPv6 prefix lists
-
- There are different parameters for getting prefix-list information:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 prefix-list
- Possible completions:
- <Enter> Execute the current command
- <WORD> Show specified IPv6 prefix-list
- detail Show detail of IPv6 prefix-lists
- summary Show summary of IPv6 prefix-lists
-
-.. opcmd:: show ipv6 access-list
-
- Use this command to show all IPv6 access lists
-
- You can also specify which IPv6 access-list should be shown:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 access-list
- Possible completions:
- <Enter> Execute the current command
- <text> Show specified IPv6 access-list
-
-.. opcmd:: show ipv6 bgp
-
- Use this command to show IPv6 Border Gateway Protocol information.
-
-
- In addition, you can specify many other parameters to get BGP
- information:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 bgp
- Possible completions:
- <Enter> Execute the current command
- <X:X::X:X> Show BGP information for given address or prefix
- <X:X::X:X/M>
- community Show routes matching the communities
- community-list
- Show routes matching the community-list
- filter-list Show routes conforming to the filter-list
- large-community
- Show routes matching the large-community-list
- large-community-list
- neighbors Show detailed information on TCP and BGP neighbor connections
- prefix-list Show routes matching the prefix-list
- regexp Show routes matching the AS path regular expression
- route-map Show BGP routes matching the specified route map
- summary Show summary of BGP neighbor status
-
-
-.. opcmd:: show ipv6 ospfv3
-
- Use this command to get information about OSPFv3.
-
- You can get more specific OSPFv3 information by using the parameters
- shown below:
-
- .. code-block:: none
-
- vyos@vyos:~$ show ipv6 ospfv3
- Possible completions:
- <Enter> Execute the current command
- area Show OSPFv3 spf-tree information
- border-routers
- Show OSPFv3 border-router (ABR and ASBR) information
- database Show OSPFv3 Link state database information
- interface Show OSPFv3 interface information
- linkstate Show OSPFv3 linkstate routing information
- neighbor Show OSPFv3 neighbor information
- redistribute Show OSPFv3 redistribute External information
- route Show OSPFv3 routing table information
-
-.. opcmd:: show ipv6 ripng
-
- Use this command to get information about the RIPNG protocol
-
-.. opcmd:: show ipv6 ripng status
-
- Use this command to show the status of the RIPNG protocol
-
-
-Reset commands
-^^^^^^^^^^^^^^
-
-.. opcmd:: reset ipv6 bgp <address>
-
- Use this command to clear Border Gateway Protocol statistics or
- status.
-
-
-.. opcmd:: reset ipv6 neighbors <address | interface>
-
- Use this command to reset IPv6 Neighbor Discovery Protocol cache for
- an address or interface.
-
-.. opcmd:: reset ipv6 route cache
-
- Use this command to flush the kernel IPv6 route cache.
- An address can be added to flush it only for that route.
-
diff --git a/docs/routing/mpls.rst b/docs/routing/mpls.rst
deleted file mode 100644
index 82e99a17..00000000
--- a/docs/routing/mpls.rst
+++ /dev/null
@@ -1,157 +0,0 @@
-.. _mpls:
-
-####################################
-MPLS (Multiprotocol Label Switching)
-####################################
-
-:abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm
-which differs from regular IP forwarding. Instead of IP addresses being used to
-make the decision on finding the exit interface, a router will instead use an
-exact match on a 32 bit/4 byte header called the MPLS label. This label is
-inserted between the ethernet (layer 2) header and the IP (layer 3) header.
-One can statically or dynamically assign label allocations, but we will focus
-on dynamic allocation of labels using some sort of label distribution protocol
-(such as the aptly named Label Distribution Protocol / LDP, Resource Reservation
-Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow
-for the creation of a unidirectional/unicast path called a labeled switched
-path (initialized as LSP) throughout the network that operates very much like
-a tunnel through the network. An easy way of thinking about how an MPLS LSP
-actually forwards traffic throughout a network is to think of a GRE tunnel.
-They are not the same in how they operate, but they are the same in how they
-handle the tunneled packet. It would be good to think of MPLS as a tunneling
-technology that can be used to transport many different types of packets, to
-aid in traffic engineering by allowing one to specify paths throughout the
-network (using RSVP or SR), and to generally allow for easier intra/inter
-network transport of data packets.
-
-For more information on how MPLS label switching works, please go visit
-`Wikipedia (MPLS)`_.
