diff options
Diffstat (limited to 'docs')
m--------- | docs/_include/vyos-1x | 0 | ||||
-rw-r--r-- | docs/changelog/1.3.rst | 33 | ||||
-rw-r--r-- | docs/changelog/1.4.rst | 42 | ||||
-rw-r--r-- | docs/configuration/interfaces/macsec.rst | 5 | ||||
-rw-r--r-- | docs/configuration/interfaces/tunnel.rst | 40 | ||||
-rw-r--r-- | docs/configuration/protocols/bgp.rst | 16 |
6 files changed, 107 insertions, 29 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject cf1156a60e1d03a752cde0baadbc9ac8118b2a5 +Subproject 49bc3f1e3ff8416908fc986bb60b444a75a1722 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index f54a7a3e..c819323f 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,37 @@ _ext/releasenotes.py +2021-02-28 +========== + +* :vytask:`T3370` (bug): dhcp: Invalid domain name "private" +* :vytask:`T3369` (feature): VXLAN: add IPv6 underlay support + + +2021-02-27 +========== + +* :vytask:`T2291` (bug): Bad hostnames in /etc/hosts with static-mapping in dhcp server config +* :vytask:`T3364` (feature): tunnel: cleanup/rename CLI nodes +* :vytask:`T3211` (feature): ability to redistribute ISIS into other routing protocols +* :vytask:`T3368` (feature): macsec: add support for gcm-aes-256 cipher +* :vytask:`T3366` (bug): tunnel: can not change local / remote ip address for gre-bridge tunnel + + +2021-02-26 +========== + +* :vytask:`T3347` (default): vyos 1.3 beta fails to configure Xen HVM guest ethernet interfaces due to ethtool -g error +* :vytask:`T3357` (default): HTTP-API redirect from http correct https port + + +2021-02-24 +========== + +* :vytask:`T1774` (default): Add a show config operation to the HTTP API +* :vytask:`T3303` (feature): Change welcome message on boot + + 2021-02-21 ========== @@ -44,7 +75,7 @@ 2021-02-16 ========== -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.99 / 5.10.17 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.101 / 5.10.19 2021-02-14 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 96d80b26..618664f8 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,46 @@ _ext/releasenotes.py +2021-02-28 +========== + +* :vytask:`T3370` (bug): dhcp: Invalid domain name "private" +* :vytask:`T3369` (feature): VXLAN: add IPv6 underlay support +* :vytask:`T3363` (bug): VyOS-Build interactive prompt when using Podman +* :vytask:`T3320` (bug): Bgp neighbor peer-group without peer-group fail + + +2021-02-27 +========== + +* :vytask:`T3365` (bug): Bgp neighbor interface ordering for remote-as +* :vytask:`T3225` (bug): Adding a BGP neighbor with an address on a local interface throws a vyos.frr.CommitError: Configuration FRR failed while committing code: '' +* :vytask:`T3211` (feature): ability to redistribute ISIS into other routing protocols +* :vytask:`T3368` (feature): macsec: add support for gcm-aes-256 cipher +* :vytask:`T3173` (feature): Need 'nopmtudisc' option for tunnel interface + + +2021-02-26 +========== + +* :vytask:`T3324` (bug): Bgp space in the password +* :vytask:`T3357` (default): HTTP-API redirect from http correct https port +* :vytask:`T3323` (bug): Bgp ttl-security and ebgp-multihop fail + + +2021-02-24 +========== + +* :vytask:`T3303` (feature): Change welcome message on boot + + +2021-02-22 +========== + +* :vytask:`T3322` (bug): Bgp neighbor timers not applyed to FRR config +* :vytask:`T3327` (bug): OSPFv3: Cannot add dummy interface + + 2021-02-21 ========== @@ -39,7 +79,7 @@ ========== * :vytask:`T3313` (bug): ospfv3 interface missing options -* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.99 / 5.10.17 +* :vytask:`T3318` (feature): Update Linux Kernel to v5.4.101 / 5.10.19 2021-02-15 diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index 2bf643aa..9a20c425 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -27,14 +27,11 @@ Common interface configuration MACsec options ============== -.. cfgcmd:: set interfaces macsec <interface> security cipher [gcm-aes-128] +.. cfgcmd:: set interfaces macsec <interface> security cipher <gcm-aes-128|gcm-aes-256> Select cipher suite used for cryptographic operations. This setting is mandatory. - .. note:: gcm-aes-256 support planned once iproute2 package is updated to - version >=5.2. - .. cfgcmd:: set interfaces macsec <interface> security encrypt MACsec only provides authentication by default, encryption is optional. This diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index d2d63ce2..36b1d70b 100644 --- a/docs/configuration/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -32,8 +32,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 203.0.113.