diff options
Diffstat (limited to 'docs/routing')
| -rw-r--r-- | docs/routing/index.rst | 3 | ||||
| -rw-r--r-- | docs/routing/mss-clamp.rst | 2 | ||||
| -rw-r--r-- | docs/routing/ospf.rst | 17 | ||||
| -rw-r--r-- | docs/routing/pbr.rst | 6 | ||||
| -rw-r--r-- | docs/routing/routing-policy.rst | 4 | ||||
| -rw-r--r-- | docs/routing/static.rst | 11 |
6 files changed, 28 insertions, 15 deletions
diff --git a/docs/routing/index.rst b/docs/routing/index.rst index 376e0919..1a1db43f 100644 --- a/docs/routing/index.rst +++ b/docs/routing/index.rst @@ -8,8 +8,7 @@ policy routing, and dynamic routing using standard protocols (RIP, OSPF, and BGP). .. toctree:: - :maxdepth: 2 - :hidden: + :maxdepth: 1 arp bgp diff --git a/docs/routing/mss-clamp.rst b/docs/routing/mss-clamp.rst index 9409690a..7cec4b7c 100644 --- a/docs/routing/mss-clamp.rst +++ b/docs/routing/mss-clamp.rst @@ -7,7 +7,7 @@ As Internet wide PMTU discovery rarely works we sometimes need to clamp our TCP MSS value to a specific value. Starting with VyOS 1.2 there is a firewall option to clamp your TCP MSS value for IPv4 and IPv6. -Clamping can be disabled per interface using the `disable` keywork: +Clamping can be disabled per interface using the `disable` keyword: .. code-block:: sh diff --git a/docs/routing/ospf.rst b/docs/routing/ospf.rst index 23033bd6..b8366cdc 100644 --- a/docs/routing/ospf.rst +++ b/docs/routing/ospf.rst @@ -15,8 +15,21 @@ OSPF is a widely used IGP in large enterprise networks. OSPFv2 (IPv4) ^^^^^^^^^^^^^ -A typical configuration using 2 nodes, redistribute loopback address and the -node 1 sending the default route: +In order to have a VyOS system exchanging routes with OSPF neighbors, you will at least need to configure the area and a network, + +.. code-block:: sh + + set protocols ospf area 0 network 192.168.0.0/24 + +as well as the router ID. + +.. code-block:: sh + + set protocols ospf parameters router-id 10.1.1.1 + +That is the minimum configuration you will need. + +Below you can see a typical configuration using 2 nodes, redistribute loopback address and the node 1 sending the default route: **Node 1** diff --git a/docs/routing/pbr.rst b/docs/routing/pbr.rst index a8ee9e87..62dfcaec 100644 --- a/docs/routing/pbr.rst +++ b/docs/routing/pbr.rst @@ -73,9 +73,9 @@ Add policy route matching VLAN source addresses set policy route PBR rule 20 description 'Route VLAN10 traffic to table 10' set policy route PBR rule 20 source address '192.168.188.0/24' - set policy route PBR rule 20 set table '11' - set policy route PBR rule 20 description 'Route VLAN11 traffic to table 11' - set policy route PBR rule 20 source address '192.168.189.0/24' + set policy route PBR rule 30 set table '11' + set policy route PBR rule 30 description 'Route VLAN11 traffic to table 11' + set policy route PBR rule 30 source address '192.168.189.0/24' Apply routing policy to **inbound** direction of out VLAN interfaces diff --git a/docs/routing/routing-policy.rst b/docs/routing/routing-policy.rst index 253dd980..f1b7d778 100644 --- a/docs/routing/routing-policy.rst +++ b/docs/routing/routing-policy.rst @@ -22,8 +22,8 @@ Routing Policy Example set policy route-map setmet rule 2 set as-path-prepend '2 2 2' #Apply policy to BGP - set protocols bgp 1 neighbor 1.1.1.2 route-map import 'setmet' - set protocols bgp 1 neighbor 1.1.1.2 soft-reconfiguration 'inbound' <<<< *** + set protocols bgp 1 neighbor 1.1.1.2 address-family ipv4-unicast route-map import 'setmet' + set protocols bgp 1 neighbor 1.1.1.2 address-family ipv4-unicast soft-reconfiguration 'inbound' <<<< *** *** get policy update without bouncing the neighbor diff --git a/docs/routing/static.rst b/docs/routing/static.rst index e1f96c31..4faa2451 100644 --- a/docs/routing/static.rst +++ b/docs/routing/static.rst @@ -13,11 +13,10 @@ not make use of DHCP or dynamic routing protocols: set protocols static route 0.0.0.0/0 next-hop 10.1.1.1 distance '1' Another common use of static routes is to blackhole (drop) traffic. In the -example below, RFC 1918 private IP networks are set as blackhole routes. This -does not prevent networks within these segments from being used, since the -most specific route is always used. It does, however, prevent traffic to -unknown private networks from leaving the router. Commonly refereed to as -leaking. +example below, RFC1918_ networks are set as blackhole routes. + +This prevents these networks leaking out public interfaces, but it does not prevent +them from being used as the most specific route has the highest priority. .. code-block:: sh @@ -27,3 +26,5 @@ leaking. .. note:: Routes with a distance of 255 are effectively disabled and not installed into the kernel. + +.. _RFC1918: https://tools.ietf.org/html/rfc1918 |