-
-.. note:: MPLS support in VyOS is not finished yet, and therefore its
- functionality is limited. Currently there is no support for MPLS enabled VPN
- services such as L3VPNs, L2VPNs, and mVPNs. RSVP support is also not present
- as the underlying routing stack (FRR) does not implement it. Currently VyOS
- can be configured as a label switched router (MPLS P router), in both
- penultimate and ultimate hop popping operations.
-
-Label Distribution Protocol
-===========================
-
-The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume
-a single protocol to create MPLS paths. VyOS supports the Label Distribution
-Protocol (LDP) as implemented by FRR, based on :rfc:`5036`.
-
-:abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling protocol
-that distributes labels creating MPLS label switched paths in a dynamic manner.
-LDP is not a routing protocol, as it relies on other routing protocols for
-forwarding decisions. LDP cannot bootstrap itself, and therefore relies on said
-routing protocols for communication with other routers that use LDP.
-
-In order to allow for LDP on the local router to exchange label advertisements
-with other routers, a TCP session will be established between automatically
-discovered and statically assigned routers. LDP will try to establish a TCP
-session to the **transport address** of other routers. Therefore for LDP to
-function properly please make sure the transport address is shown in the
-routing table and reachable to traffic at all times.
-
-It is highly recommended to use the same address for both the LDP router-id and
-the discovery transport address, but for VyOS MPLS LDP to work both parameters
-must be explicitly set in the configuration.
-
-Configuration Options
-=====================
-
-.. cfgcmd:: set protocols mpls ldp interface <interface>
-
- Use this command to enable LDP, and enable MPLS processing on the interface you
- define.
-
-.. cfgcmd:: set protocols mpls ldp router-id <address>
-
- Use this command to configure the IP address used as the LDP router-id of the
- local device.
-
-.. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address <IPv4 address>
-.. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address <IPv6 address>
-
- Use this command to set the IPv4 or IPv6 transport-address used by LDP.
-
-.. cfgcmd:: set protocols mpls ldp neighbor <IPv4 address> password <password>
-
- Use this command to configure authentication for LDP peers. Set the
- IP address of the LDP peer and a password that should be shared in
- order to become neighbors.
-
-.. cfgcmd:: set protocols mpls ldp discovery hello-interval <seconds>
-.. cfgcmd:: set protocols mpls ldp discovery hello-holdtime <seconds>
-
- Use this command if you would like to set the discovery hello and hold time
- parameters.
-
-.. cfgcmd:: set protocols mpls ldp discovery session-ipv4-holdtime <seconds>
-.. cfgcmd:: set protocols mpls ldp discovery session-ipv6-holdtime <seconds>
-
- Use this command if you would like to set the TCP session hold time intervals.
-
-.. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null
-.. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null
-
- Use this command if you would like for the router to advertise FECs with a label
- of 0 for explicit null operations.
-
-
-Sample configuration to setup LDP on VyOS
------------------------------------------
-
-.. code-block:: none
-
- set protocols ospf area 0 network '192.168.255.252/32' <--- Routing for loopback
- set protocols ospf area 0 network '192.168.0.5/32' <--- Routing for an interface connecting to the network
- set protocols ospf parameters router-id '192.168.255.252' <--- Router ID setting for OSPF
- set protocols mpls ldp discovery transport-ipv4-address '192.168.255.252' <--- Transport address for LDP for TCP sessions to connect to
- set protocols mpls ldp interface 'eth1' <--- Enable MPLS and LDP for an interface connecting to network
- set protocols mpls ldp interface 'lo' <--- Enable MPLS and LDP on loopback for future services connectivity
- set protocols mpls ldp router-id '192.168.255.252' <--- Router ID setting for LDP
- set interfaces ethernet eth1 address '192.168.0.5/31' <--- Interface IP for connecting to network
- set interfaces loopback lo address '192.168.255.252/32' <--- Interface loopback IP for router ID and other uses
-
-
-Operational Mode Commands
-=========================
-
-When LDP is working, you will be able to see label information in the outcome
-of ``show ip route``. Besides that information, there are also specific *show*
-commands for LDP:
-
-Show
-----
-
-.. opcmd:: show mpls ldp binding
-
- Use this command to see the Label Information Base.