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 203.0.113.20 set interfaces tunnel tun0 address 192.168.100.200/24 IP6IP6 @@ -50,8 +50,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ip6ip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 2001:db8:bb::1/64 IPIP6 @@ -67,8 +67,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation ipip6 - set interfaces tunnel tun0 local-ip 2001:db8:aa::1 - set interfaces tunnel tun0 remote-ip 2001:db8:aa::2 + set interfaces tunnel tun0 source-address 2001:db8:aa::1 + set interfaces tunnel tun0 remote 2001:db8:aa::2 set interfaces tunnel tun0 address 192.168.70.80/24 6in4 (SIT) @@ -89,8 +89,8 @@ An example: .. code-block:: none set interfaces tunnel tun0 encapsulation sit - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 2001:db8:bb::1/64 A full example of a Tunnelbroker.net config can be found at @@ -112,8 +112,8 @@ over either IPv4 (gre) or IPv6 (ip6gre). Configuration ^^^^^^^^^^^^^ -A basic configuration requires a tunnel source (local-ip), a tunnel destination -(remote-ip), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a +A basic configuration requires a tunnel source (source-address), a tunnel destination +(remote), an encapsulation type (gre), and an address (ipv4/ipv6).Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router @@ -125,8 +125,8 @@ defaults to gre ip otherwise it would have to be configured as well. set interfaces tunnel tun100 address '10.0.0.1/30' set interfaces tunnel tun100 encapsulation 'gre' - set interfaces tunnel tun100 local-ip '198.51.100.2' - set interfaces tunnel tun100 remote-ip '203.0.113.10' + set interfaces tunnel tun100 source-address '198.51.100.2' + set interfaces tunnel tun100 remote '203.0.113.10' **Cisco IOS Router:** @@ -147,8 +147,8 @@ and a Linux host using systemd-networkd. set interfaces tunnel tun101 address '2001:db8:feed:beef::1/126' set interfaces tunnel tun101 address '192.168.5.1/30' set interfaces tunnel tun101 encapsulation 'ip6gre' - set interfaces tunnel tun101 local-ip '2001:db8:babe:face::3afe:3' - set interfaces tunnel tun101 remote-ip '2001:db8:9bb:3ce::5' + set interfaces tunnel tun101 source-address '2001:db8:babe:face::3afe:3' + set interfaces tunnel tun101 remote '2001:db8:9bb:3ce::5' **Linux systemd-networkd:** @@ -189,15 +189,15 @@ An example: .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 10.40.50.60/24 set interfaces tunnel tun0 parameters ip key 10 - + .. code-block:: none - set interfaces tunnel tun0 local-ip 192.0.2.10 - set interfaces tunnel tun0 remote-ip 192.0.2.20 + set interfaces tunnel tun0 source-address 192.0.2.10 + set interfaces tunnel tun0 remote 192.0.2.20 set interfaces tunnel tun0 address 172.16.17.18/24 set interfaces tunnel tun0 parameters ip key 20 @@ -211,7 +211,7 @@ to make sure the configuration performs as expected. A common cause for GRE tunnels to fail to come up correctly include ACL or Firewall configurations that are discarding IP protocol 47 or blocking your source/desintation traffic. -**1. Confirm IP connectivity between tunnel local-ip and remote-ip:** +**1. Confirm IP connectivity between tunnel source-address and remote:** .. code-block:: none diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 6b6605a6..bd5a75e1 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -530,8 +530,8 @@ Redistribution Configuration General Configuration --------------------- -Common parametrs -^^^^^^^^^^^^^^^^ +Common parameters +^^^^^^^^^^^^^^^^^ .. cfgcmd:: set protocols bgp <asn> parameters router-id <id> @@ -585,7 +585,17 @@ Common parametrs This command goes hand in hand with the listen range command to limit the amount of BGP neighbors that are allowed to connect to the local router. The limit range is 1 to 5000. - + +.. cfgcmd:: set protocols bgp <asn> parameters ebgp-requires-policy + + This command changes the eBGP behavior of FRR. By default FRR enables + :rfc:`8212` functionality which affects how eBGP routes are advertised, + namely no routes are advertised across eBGP sessions without some + sort of egress route-map/policy in place. In VyOS however we have this + RFC functionality disabled by default so that we can preserve backwards + compatibility with older versions of VyOS. With this option one can + enable :rfc:`8212` functionality to operate. + Administrative Distance ^^^^^^^^^^^^^^^^^^^^^^^ |