From f69e9d8c740829f4d20a2fbcfa1ad62824f620f9 Mon Sep 17 00:00:00 2001 From: Indrajit Raychaudhuri Date: Sat, 25 Mar 2023 04:56:49 -0500 Subject: ntp: T5112: NTS support in chrony Add `nts` option for NTP server. --- docs/configuration/service/ntp.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index 5b718c4f..08be047c 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -50,13 +50,16 @@ Configuration * ``1.pool.ntp.org`` * ``2.pool.ntp.org`` -.. cfgcmd:: set service ntp server
+.. cfgcmd:: set service ntp server
Configure one or more attributes to the given NTP server. * ``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm. + * ``nts`` enables Network Time Security (NTS) for the server as specified + in :rfc:`8915` + * ``pool`` mobilizes persistent client mode association with a number of remote servers. -- cgit v1.2.3 From 7c3e3062c587a122daa949dafb57d5f78b60e20f Mon Sep 17 00:00:00 2001 From: mkorobeinikov <92354771+mkorobeinikov@users.noreply.github.com> Date: Sun, 26 Mar 2023 05:57:38 +0300 Subject: NMP and VyOS example article An example of how to set up NMP and VyOS using the 'snmp' --- docs/_static/images/nmp1.png | Bin 0 -> 128546 bytes docs/_static/images/nmp2.png | Bin 0 -> 52507 bytes docs/_static/images/nmp3.png | Bin 0 -> 107595 bytes docs/_static/images/nmp4.png | Bin 0 -> 72678 bytes docs/_static/images/nmp5.png | Bin 0 -> 115299 bytes docs/_static/images/nmp6.png | Bin 0 -> 130524 bytes docs/_static/images/nmp7.png | Bin 0 -> 100135 bytes docs/configexamples/index.rst | 1 + docs/configexamples/nmp.rst | 66 ++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 67 insertions(+) create mode 100644 docs/_static/images/nmp1.png create mode 100644 docs/_static/images/nmp2.png create mode 100644 docs/_static/images/nmp3.png create mode 100644 docs/_static/images/nmp4.png create mode 100644 docs/_static/images/nmp5.png create mode 100644 docs/_static/images/nmp6.png create mode 100644 docs/_static/images/nmp7.png create mode 100644 docs/configexamples/nmp.rst diff --git a/docs/_static/images/nmp1.png b/docs/_static/images/nmp1.png new file mode 100644 index 00000000..0b761a76 Binary files /dev/null and b/docs/_static/images/nmp1.png differ diff --git a/docs/_static/images/nmp2.png b/docs/_static/images/nmp2.png new file mode 100644 index 00000000..3190a099 Binary files /dev/null and b/docs/_static/images/nmp2.png differ diff --git a/docs/_static/images/nmp3.png b/docs/_static/images/nmp3.png new file mode 100644 index 00000000..0585b80e Binary files /dev/null and b/docs/_static/images/nmp3.png differ diff --git a/docs/_static/images/nmp4.png b/docs/_static/images/nmp4.png new file mode 100644 index 00000000..e0aa893e Binary files /dev/null and b/docs/_static/images/nmp4.png differ diff --git a/docs/_static/images/nmp5.png b/docs/_static/images/nmp5.png new file mode 100644 index 00000000..d3149034 Binary files /dev/null and b/docs/_static/images/nmp5.png differ diff --git a/docs/_static/images/nmp6.png b/docs/_static/images/nmp6.png new file mode 100644 index 00000000..c4645e33 Binary files /dev/null and b/docs/_static/images/nmp6.png differ diff --git a/docs/_static/images/nmp7.png b/docs/_static/images/nmp7.png new file mode 100644 index 00000000..3e518e7e Binary files /dev/null and b/docs/_static/images/nmp7.png differ diff --git a/docs/configexamples/index.rst b/docs/configexamples/index.rst index 7f6e56a5..a53a86c6 100644 --- a/docs/configexamples/index.rst +++ b/docs/configexamples/index.rst @@ -20,6 +20,7 @@ This chapter contains various configuration examples: inter-vrf-routing-vrf-lite openvpn-ldap qos + nmp Configuration Blueprints (autotest) diff --git a/docs/configexamples/nmp.rst b/docs/configexamples/nmp.rst new file mode 100644 index 00000000..913e7107 --- /dev/null +++ b/docs/configexamples/nmp.rst @@ -0,0 +1,66 @@ +:lastproofread: 2023-03-26 + +.. _examples-nmp: + +########### +NMP example +########### + +Consider how to quickly set up NMP and VyOS for