-
-.. opcmd:: show mpls ldp discovery
-
- Use this command to see discovery hello information
-
-.. opcmd:: show mpls ldp interface
-
- Use this command to see LDP interface information
-
-.. opcmd:: show mpls ldp neighbor
-
- Use this command to see LDP neighbor information
-
-.. opcmd:: show mpls ldp neighbor detail
-
- Use this command to see detailed LDP neighbor information
-
-Reset
------
-
-.. opcmd:: reset mpls ldp neighbor <IPv4 or IPv6 address>
-
- Use this command to reset an LDP neighbor/TCP session that is established
-
-
-.. _`Wikipedia (MPLS)`: https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst
deleted file mode 100644
index 3fdd1153..00000000
--- a/docs/routing/mss-clamp.rst
+++ /dev/null
@@ -1,63 +0,0 @@
-.. _routing-mss-clamp:
-
-################
-TCP-MSS Clamping
-################
-
-As Internet wide PMTU discovery rarely works, we sometimes need to clamp
-our TCP MSS value to a specific value. This is a field in the TCP
-Options part of a SYN packet. By setting the MSS value, you are telling
-the remote side unequivocally 'do not try to send me packets bigger than
-this value'.
-
-Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS
-value for IPv4 and IPv6.
-
-
-.. note:: MSS value = MTU - 20 (IP header) - 20 (TCP header), resulting
- in 1452 bytes on a 1492 byte MTU.
-
-
-IPv4
-====
-
-.. cfgcmd:: set firewall options interface <interface> adjust-mss <number-of-bytes>
-
- Use this command to set the maximum segment size for IPv4 transit
- packets on a specific interface (500-1460 bytes).
-
-Example
--------
-
-Clamp outgoing MSS value in a TCP SYN packet to `1452` for `pppoe0` and
-`1372`
-for your WireGuard `wg02` tunnel.
-
-.. code-block:: none
-
- set firewall options interface pppoe0 adjust-mss '1452'
- set firewall options interface wg02 adjust-mss '1372'
-
-IPv6
-====
-
-.. cfgcmd:: set firewall options interface <interface> adjust-mss6 <number-of-bytes>
-
- Use this command to set the maximum segment size for IPv6 transit
- packets on a specific interface (1280-1492 bytes).
-
-Example
--------
-
-Clamp outgoing MSS value in a TCP SYN packet to `1280` for both `pppoe0` and
-`wg02` interface.
-
-.. code-block:: none
-
- set firewall options interface pppoe0 adjust-mss6 '1280'
- set firewall options interface wg02 adjust-mss6 '1280'
-
-
-
-.. hint:: When doing your byte calculations, you might find useful this
- `Visual packet size calculator <https://baturin.org/tools/encapcalc/>`_.
diff --git a/docs/routing/multicast.rst b/docs/routing/multicast.rst
deleted file mode 100644
index 9104b0c9..00000000
--- a/docs/routing/multicast.rst
+++ /dev/null
@@ -1,244 +0,0 @@
-.. _multicast:
-
-#########
-Multicast
-#########
-
-VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**,
-**IGMP** and **IGMP-Proxy**.
-
-************
-PIM and IGMP
-************
-
-PIM (Protocol Independent Multicast) must be configured in every
-interface of every participating router. Every router must also have the
-location of the Rendevouz Point manually configured. Then,
-unidirectional shared trees rooted at the Rendevouz Point will
-automatically be built for multicast distribution.
-
-Traffic from multicast sources will go to the Rendezvous Point, and
-receivers will pull it from a shared tree using IGMP (Internet Group
-Management Protocol).
-
-Multicast receivers will talk IGMP to their local router, so, besides
-having PIM configured in every router, IGMP must also be configured in
-any router where there could be a multicast receiver locally connected.
-
-VyOS supports both IGMP version 2 and version 3 (which allows
-source-specific multicast).
