diff options
Diffstat (limited to 'docs/troubleshooting.rst')
-rw-r--r-- | docs/troubleshooting.rst | 229 |
1 files changed, 151 insertions, 78 deletions
diff --git a/docs/troubleshooting.rst b/docs/troubleshooting.rst index e965a8c9..23248507 100644 --- a/docs/troubleshooting.rst +++ b/docs/troubleshooting.rst @@ -1,98 +1,169 @@ .. _troubleshooting: +############### Troubleshooting -=============== +############### Sometimes things break or don't work as expected. This section describes several troubleshooting tools provided by VyOS that can help when something goes wrong. -Basic Connectivity Verification -------------------------------- +****************** +Connectivity Tests +****************** + +Basic Connectivity Tests +======================== Verifying connectivity can be done with the familiar `ping` and `traceroute` commands. The options for each are shown (the options for each command were displayed using the built-in help as described in the :ref:`cli` section and are omitted from the output here): -.. code-block:: none +.. opcmd:: ping <destination> - vyos@vyos:~$ ping - Possible completions: - <hostname> Send Internet Control Message Protocol (ICMP) echo request - <x.x.x.x> - <h:h:h:h:h:h:h:h> + Send ICMP echo requests to destination host. There are multiple options to + ping, inkl. VRF support. -Several options are available when more extensive troubleshooting is needed: + .. code-block:: none -.. code-block:: none + vyos@vyos:~$ ping 10.1.1.1 + Possible completions: + <Enter> Execute the current command + adaptive Ping options + allow-broadcast + audible + bypass-route + count + deadline + flood + interface + interval + mark + no-loopback + numeric + pattern + quiet + record-route + size + timestamp + tos + ttl + verbose + vrf - vyos@vyos:~$ ping 10.1.1.1 - Possible completions: - <Enter> Execute the current command - adaptive Ping options - allow-broadcast - audible - bypass-route - count - deadline - flood - interface - interval - mark - no-loopback - numeric - pattern - quiet - record-route - size - timestamp - tos - ttl - verbose -.. code-block:: none +.. opcmd:: traceroute <destination> - vyos@vyos:~$ traceroute - Possible completions: - <hostname> Track network path to specified node - <x.x.x.x> - <h:h:h:h:h:h:h:h> - ipv4 Track network path to <hostname|IPv4 address> - ipv6 Track network path to <hostname|IPv6 address> + Trace path to target. -However, another tool, mtr_, is available which combines ping and traceroute -into a single tool. An example of its output is shown: + .. code-block:: none -.. code-block:: none + vyos@vyos:~$ traceroute + Possible completions: + <hostname> Track network path to specified node + <x.x.x.x> + <h:h:h:h:h:h:h:h> + ipv4 Track network path to <hostname|IPv4 address> + ipv6 Track network path to <hostname|IPv6 address> + + +Advanced Connectivity Tests +=========================== + +.. opcmd:: monitor traceroute <destination> + + However, another helper is available which combines ping and traceroute + into a single tool. An example of its output is shown: + + .. code-block:: none - vyos@vyos:~$ mtr 10.62.212.12 + vyos@vyos:~$ mtr 10.62.212.12 - My traceroute [v0.85] - vyos (0.0.0.0) - Keys: Help Display mode Restart statistics Order of fields quit - Packets Pings - Host Loss% Snt Last Avg Best Wrst StDev - 1. 10.11.110.4 0.0% 34 0.5 0.5 0.4 0.8 0.1 - 2. 10.62.255.184 0.0% 34 1.1 1.0 0.9 1.4 0.1 - 3. 10.62.255.71 0.0% 34 1.4 1.4 1.3 2.0 0.1 - 4. 10.62.212.12 0.0% 34 1.6 1.6 1.6 1.7 0.0 + My traceroute [v0.85] + vyos (0.0.0.0) + Keys: Help Display mode Restart statistics Order of fields quit + Packets Pings + Host Loss% Snt Last Avg Best Wrst StDev + 1. 10.11.110.4 0.0% 34 0.5 0.5 0.4 0.8 0.1 + 2. 10.62.255.184 0.0% 34 1.1 1.0 0.9 1.4 0.1 + 3. 10.62.255.71 0.0% 34 1.4 1.4 1.3 2.0 0.1 + 4. 10.62.212.12 0.0% 34 1.6 1.6 1.6 1.7 0.0 -.. note:: The output of ``mtr`` consumes the screen and will replace your - command prompt. + .. note:: The output consumes the screen and will replace your command + prompt. -Several options are available for changing the display output. Press `h` to -invoke the built in help system. To quit, just press `q` and you'll be returned -to the VyOS command prompt. + Several options are available for changing the display output. Press `h` to + invoke the built in help system. To quit, just press `q` and you'll be + returned to the VyOS command prompt. +IPv6 Topology Discovery +======================= + +IPv6 uses different techniques to discover its Neighbors/topology. + +Router Discovery +---------------- + +.. opcmd:: force ipv6-rd interface <interface> [address <ipv6-address>] + + Discover routers via eth0. + + Example: + + .. code-block:: none + + vyos@vyos:~$ force ipv6-rd interface eth0 + Soliciting ff02::2 (ff02::2) on