diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/_static/images/vyos_arista_bond_lacp.png | bin | 0 -> 40622 bytes | |||
| -rw-r--r-- | docs/configuration-overview.rst | 142 | ||||
| -rw-r--r-- | docs/interfaces/bond.rst | 115 | ||||
| -rw-r--r-- | docs/qos.rst | 11 |
4 files changed, 253 insertions, 15 deletions
diff --git a/docs/_static/images/vyos_arista_bond_lacp.png b/docs/_static/images/vyos_arista_bond_lacp.png Binary files differnew file mode 100644 index 00000000..6c9ef8ec --- /dev/null +++ b/docs/_static/images/vyos_arista_bond_lacp.png diff --git a/docs/configuration-overview.rst b/docs/configuration-overview.rst index ee7f63a2..653c1b6e 100644 --- a/docs/configuration-overview.rst +++ b/docs/configuration-overview.rst @@ -15,18 +15,18 @@ Terminology A VyOS system has three major types of configurations: -* **Active** or **Running** configuration is the system configuration +* **Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration. -* **Working** - is the configuration which is currently being modified +* **Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration. -* **Saved** - is a configuration saved to a file using the +* **Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or "boot" configuration is saved and loaded from the file @@ -295,9 +295,13 @@ entered. [edit] vyos@vyos# set interface ethernet eth0 address 192.0.2.100/24 + +.. code-block:: none + [edit interfaces ethernet eth0] vyos@vyos# set address 203.0.113.6/24 + These two commands above are essentially the same, just executed from different levels in the hierarchy. @@ -369,6 +373,105 @@ different levels in the hierarchy. [edit] vyos@vyos# exit discard + +.. cfgcmd:: commit-confirm + + Commit the current set of changes if ``confirm`` is also entered + within 10 minutes. Otherwise the system reboot into the previous + configuration. + + + What if you are doing something dangerous? Suppose you want to setup + a firewall, and you are not sure there are no mistakes that will lock + you out of your system. You can use confirmed commit. If you issue + the ``commit-confirm`` command, your changes will be commited, and if + you don't issue issue the ``confirm`` command in 10 minutes, your + system will reboot into previous config revision. + + .. code-block:: none + + vyos@router# set interfaces ethernet eth0 firewall local name FromWorld + vyos@router# commit-confirm + commit confirm will be automatically reboot in 10 minutes unless confirmed + Proceed? [confirm]y + [edit] + vyos@router# confirm + [edit] + + + .. note:: A reboot because you did not enter ``confirm`` will not + take you necessarily to the *saved configuration*, but to the + point before the unfortunate commit. + + +.. cfgcmd:: copy + + Copy a configuration element. + + You can copy and remove configuration subtrees. Suppose you set up a + firewall ruleset ``FromWorld`` with one rule that allows traffic from + specific subnet. Now you want to setup a similar rule, but for + different subnet. Change your edit level to + ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then + modify rule 20. + + + .. code-block:: none + + vyos@router# show firewall name FromWorld + default-action drop + rule 10 { + action accept + source { + address 203.0.113.0/24 + } + } + [edit] + vyos@router# edit firewall name FromWorld + [edit firewall name FromWorld] + vyos@router# copy rule 10 to rule 20 + [edit firewall name FromWorld] + vyos@router# set rule 20 source address 198.51.100.0/24 + [edit firewall name FromWorld] + vyos@router# commit + [edit firewall name FromWorld] + + +.. cfgcmd:: rename + + Rename a configuration element. + + You can also rename config subtrees: + + .. code-block:: none + + vyos@router# rename rule 10 to rule 5 + [edit firewall name FromWorld] + vyos@router# commit + [edit firewall name FromWorld] + + Note that ``show`` command respects your edit level and from this + level you can view the modified firewall ruleset with just ``show`` + with no parameters. + + .. code-block:: none + + vyos@router# show + default-action drop + rule 5 { + action accept + source { + address 203.0.113.0/24 + } + } + rule 20 { + action accept + source { + address 198.51.100.0/24 + } + } + + .. _run_opmode_from_config_mode: Access opmode from config mode @@ -451,12 +554,13 @@ any previous revisions if something goes wrong. 