-
-
-Example
-=======
-
-In the following example we can see a basic multicast setup:
-
-.. image:: /_static/images/multicast-basic.png
- :width: 90%
- :align: center
- :alt: Network Topology Diagram
-
-
-
-**Router 1**
-
-.. code-block:: none
-
- set interfaces ethernet eth2 address '172.16.0.2/24'
- set interfaces ethernet eth1 address '100.64.0.1/24'
- set protocols ospf area 0 network '172.16.0.0/24'
- set protocols ospf area 0 network '100.64.0.0/24'
- set protocols igmp interface eth1
- set protocols pim interface eth1
- set protocols pim interface eth2
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-**Router 3**
-
-.. code-block:: none
-
- set interfaces dummy dum0 address '172.16.255.1/24'
- set interfaces ethernet eth0 address '172.16.0.1/24'
- set interfaces ethernet eth1 address '172.16.1.1/24'
- set protocols ospf area 0 network '172.16.0.0/24'
- set protocols ospf area 0 network '172.16.255.0/24'
- set protocols ospf area 0 network '172.16.1.0/24'
- set protocols pim interface dum0
- set protocols pim interface eth0
- set protocols pim interface eth1
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-**Router 2**
-
-.. code-block:: none
-
- set interfaces ethernet eth1 address '10.0.0.1/24'
- set interfaces ethernet eth2 address '172.16.1.2/24'
- set protocols ospf area 0 network '10.0.0.0/24'
- set protocols ospf area 0 network '172.16.1.0/24'
- set protocols pim interface eth1
- set protocols pim interface eth2
- set protocols pim rp address 172.16.255.1 group '224.0.0.0/4'
-
-
-
-
-
-Basic commands
-==============
-
-These are the commands for a basic setup.
-
-.. cfgcmd:: set protocols pim interface <interface-name>
-
- Use this command to enable PIM in the selected interface so that it
- can communicate with PIM neighbors.
-
-
-.. cfgcmd:: set protocols pim rp address <address> group <multicast-address/mask-bits>
-
- Use this comand to manually configure a Rendevouz Point for PIM so
- that join messages can be sent there. Set the Rendevouz Point address
- and the matching prefix of group ranges covered. These values must
- be shared with every router participating in the PIM network.
-
-
-.. cfgcmd:: set protocols igmp interface eth1
-
- Use this command to configure an interface with IGMP so that PIM can
- receive IGMP reports and query on the selected interface. By defaul
- IGMP version 3 will be used.
-
-
-
-Tuning commands
-===============
-
-You can also tune multicast with the following commands.
-
-.. cfgcmd:: set protocols pim interface <interface> dr-priority <value>
-
- Use this PIM command in the selected interface to set the priority
- (1-4294967295) you want to influence in the election of a node to
- become the Designated Router for a LAN segment. The default priority
- is 1, set a higher value to give the router more preference in the
- DR election process.
-
-
-.. cfgcmd:: set protocols pim int <interface> hello <seconds>
-
- Use this command to configure the PIM hello interval in seconds
- (1-180) for the selected interface.
-
-
-.. cfgcmd:: set protocols pim rp keep-alive-timer <seconds>
-
- Use this PIM command to modify the the time out value (31-60000
- seconds) for an `(S,G) <https://tools.ietf.org/html/rfc7761#section-4.1>`_
- flow. 31 seconds is chosen for a lower bound as some hardware
- platforms cannot see data flowing in better than 30 second chunks.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> join <multicast-address> source <IP-address>
-
- Use this command to allow the selected interface join a multicast
- group defining the multicast address you want to join and the source
- IP address too.
-
-
-.. cfgcmd:: set protocols igmp interface <interface query-interval <seconds>
-
- Use this command to configure in the selected interface the IGMP
- host query interval (1-1800) in seconds that PIM will use.
-
-
-.. cfgcmd:: set protocols igmp interface <interface query-max-response-time <deciseconds>
-
- Use this command to configure in the selected interface the IGMP
- query response timeout value (10-250) in deciseconds. If a report is
- not returned in the specified time, it will be asumed the `(S,G) or
- (*,G) state <https://tools.ietf.org/html/rfc7761#section-4.1>`_ has
- timed out.
-
-
-.. cfgcmd:: set protocols igmp interface <interface> version <version-number>
-
- Use this command to define in the selected interface whether you
- choose IGMP version 2 or 3. The default value is 3.
-
-
-
-**********
-IGMP Proxy
-**********
-
-:abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages
-on behalf of a connected client. The configuration must define one, and only one
-upstream interface, and one or more downstream interfaces.
-
-Configuration
-=============
-
-.. cfgcmd:: set protocols igmp-proxy interface <interface> role <upstream | downstream>
-
- * **upstream:** The upstream network interface is the outgoing interface
- which is responsible for communicating to available multicast data sources.
- There can only be one upstream interface.
-
- * **downstream:** Downstream network interfaces are the distribution
- interfaces to the destination networks, where multicast clients can join
- groups and receive multicast data. One or more downstream interfaces must
- be configured.
