diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/interfaces/tunnel.rst | 115 | ||||
| -rw-r--r-- | docs/interfaces/vti.rst | 22 | ||||
| -rw-r--r-- | docs/troubleshooting.rst | 39 |
3 files changed, 153 insertions, 23 deletions
diff --git a/docs/interfaces/tunnel.rst b/docs/interfaces/tunnel.rst new file mode 100644 index 00000000..1f191c16 --- /dev/null +++ b/docs/interfaces/tunnel.rst @@ -0,0 +1,115 @@ +.. _interfaces-tunnel: + +Tunnel Interfaces +================= + +Generic Routing Encapsulation (GRE) +----------------------------------- + +A GRE tunnel operates at layer 3 of the OSI model and is repsented by IP protocol 47. The +main benefit of a GRE tunnel is that you are able to route traffic across disparate networks. +GRE also supports multicast traffic and supports routing protocols that leverage multicast to +form neighbor adjacencies. + +Configuration +^^^^^^^^^^^^^ + +A basic configuration requires a tunnel source (local-ip), a tunnel destination (remote-ip), +an encapsulation type (gre), and an address (ipv4/ipv6). Below is a configuration example +taken from a VyOS router and a Cisco IOS router. The main difference between these two +configurations is that VyOS requires you explicitly configure the encapsulation type. +The Cisco router defaults to 'gre ip' otherwise it would have to be configured as well. + +**VyOS Router:** + +.. code-block:: sh + + set interfaces tunnel tun100 address '10.0.0.1/30' + set interfaces tunnel tun100 encapsulation 'gre' + set interfaces tunnel tun100 local-ip '198.18.0.2' + set interfaces tunnel tun100 remote-ip '198.18.2.2' + +**Cisco IOS Router:** + +.. code-block:: sh + + interface Tunnel100 + ip address 10.0.0.2 255.255.255.252 + tunnel source 198.18.2.2 + tunnel destination 198.18.0.2 + +Troubleshooting +^^^^^^^^^^^^^^^ + +GRE is a well defined standard that is common in most networks. While not inherently difficult +to configure there are a couple of things to keep in mind to make sure the configuration performs +as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall +configurations that are discarding IP protocol 47 or blocking your source/desintation traffic. + +**1. Confirm IP connectivity between tunnel local-ip and remote-ip:** + +.. code-block:: sh + + vyos@vyos:~$ ping 198.18.2.2 interface 198.18.0.2 count 4 + PING 198.18.2.2 (198.18.2.2) from 198.18.0.2 : 56(84) bytes of data. + 64 bytes from 198.18.2.2: icmp_seq=1 ttl=254 time=0.807 ms + 64 bytes from 198.18.2.2: icmp_seq=2 ttl=254 time=1.50 ms + 64 bytes from 198.18.2.2: icmp_seq=3 ttl=254 time=0.624 ms + 64 bytes from 198.18.2.2: icmp_seq=4 ttl=254 time=1.41 ms + + --- 198.18.2.2 ping statistics --- + 4 packets transmitted, 4 received, 0% packet loss, time 3007ms + rtt min/avg/max/mdev = 0.624/1.087/1.509/0.381 ms + +**2. Confirm the link type has been set to GRE:** + +.. code-block:: sh + + vyos@vyos:~$ show interfaces tunnel tun100 + tun100@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000 + link/gre 198.18.0.2 peer 198.18.2.2 + inet 10.0.0.1/30 brd 10.0.0.3 scope global tun100 + valid_lft forever preferred_lft forever + inet6 fe80::5efe:c612:2/64 scope link + valid_lft forever preferred_lft forever + + RX: bytes packets errors dropped overrun mcast + 2183 27 0 0 0 0 + TX: bytes packets errors dropped carrier collisions + 836 9 0 0 0 0 + +**3. Confirm IP connectivity across the tunnel:** + +.. code-block:: sh + + vyos@vyos:~$ ping 10.0.0.2 interface 10.0.0.1 count 4 + PING 10.0.0.2 (10.0.0.2) from 10.0.0.1 : 56(84) bytes of data. + 64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=1.05 ms + 64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=1.88 ms + 64 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=1.98 