eth0... + + Hop limit : 60 ( 0x3c) + Stateful address conf. : No + Stateful other conf. : No + Mobile home agent : No + Router preference : high + Neighbor discovery proxy : No + Router lifetime : 1800 (0x00000708) seconds + Reachable time : unspecified (0x00000000) + Retransmit time : unspecified (0x00000000) + Prefix : 240e:fe:8ca7:ea01::/64 + On-link : Yes + Autonomous address conf.: Yes + Valid time : 2592000 (0x00278d00) seconds + Pref. time : 14400 (0x00003840) seconds + Prefix : fc00:470:f1cd:101::/64 + On-link : Yes + Autonomous address conf.: Yes + Valid time : 2592000 (0x00278d00) seconds + Pref. time : 14400 (0x00003840) seconds + Recursive DNS server : fc00:470:f1cd::ff00 + DNS server lifetime : 600 (0x00000258) seconds + Source link-layer address: 00:98:2B:F8:3F:11 + from fe80::298:2bff:fef8:3f11 + +Neighbor Discovery +------------------ + +.. opcmd:: force ipv6-nd interface <interface> address <ipv6-address> + + + Example: + + .. code-block:: none + + vyos@vyos:~$ force ipv6-nd interface eth0 address fc00:470:f1cd:101::1 + + Soliciting fc00:470:f1cd:101::1 (fc00:470:f1cd:101::1) on eth0... + Target link-layer address: 00:98:2B:F8:3F:11 from fc00:470:f1cd:101::1 + +********** Monitoring ----------- +********** VyOS features several monitoring tools. .. code-block:: none - vyos@vyos:~$ monitor + vyos@vyos:~$ monitor Possible completions: bandwidth Monitor interface bandwidth in real time bandwidth-test @@ -110,6 +181,7 @@ VyOS features several monitoring tools. lldp Monitor Link Layer Discovery Protocol (LLDP) daemon log Monitor last lines of messages file nat Monitor network address translation (NAT) + ndp Monitor the NDP information received by the router through the device openvpn Monitor OpenVPN protocol Monitor routing protocols snmp Monitor Simple Network Management Protocol (SNMP) daemon @@ -119,17 +191,17 @@ VyOS features several monitoring tools. vpn Monitor VPN vrrp Monitor Virtual Router Redundancy Protocol (VRRP) webproxy Monitor Webproxy service - + Traffic Dumps -^^^^^^^^^^^^^ +============= To monitor interface traffic, issue the :code:`monitor traffic interface <name>` command, replacing `<name>` with your chosen interface. .. code-block:: none - vyos@vyos:~$ monitor traffic interface eth0 + vyos@vyos:~$ monitor traffic interface eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 15:54:28.581601 IP 192.168.0.1 > vyos: ICMP echo request, id 1870, seq 3848, length 64 @@ -149,15 +221,15 @@ Traffic can be filtered and saved. .. code-block:: none - vyos@vyos:~$ monitor traffic interface eth0 + vyos@vyos:~$ monitor traffic interface eth0 Possible completions: <Enter> Execute the current command filter Monitor traffic matching filter conditions save Save traffic dump from an interface to a file -Interface Bandwidth -^^^^^^^^^^^^^^^^^^^ +Interface Bandwidth Usage +========================= to take a quick view on the used bandwidth of an interface use the ``monitor bandwidth`` command @@ -188,8 +260,8 @@ show the following: 0.61 :::::||..................................................... 1 5 10 15 20 25 30 35 40 45 50 55 60 -Interface performance -^^^^^^^^^^^^^^^^^^^^^ +Interface Performance +===================== To take a look on the network bandwidth between two nodes, the ``monitor bandwidth-test`` command is used to run iperf. @@ -214,7 +286,7 @@ bandwidth-test`` command is used to run iperf. Monitor command -^^^^^^^^^^^^^^^ +=============== The ``monitor command`` command allows you to repeatedly run a command to view a continuously refreshed output. The command is run and output every 2 seconds, @@ -242,8 +314,9 @@ Will clear the screen and show you the output of ``show interfaces`` every vti0 172.25.254.2/30 u/u vti1 172.25.254.9/30 u/u -Clear Command -------------- +**************** +Terminal/Console +**************** Sometimes you need to clear counters or statistics to troubleshoot better. @@ -285,11 +358,12 @@ to clear counters on firewall rulesets or single rules vyos@vyos:~$ clear firewall ipv6-name <ipv6 ruleset name> rule <rule#> counters -Basic System Information ------------------------- +****************** +System Information +****************** -Boot steps -^^^^^^^^^^ +Boot Steps +========== VyOS 1.2 uses `Debian Jessie`_ as the base Linux operating system. Jessie was the first version of Debian that uses systemd_ as the default init system. @@ -333,6 +407,5 @@ These are the boot steps for VyOS 1.2 .. _vyatta-cfg: https://github.com/vyos/vyatta-cfg .. _systemd: https://freedesktop.org/wiki/Software/systemd/ .. _`Debian Jessie`: https://www.debian.org/releases/jessie/ -.. _mtr: http://www.bitwizard.nl/mtr/ .. _tshark: https://www.wireshark.org/docs/man-pages/tshark.html .. _`PCAP filter expressions`: http://www.tcpdump.org/manpages/pcap-filter.7.html |