-
-.. cfgcmd:: set protocols igmp-proxy interface <interface> alt-subnet <network>
-
- Defines alternate sources for multicasting and IGMP data. The network address
- must be on the following format 'a.b.c.d/n'. By default the router will
- accept data from sources on the same network as configured on an interface.
- If the multicast source lies on a remote network, one must define from where
- traffic should be accepted.
-
- This is especially useful for the upstream interface, since the source for
- multicast traffic is often from a remote location.
-
- This option can be supplied multiple times.
-
-.. cfgcmd:: set protocols igmp-proxy disable-quickleave
-
- Disables quickleave mode. In this mode the daemon will not send a Leave IGMP
- message upstream as soon as it receives a Leave message for any downstream
- interface. The daemon will not ask for Membership reports on the downstream
- interfaces, and if a report is received the group is not joined again
- upstream.
-
- If it's vital that the daemon should act exactly as a real multicast client
- on the upstream interface, this function should be enabled.
-
- Enabling this function increases the risk of bandwidth saturation.
-
-.. cfgcmd:: set protocols igmp-proxy disable
-
- Disable this service.
-
-Example
--------
-
-Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet
-multicast which is in `eth0` WAN we need to configure igmp-proxy.
-
-.. code-block:: none
-
- set protocols igmp-proxy interface eth0 role upstream
- set protocols igmp-proxy interface eth0 alt-subnet 10.0.0.0/23
- set protocols igmp-proxy interface eth1 role downstream
-
-Operation
-=========
-
-.. opcmd:: restart igmp-proxy
-
- Restart the IGMP proxy process.
-
-
-
diff --git a/docs/routing/ospf.rst b/docs/routing/ospf.rst
deleted file mode 100644
index 19787b11..00000000
--- a/docs/routing/ospf.rst
+++ /dev/null
@@ -1,141 +0,0 @@
-.. include:: /_include/need_improvement.txt
-
-.. _routing-ospf:
-
-####
-OSPF
-####
-
-:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet
-Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls
-into the group of interior gateway protocols (IGPs), operating within a single
-autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998)
-for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340`
-(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)`
-addressing model.
-
-OSPF is a widely used IGP in large enterprise networks.
-
-OSPFv2 (IPv4)
-#############
-
-In order to have a VyOS system exchanging routes with OSPF neighbors, you will
-at least need to configure an OSPF area and some network.
-
-.. code-block:: none
-
- set protocols ospf area 0 network 192.168.0.0/24
-
-That is the minimum configuration you will need.
-It is a good practice to define the router ID too.
-
-.. code-block:: none
-
- set protocols ospf parameters router-id 10.1.1.1
-
-
-Below you can see a typical configuration using 2 nodes, redistribute loopback
-address and the node 1 sending the default route:
-
-**Node 1**
-
-.. code-block:: none
-
- set interfaces loopback lo address 10.1.1.1/32
- set protocols ospf area 0 network 192.168.0.0/24
- set protocols ospf default-information originate always
- set protocols ospf default-information originate metric 10
- set protocols ospf default-information originate metric-type 2
- set protocols ospf log-adjacency-changes
- set protocols ospf parameters router-id 10.1.1.1
- set protocols ospf redistribute connected metric-type 2
- set protocols ospf redistribute connected route-map CONNECT
-
- set policy route-map CONNECT rule 10 action permit
- set policy route-map CONNECT rule 10 match interface lo
-
-**Node 2**
-
-.. code-block:: none
-
- set interfaces loopback lo address 10.2.2.2/32
- set protocols ospf area 0 network 192.168.0.0/24
- set protocols ospf log-adjacency-changes
- set protocols ospf parameters router-id 10.2.2.2
- set protocols ospf redistribute connected metric-type 2
- set protocols ospf redistribute connected route-map CONNECT
-
- set policy route-map CONNECT rule 10 action permit
- set policy route-map CONNECT rule 10 match interface lo
-
-OSPFv3 (IPv6)
-#############
-
-A typical configuration using 2 nodes.
-
-**Node 1:**
-
-.. code-block:: none
-
- set protocols ospfv3 area 0.0.0.0 interface eth1
- set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64
- set protocols ospfv3 parameters router-id 192.168.1.1
- set protocols ospfv3 redistribute connected
-
-**Node 2:**
-
-.. code-block:: none
-
- set protocols ospfv3 area 0.0.0.0 interface eth1
- set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64
- set protocols ospfv3 parameters router-id 192.168.2.1
- set protocols ospfv3 redistribute connected
-
-.. note:: You can not easily redistribute IPv6 routes via OSPFv3 on a WireGuard
- interface link. This requires you to configure link-local addresses manually
- on the WireGuard interfaces, see :vytask:`T1483`.