ms + 64 bytes from 10.0.0.2: icmp_seq=4 ttl=255 time=1.98 ms + + --- 10.0.0.2 ping statistics --- + 4 packets transmitted, 4 received, 0% packet loss, time 3008ms + rtt min/avg/max/mdev = 1.055/1.729/1.989/0.395 ms + +Virtual Tunnel Interface (VTI) +------------------------------ + +Set Virtual Tunnel Interface + +.. code-block:: sh + + set interfaces vti vti0 address 192.168.2.249/30 + set interfaces vti vti0 address 2001:db8:2::249/64 + +Results in: + +.. code-block:: sh + + vyos@vyos# show interfaces vti + vti vti0 { + address 192.168.2.249/30 + address 2001:db8:2::249/64 + description "Description" + } diff --git a/docs/interfaces/vti.rst b/docs/interfaces/vti.rst deleted file mode 100644 index bb97e323..00000000 --- a/docs/interfaces/vti.rst +++ /dev/null @@ -1,22 +0,0 @@ -.. _interfaces-vti: - -Tunnel Interfaces (vti) ------------------------ - -Set Virtual Tunnel interface - -.. code-block:: sh - - set interfaces vti vti0 address 192.168.2.249/30 - set interfaces vti vti0 address 2001:db8:2::249/64 - -Results in: - -.. code-block:: sh - - vyos@vyos# show interfaces vti - vti vti0 { - address 192.168.2.249/30 - address 2001:db8:2::249/64 - description "Description" - } diff --git a/docs/troubleshooting.rst b/docs/troubleshooting.rst index 04cb9d80..80a46932 100644 --- a/docs/troubleshooting.rst +++ b/docs/troubleshooting.rst @@ -297,8 +297,45 @@ to clear counters on firewall rulesets or single rules vyos@vyos:~$ clear firewall ipv6-name <ipv6 ruleset name> counters vyos@vyos:~$ clear firewall ipv6-name <ipv6 ruleset name> rule <rule#> counters - +Basic System Information +------------------------ + +Boot steps +^^^^^^^^^^ + +VyOS 1.2.0+ uses `Debian Jessie`_ as the base Linux operating system. +Jessie was the first version of Debian that uses `systemd`_ as the default init system. + +These are the boot steps for VyOS 1.2.0+ + +1. The BIOS loads Grub (or isolinux for the Live CD) +2. Grub then starts the Linux boot and loads the Linux Kernel ``/boot/vmlinuz`` +3. Kernel Launches Systemd ``/lib/systemd/systemd`` +4. Systemd loads the VyOS service file ``/lib/systemd/system/vyos-router.service`` +5. The service file launches the VyOS router init script ``/usr/libexec/vyos/init/vyos-router`` - this is part of the `vyatta-cfg`_ Debian package + + 1. Starts FRR_ - successor to `GNU Zebra`_ and `Quagga`_ + + 2. Initialises the boot configuration file - copies over ``config.boot.default`` if there is no configuration + 3. Runs the configuration migration, if the configuration is for an older version of VyOS + 4. Runs The pre-config script, if there is one ``/config/scripts/vyos-preconfig-bootup.script`` + 5. If the config file was upgraded, runs any post upgrade scripts ``/config/scripts/post-upgrade.d`` + 6. Starts **rl-system** and **firewall** + 7. Mounts the ``/boot`` partition + 8. The boot configuration file is then applied by ``/opt/vyatta/sbin/vyatta-boot-config-loader /opt/vyatta/etc/config/config.boot`` + + 1. The config loader script writes log entries to ``/var/log/vyatta-config-loader.log`` + + 10. Runs ``telinit q`` to tell the init system to reload ``/etc/inittab`` + 11. Finally it runs the post-config script ``/config/scripts/vyos-postconfig-bootup.script`` + +.. _Quagga: http://www.quagga.net/ +.. _`GNU Zebra`: https://www.gnu.org/software/zebra/ +.. _FRR: https://frrouting.org/ +.. _vyatta-cfg: https://github.com/vyos/vyatta-cfg +.. _systemd: _https://freedesktop.org/wiki/Software/systemd/ +.. _`Debian Jessie`: https://www.debian.org/releases/jessie/ .. _mtr: http://www.bitwizard.nl/mtr/ .. _tshark: https://www.wireshark.org/docs/man-pages/tshark.html .. _`PCAP filter expressions`: http://www.tcpdump.org/manpages/pcap-filter.7.html |