monitoring. +NMP is multi-vendor network monitoring from 'SolarWinds' built to scale and expand with the needs of your network. + +Configuration 'VyOS' +==================== + +First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP. + +.. code-block:: none + + set interfaces ethernet eth0 address 'dhcp' + set system name-server '8.8.8.8' + set service snmp community router authorization 'test' + set service snmp community router network '0.0.0.0/0' + + +Configuration 'NMP' +==================== + +Next, you just should follow the pictures: + +.. image:: /_static/images/nmp1.png + :width: 80% + :align: center + :alt: Network Topology Diagram + +.. image:: /_static/images/nmp2.png + :width: 80% + :align: center + :alt: Network Topology Diagram + +.. image:: /_static/images/nmp3.png + :width: 80% + :align: center + :alt: Network Topology Diagram + +.. image:: /_static/images/nmp4.png + :width: 80% + :align: center + :alt: Network Topology Diagram + +.. image:: /_static/images/nmp5.png + :width: 80% + :align: center + :alt: Network Topology Diagram + +.. image:: /_static/images/nmp6.png + :width: 80% + :align: center + :alt: Network Topology Diagram + +.. image:: /_static/images/nmp7.png + :width: 80% + :align: center + :alt: Network Topology Diagram + + +In the end, you'll get a powerful instrument for monitoring the VyOS systems. \ No newline at end of file -- cgit v1.2.3 From d700ad173cdd04c38aaadf0789d38e88207a03f9 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 27 Mar 2023 06:05:51 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 6 ++++++ docs/changelog/1.4.rst | 30 +++++++++++++++++++++++++++++- 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index c820be57..8f1e8d72 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit c820be57b6c77cdb0a5055d0c3a77dc8d550e2d7 +Subproject commit 8f1e8d720d63dffa2b5a3413c8827c9ad176f2ac diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 786ab1ba..82bceca4 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,12 @@ _ext/releasenotes.py +2023-03-21 +========== + +* :vytask:`T5098` (feature): PPPoE client holdoff configuration + + 2023-03-19 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 53d3a563..014afd23 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,35 @@ _ext/releasenotes.py +2023-03-23 +========== + +* :vytask:`T5108` (feature): Get rate limit for L2TP/PPTP/SSTP/IPoE in raw format +* :vytask:`T5086` (feature): Integrate hsflowd for sflow accounting +* :vytask:`T5107` (bug): Raise error in op-mode dns.py instead of calling exit + + +2023-03-22 +========== + +* :vytask:`T5068` (feature): Generate op-mode API client requests along with schema generation + + +2023-03-21 +========== + +* :vytask:`T5098` (feature): PPPoE client holdoff configuration +* :vytask:`T3694` (bug): Static routes not installed into kernel nor frr +* :vytask:`T5102` (feature): ospf: "redistribute babel" is always set + + +2023-03-20 +========== + +* :vytask:`T5057` (bug): IPoE server incorrect interface regex +* :vytask:`T5095` (feature): Return list instead of dict for 'raw' output of op-mode openvpn + + 2023-03-19 ========== @@ -2226,7 +2255,6 @@ * :vytask:`T3612` (bug): IPoE Server address pool issues. * :vytask:`T3995` (feature): OpenVPN: do not stop/start service on configuration change -* :vytask:`T3680` (bug): Static routes with dhcp-interface are flaky * :vytask:`T4008` (feature): dhcp: change client retry interval form 300 -> 60 seconds * :vytask:`T3795` (bug): WWAN: issues with non connected interface / no signal * :vytask:`T3510` (bug): RADIUS usersname is not shown on CLI -- cgit v1.2.3 From cff9f7a29130a1f8335e000520fbd6e0fa90ad33 Mon Sep 17 00:00:00 2001 From: Indrajit Raychaudhuri Date: Mon, 27 Mar 2023 01:59:06 -0500 Subject: dns: T5113: Support custom port for name-server forwarders Support optional custom port for name-server forwarders. --- docs/configuration/service/dns.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 4315b6dc..5fe408f1 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -25,10 +25,11 @@ avoid being tracked by the provider of your upstream DNS server. Interfaces whose DHCP client nameservers to forward requests to. -.. cfgcmd:: set service dns forwarding name-server