-
-Example configuration for WireGuard interfaces:
-
-**Node 1**
-
-.. code-block:: none
-
- set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64'
- set interfaces wireguard wg01 address '192.168.0.1/24'
- set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0'
- set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0'
- set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345'
- set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...='
- set interfaces wireguard wg01 port '12345'
- set protocols ospfv3 parameters router-id 192.168.1.1
- set protocols ospfv3 area 0.0.0.0 interface 'wg01'
- set protocols ospfv3 area 0.0.0.0 interface 'lo'
-
-**Node 2**
-
-.. code-block:: none
-
- set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64'
- set interfaces wireguard wg01 address '192.168.0.2/24'
- set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0'
- set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0'
- set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345'
- set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...='
- set interfaces wireguard wg01 port '12345'
- set protocols ospfv3 parameters router-id 192.168.1.2
- set protocols ospfv3 area 0.0.0.0 interface 'wg01'
- set protocols ospfv3 area 0.0.0.0 interface 'lo'
-
-**Status**
-
-.. code-block:: none
-
- vyos@ospf01:~$ sh ipv6 ospfv3 neighbor
- Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
- 192.168.0.2 1 00:00:37 Full/PointToPoint 00:18:03 wg01[PointToPoint]
-
- vyos@ospf02# run sh ipv6 ospfv3 neighbor
- Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
- 192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint]
-
diff --git a/docs/routing/rip.rst b/docs/routing/rip.rst
deleted file mode 100644
index 0d73ad34..00000000
--- a/docs/routing/rip.rst
+++ /dev/null
@@ -1,37 +0,0 @@
-.. include:: /_include/need_improvement.txt
-
-.. _rip:
-
-###
-RIP
-###
-
-:abbr:`RIP (Routing Information Protocol)` is a widely deployed interior gateway
-protocol. RIP was developed in the 1970s at Xerox Labs as part of the XNS
-routing protocol. RIP is a distance-vector protocol and is based on the
-Bellman-Ford algorithms. As a distance-vector protocol, RIP router send updates
-to its neighbors periodically, thus allowing the convergence to a known
-topology. In each update, the distance to any given network will be broadcast
-to its neighboring router.
-
-Supported versions of RIP are:
-* RIPv1 as described in :rfc:`1058`
-* RIPv2 as described in :rfc:`2453`
-
-Simple RIP configuration using 2 nodes and redistributing connected interfaces.
-
-**Node 1:**
-
-.. code-block:: none
-
- set interfaces loopback address 10.1.1.1/32
- set protocols rip network 192.168.0.0/24
- set protocols rip redistribute connected
-
-**Node 2:**
-
-.. code-block:: none
-
- set interfaces loopback address 10.2.2.2/32
- set protocols rip network 192.168.0.0/24
- set protocols rip redistribute connected
diff --git a/docs/routing/rpki.rst b/docs/routing/rpki.rst
deleted file mode 100644
index 9813b1b6..00000000
--- a/docs/routing/rpki.rst
+++ /dev/null
@@ -1,113 +0,0 @@
-.. _rpki:
-
-####
-RPKI
-####
-
-.. pull-quote::
-
- There are two types of Network Admins who deal with BGP, those who have
- created an international incident and/or outage, and those who are lying
-
- -- `tweet by EvilMog`_, 2020-02-21
-
-:abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:`PKI
-(Public Key Infrastructure)` designed to secure the Internet routing
-infrastructure. It associates BGP route announcements with the correct
-originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then
-use to check each route against the corresponding :abbr:`ROA (Route Origin
-Authorisation)` for validity. RPKI is described in :rfc:`6480`.
-
-A BGP-speaking router like VyOS can retrieve ROA information from RPKI
-"Relying Party software" (often just called an "RPKI server" or "RPKI
-validator") by using :abbr:`RTR (RPKI to Router)` protocol. There are several
-open source implementations to choose from, such as NLNetLabs' Routinator_
-(written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and
-RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described
-in :rfc:`8210`.