9 2013-12-12 15:42:07 root by boot-config-loader 10 2013-12-12 15:42:06 root by init - Revisions can be compared with :cfgcmd:`compare N M` command, where N - and M are revision numbers. The output will describe how the - configuration N is when compared to YM indicating with a plus sign - (``+``) the additional parts N has when compared to M, and indicating - with a minus sign (``-``) the lacking parts N misses when compared to - Y. + The command :cfgcmd:`compare` allows you to compare different type of + configurations. It also lets you compare different revisions through + the :cfgcmd:`compare N M` command, where N and M are revision + numbers. The output will describe how the configuration N is when + compared to M indicating with a plus sign (``+``) the additional + parts N has when compared to M, and indicating with a minus sign + (``-``) the lacking parts N misses when compared to M. .. code-block:: none @@ -473,6 +577,26 @@ any previous revisions if something goes wrong. - address 192.0.2.4/24 -} + +.. opcmd:: show system commit diff <number> + + Show commit revision difference. + + +The command above also lets you see the difference between two commits. +By default the difference with the running config is shown. + +.. code-block:: none + + vyos@router# run show system commit diff 4 + [edit system] + +ipv6 { + + disable-forwarding + +} + +This means four commits ago we did ``set system ipv6 disable-forwarding``. + + .. cfgcmd:: set system config-management commit-revisions <N> You can specify the number of revisions stored on disk. N can be in diff --git a/docs/interfaces/bond.rst b/docs/interfaces/bond.rst index 396242ae..9e67809a 100644 --- a/docs/interfaces/bond.rst +++ b/docs/interfaces/bond.rst @@ -395,6 +395,121 @@ with two interfaces from VyOS to a Aruba/HP 2510G switch. vlan 10 tagged Trk1 vlan 100 tagged Trk1 +Arista EOS +^^^^^^^^^^ + +When utilizing VyOS in an environment with Arista gear you can use this blue +print as an initial setup to get an LACP bond / port-channel operational between +those two devices. + +Lets assume the following topology: + +.. figure:: /_static/images/vyos_arista_bond_lacp.png + :alt: VyOS Arista EOS setup + +**R1** + + .. code-block:: none + + interfaces { + bonding bond10 { + hash-policy layer3+4 + member { + interface eth1 + interface eth2 + } + mode 802.3ad + vif 100 { + address 192.0.2.1/30 + address 2001:db8::1/64 + } + } + +**R2** + + .. code-block:: none + + interfaces { + bonding bond10 { + hash-policy layer3+4 + member { + interface eth1 + interface eth2 + } + mode 802.3ad + vif 100 { + address 192.0.2.2/30 + address 2001:db8::2/64 + } + } + +**SW1** + + .. code-block:: none + + ! + vlan 100 + name FOO + ! + interface Port-Channel10 + switchport trunk allowed vlan 100 + switchport mode trunk + spanning-tree portfast + ! + interface Port-Channel20 + switchport mode trunk + no spanning-tree portfast auto + spanning-tree portfast network + ! + interface Ethernet1 + channel-group 10 mode active + ! + interface Ethernet2 + channel-group 10 mode active + ! + interface Ethernet3 + channel-group 20 mode active + ! + interface Ethernet4 + channel-group 20 mode active + ! + +**SW2** + + .. code-block:: none + + ! + vlan 100 + name FOO + ! + interface Port-Channel10 + switchport trunk allowed vlan 100 + switchport mode trunk + spanning-tree portfast + ! + interface Port-Channel20 + switchport mode trunk + no spanning-tree portfast auto + spanning-tree portfast network + ! + interface Ethernet1 + channel-group 10 mode active + ! + interface Ethernet2 + channel-group 10 mode active + ! + interface Ethernet3 + channel-group 20 mode active + ! + interface Ethernet4 + channel-group 20 mode active + ! + +.. note:: When using EVE-NG to lab this environment ensure you are using e1000 + as the desired driver for your VyOS network interfaces. When using the regular + virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel + will never become active! + Operation ######### diff --git a/docs/qos.rst b/docs/qos.rst index a4e56665..3cd183cf 100644 --- a/docs/qos.rst +++ b/docs/qos.rst @@ -336,12 +336,11 @@ you will only be able to apply one policy per interface and direction Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy. -.. hint:: If you are looking for a policy for your outbound traffic but - you do not know what policy you need, you might consider FQ-CoDel_ as - your multipurpose nearly-no-configuration low-delay fair-queue - policy; if delay does not worry you and you want to manually allocate - bandwidth shares to specific traffic, then you should consider - Shaper_. +.. hint:: **If you are looking for a policy for your outbound traffic** + but you don't know which one you need and you don't want to go + through every possible policy shown here, **our bet is that highly + likely you are looking for a** Shaper_ **policy and you want to** + :ref:`set its queues <embed>` **as FQ-CoDel**. Drop Tail --------- |