+.. cfgcmd:: set service dns forwarding name-server
port - Send all DNS queries to the IPv4/IPv6 DNS server specified under `
`. - You can configure multiple nameservers here. + Send all DNS queries to the IPv4/IPv6 DNS server specified under `
` + on optional port specified under ``. The port defaults to 53. You can + configure multiple nameservers here. .. cfgcmd:: set service dns forwarding domain server
@@ -167,8 +168,10 @@ In this scenario: set service dns forwarding domain example.com server 2001:db8:cafe::1 set service dns forwarding name-server 192.0.2.1 set service dns forwarding name-server 192.0.2.2 + set service dns forwarding name-server 192.0.2.3 port 853 set service dns forwarding name-server 2001:db8::1:ffff set service dns forwarding name-server 2001:db8::2:ffff + set service dns forwarding name-server 2001:db8::3:ffff port 8053 set service dns forwarding listen-address 192.168.1.254 set service dns forwarding listen-address 2001:db8::ffff set service dns forwarding allow-from 192.168.1.0/24 -- cgit v1.2.3 From ff094804a171d24609910e858fc1d9970a5ac006 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Wed, 29 Mar 2023 11:23:30 +0000 Subject: Add sFlow documentation and an example of configuraiton --- docs/configuration/system/index.rst | 1 + docs/configuration/system/sflow.rst | 63 +++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 docs/configuration/system/sflow.rst diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index 4df787a9..23edaa3f 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -19,6 +19,7 @@ System name-server option proxy + sflow syslog sysctl task-scheduler diff --git a/docs/configuration/system/sflow.rst b/docs/configuration/system/sflow.rst new file mode 100644 index 00000000..b131d8a9 --- /dev/null +++ b/docs/configuration/system/sflow.rst @@ -0,0 +1,63 @@ +.. _ntp: + +##### +sFlow +##### + +VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector. + +sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device. + +The sFlow accounting based on hsflowd https://sflow.net/ + +Configuration +============= + +.. cfgcmd:: set system sflow agent-address
+ + Configure sFlow agent IPv4 or IPv6 address + + +.. cfgcmd:: set system sflow agent-interface + + Configure agent IP address associated with this interface. + + +.. cfgcmd:: set system sflow drop-monitor-limit + + Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets + +.. cfgcmd:: set system sflow interface + + Configure and enable collection of flow information for the interface identified by . + + You can configure multiple interfaces which whould participate in sflow accounting. + + +.. cfgcmd:: set system sflow polling + + Configure schedule counter-polling in seconds (default: 30) + +.. cfgcmd:: set system sflow sampling-rate + + Use this command to configure the sampling rate for sFlow accounting (default: 1000) + +.. cfgcmd:: set system sflow server
port + + Configure address of sFlow collector. sFlow server at
can be both listening on an IPv4 or IPv6 address. + + +Example +======= + +.. code-block:: none + + set system sflow agent-address '192.0.2.14' + set system sflow agent-interface 'eth0' + set system sflow drop-monitor-limit '50' + set system sflow interface 'eth0' + set system sflow interface 'eth1' + set system sflow polling '30' + set system sflow sampling-rate '1000' + set system sflow server 192.0.2.1 port '6343' + set system sflow server 203.0.113.23 port '6343' -- cgit v1.2.3 From b0a9647576e2e663e9ab33844613714af91f2d6b Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 3 Apr 2023 06:05:20 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 25 +++++++++++++++++++ docs/changelog/1.4.rst | 68 +++++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 88 insertions(+), 7 deletions(-) diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index 8f1e8d72..b65296a0 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit 8f1e8d720d63dffa2b5a3413c8827c9ad176f2ac +Subproject commit b65296a0ff39e66d87e916971477cce351f6d5a5 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 82bceca4..18236014 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,31 @@ _ext/releasenotes.py +2023-04-01 +========== + +* :vytask:`T5047` (bug): Recreate only a specific container + + +2023-03-31 +========== + +* :vytask:`T5111` (bug): pppd-dns.service startup failed + + +2023-03-29 +========== + +* :vytask:`T5033` (bug): generate-public-key command fails for address with multiple public keys like GitHub +* :vytask:`T5097` (bug): the operational command "show interfaces ethernet ethx" doesn't reflect a call to 'clear counters' + + +2023-03-27 +========== + +* :vytask:`T4737` (bug): FRRouting/zebra 7.5.1 does not redistribute routes to other protocols + + 2023-03-21 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 014afd23..eab4caf1 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,68 @@ _ext/releasenotes.py +2023-04-02 +========== + +* :vytask:`T5134` (feature): Try if netavark networks can be moved to a VRF instance + + +2023-04-01 +========== + +* :vytask:`T5082` (feature): container: switch to netavark network stack +* :vytask:`T5047` (bug): Recreate only a specific container +* :vytask:`T5132` (default): Operational command "show isis vrf XXX route | neighbord" aren't working + + +2023-03-31 +========== + +* :vytask:`T5129` (feature): Add AWS build flavour +* :vytask:`T5126` (feature): http-api: add 'allow-client' to restrict IP address of client connections + + +2023-03-30 +========== + +* :vytask:`T5130` (bug): op-mode: drop remaining reference to obsoleted 'show_interfaces.py' +* :vytask:`T4866` (feature): Rewrite show_interfaces to standardized form +* :vytask:`T366` (bug): SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only + + +2023-03-29 +========== + +* :vytask:`T5100` (feature): Update FRR to 8.5 +* :vytask:`T5094` (bug): FRR systemd logs unknow key LimitNOFILESoft +* :vytask:`T5085` (bug): ospfv3 route-map not applied in FRR configuration +* :vytask:`T5056` (bug): IPoE server vlan-mon is not working +* :vytask:`T5033` (bug): generate-public-key command fails for address with multiple public keys like GitHub +* :vytask:`T4876` (bug): mpls - LSP broken on FRR 8.4.1 +* :vytask:`T5097` (bug): the operational command "show interfaces ethernet ethx" doesn't reflect a call to 'clear counters' +* :vytask:`T5089` (enhancment): Add unit test of config_diff +* :vytask:`T5088` (enhancment): Add lexicographical-numeric compare function for vytree/configtree +* :vytask:`T5087` (enhancment): Add support for lexical ordering of nodes in config_tree +* :vytask:`T4885` (feature): Rewrite 'clear interfaces counters' from Perl to Python +* :vytask:`T4846` (bug): L3VPN- network command doesn't install direct connected prefix + + +2023-03-28 +========== + +* :vytask:`T5043` (feature): Need to create reset command for IKEv2 remote-access vpn connections + + +2023-03-27 +========== + +* :vytask:`T5099` (feature): IPoE server add option 'next-pool' for named ip pools +* :vytask:`T5106` (feature): Extend generation of API client requests to configsession native functions and composite requests +* :vytask:`T5104` (bug): DHCP default route issues with static routes in VRFs +* :vytask:`T5079` (feature): xml: schema extension to support defaultValues on tagNodes +* :vytask:`T5114` (feature): bgp: implement new CLI commands introduced in FRR 8.5 + + 2023-03-23 ========== @@ -1869,12 +1931,6 @@ * :vytask:`T4181` (bug): Firewall ipv6-network-group - incorrect description on helper -2022-01-22 -========== - -* :vytask:`T4173` (bug): Wan Load Balancing - Error on firewall NAT rules - - 2022-01-21 ========== -- cgit v1.2.3