-
-.. tip::
- If you are new to these routing security technologies then there is an
- `excellent guide to RPKI`_ by NLnet Labs which will get you up to speed
- very quickly. Their documentation explains everything from what RPKI is to
- deploying it in production (albeit with a focus on using NLnet Labs'
- tools). It also has some `help and operational guidance`_ including
- "What can I do about my route having an Invalid state?"
-
-First you will need to deploy an RPKI validator for your routers to use. The
-RIPE NCC helpfully provide `some instructions`_ to get you started with
-several different options. Once your server is running you can start
-validating announcements.
-
-Imported prefixes during the validation may have values:
-
- valid
- The prefix and ASN that originated it match a signed ROA. These are
- probably trustworthy route announcements.
-
- invalid
- The prefix or prefix length and ASN that originated it doesn't
- match any existing ROA. This could be the result of a prefix hijack, or
- merely a misconfiguration, but should probably be treated as
- untrustworthy route announcements.
-
- notfound
- No ROA exists which covers that prefix. Unfortunately this is the case
- for about 80% of the IPv4 prefixes which were announced to the :abbr:`DFZ
- (default-free zone)` at the start of 2020 (see more detail in
- NLnet Labs' `RPKI analytics`_).
-
-.. note::
- If you are responsible for the global addresses assigned to your
- network, please make sure that your prefixes have ROAs associated with them
- to avoid being `notfound` by RPKI. For most ASNs this will involve
- publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE
- NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged
- to do whenever you plan to announce addresses into the DFZ.
-
- Particularly large networks may wish to run their own RPKI certificate
- authority and publication server instead of publishing ROAs via their RIR.
- This is a subject far beyond the scope of VyOS' documentation. Consider
- reading about Krill_ if this is a rabbit hole you need or especially want
- to dive down.
-
-We can build route-maps for import based on these states. Here is a simple
-RPKI configuration, where `routinator` is the RPKI-validating "cache"
-server with ip `192.0.2.1`:
-
-.. code-block:: none
-
- set protocols rpki cache routinator address '192.0.2.1'
- set protocols rpki cache routinator port '3323'
-
-Here is an example route-map to apply to routes learned at import. In this
-filter we reject prefixes with the state `invalid`, and set a higher
-`local-preference` if the prefix is RPKI `valid` rather than merely
-`notfound`.
-
-.. code-block:: none
-
- set policy route-map ROUTES-IN rule 10 action 'permit'
- set policy route-map ROUTES-IN rule 10 match rpki 'valid'
- set policy route-map ROUTES-IN rule 10 set local-preference '300'
- set policy route-map ROUTES-IN rule 20 action 'permit'
- set policy route-map ROUTES-IN rule 20 match rpki 'notfound'
- set policy route-map ROUTES-IN rule 20 set local-preference '125'
- set policy route-map ROUTES-IN rule 30 action 'deny'
- set policy route-map ROUTES-IN rule 30 match rpki 'invalid'
-
-Once your routers are configured to reject RPKI-invalid prefixes, you can
-test whether the configuration is working correctly using the `RIPE Labs RPKI
-Test`_ experimental tool.
-
-.. _tweet by EvilMog: https://twitter.com/Evil_Mog/status/1230924170508169216
-.. _Routinator: https://www.nlnetlabs.nl/projects/rpki/routinator/
-.. _GoRTR: https://github.com/cloudflare/gortr
-.. _OctoRPKI: https://github.com/cloudflare/cfrpki#octorpki
-.. _Validator: https://www.ripe.net/manage-ips-and-asns/resource-management/certification/tools-and-resources
-.. _some instructions: https://labs.ripe.net/Members/tashi_phuntsho_3/how-to-install-an-rpki-validator
-.. _Krill: https://www.nlnetlabs.nl/projects/rpki/krill/
-.. _RPKI analytics: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/
-.. _RIPE Labs RPKI Test: https://sg-pub.ripe.net/jasper/rpki-web-test/
-.. _excellent guide to RPKI: https://rpki.readthedocs.io/
-.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.html
diff --git a/docs/routing/static.rst b/docs/routing/static.rst
deleted file mode 100644
index 523627fa..00000000
--- a/docs/routing/static.rst
+++ /dev/null
@@ -1,134 +0,0 @@
-.. _static-routing:
-
-######
-Static
-######
-
-Static routes are manually configured routes, which, in general, cannot be
-updated dynamically from information VyOS learns about the network topology from
-other routing protocols. However, if a link fails, the router will remove
-routes, including static routes, from the :abbr:`RIPB (Routing Information
-Base)` that used this interface to reach the next hop. In general, static
-routes should only be used for very simple network topologies, or to override
-the behavior of a dynamic routing protocol for a small number of routes. The
-collection of all routes the router has learned from its configuration or from
-its dynamic routing protocols is stored in the RIB. Unicast routes are directly
-used to determine the forwarding table used for unicast packet forwarding.
-
-Static Routes
-#############
-
-.. cfgcmd:: set protocols static route <subnet> next-hop <address>
-
- Configure next-hop `<address>` for an IPv4 static route. Multiple static
- routes can be created.
-
-.. cfgcmd:: set protocols static route <subnet> next-hop <address> disable
-
- Disable this IPv4 static route entry.
-
-.. cfgcmd:: set protocols static route <subnet> next-hop <address> distance <distance>
-
- Defines next-hop distance for this route, routes with smaller administrative
- distance are elected prior those with a higher distance.
-
- Range is 1 to 255, default is 1.
-
- .. note:: Routes with a distance of 255 are effectively disabled and not
- installed into the kernel.
-
-.. cfgcmd:: set protocols static route6 <subnet> next-hop <address>
-
- Configure next-hop `<address>` for an IPv6 static route. Multiple static
- routes can be created.
-
-.. cfgcmd:: set protocols static route6 <subnet> next-hop <address> disable
-
- Disable this IPv6 static route entry.
-
-.. cfgcmd:: set protocols static route6 <subnet> next-hop <address> distance <distance>
-
- Defines next-hop distance for this route, routes with smaller administrative
- distance are elected prior those with a higher distance.
-
- Range is 1 to 255, default is 1.
-
- .. note:: Routes with a distance of 255 are effectively disabled and not
- installed into the kernel.
-
-
-Interface Routes
-================
-
-.. cfgcmd:: set protocols static interface-route <subnet> next-hop-interface <interface>
-
- Allows you to configure the next-hop interface for an interface-based IPv4
- static route. `<interface>` will be the next-hop interface where trafic is
- routed for the given `<subnet>`.
-
-.. cfgcmd:: set protocols static interface-route <subnet> next-hop-interface <interface> disable
-
- Disables interface-based IPv4 static route.
-
-.. cfgcmd:: set protocols static interface-route <subnet> next-hop-interface <interface> distance <distance>
-
- Defines next-hop distance for this route, routes with smaller administrative
- distance are elected prior those with a higher distance.
-
- Range is 1 to 255, default is 1.
-
-.. cfgcmd:: set protocols static interface-route6 <subnet> next-hop-interface <interface>
-
- Allows you to configure the next-hop interface for an interface-based IPv6
- static route. `<interface>` will be the next-hop interface where trafic is
- routed for the given `<subnet>`.
-
-.. cfgcmd:: set protocols static interface-route6 <subnet> next-hop-interface <interface> disable
-
- Disables interface-based IPv6 static route.
-
-.. cfgcmd:: set protocols static interface-route6 <subnet> next-hop-interface <interface> distance <distance>
-
- Defines next-hop distance for this route, routes with smaller administrative
- distance are elected prior those with a higher distance.
-
- Range is 1 to 255, default is 1.
-
-
-Blackhole
-=========
-
-.. cfgcmd:: set protocols static route <subnet> blackhole
-
- Use this command to configure a "black-hole" route on the router. A
- black-hole route is a route for which the system silently discard packets
- that are matched. This prevents networks leaking out public interfaces, but
- it does not prevent them from being used as a more specific route inside your
- network.
-
-.. cfgcmd:: set protocols static route <subnet> blackhole distance <distance>
-
- Defines blackhole distance for this route, routes with smaller administrative
- distance are elected prior those with a higher distance.
-
-.. cfgcmd:: set protocols static route6 <subnet> blackhole
-
- Use this command to configure a "black-hole" route on the router. A
- black-hole route is a route for which the system silently discard packets
- that are matched. This prevents networks leaking out public interfaces, but
- it does not prevent them from being used as a more specific route inside your
- network.
-
-.. cfgcmd:: set protocols static route6 <subnet> blackhole distance <distance>
-
- Defines blackhole distance for this route, routes with smaller administrative
- distance are elected prior those with a higher distance.
-
-
-Alternate Routing Tables
-========================
-
-TBD
-
-Alternate routing tables are used with policy based routing of by utilizing
-:ref:`vrf`.