From 8943fc9f877cbee3301a8261ddd27b4b1f15f174 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 30 Nov 2020 20:53:36 +0100 Subject: arrange services and protocols --- docs/configuration/protocols/bfd.rst | 117 ++++++++++ docs/configuration/protocols/bgp.rst | 335 ++++++++++++++++++++++++++++ docs/configuration/protocols/igmp-proxy.rst | 2 + docs/configuration/protocols/igmp.rst | 244 ++++++++++++++++++++ docs/configuration/protocols/index.rst | 22 ++ docs/configuration/protocols/mpls.rst | 157 +++++++++++++ docs/configuration/protocols/ospf.rst | 70 ++++++ docs/configuration/protocols/ospfv3.rst | 71 ++++++ docs/configuration/protocols/pim.rst | 2 + docs/configuration/protocols/rip.rst | 37 +++ docs/configuration/protocols/ripng.rst | 3 + docs/configuration/protocols/rpki.rst | 113 ++++++++++ docs/configuration/protocols/static.rst | 195 ++++++++++++++++ docs/configuration/protocols/vrf.rst | 3 + 14 files changed, 1371 insertions(+) create mode 100644 docs/configuration/protocols/bfd.rst create mode 100644 docs/configuration/protocols/bgp.rst create mode 100644 docs/configuration/protocols/igmp-proxy.rst create mode 100644 docs/configuration/protocols/igmp.rst create mode 100644 docs/configuration/protocols/index.rst create mode 100644 docs/configuration/protocols/mpls.rst create mode 100644 docs/configuration/protocols/ospf.rst create mode 100644 docs/configuration/protocols/ospfv3.rst create mode 100644 docs/configuration/protocols/pim.rst create mode 100644 docs/configuration/protocols/rip.rst create mode 100644 docs/configuration/protocols/ripng.rst create mode 100644 docs/configuration/protocols/rpki.rst create mode 100644 docs/configuration/protocols/static.rst create mode 100644 docs/configuration/protocols/vrf.rst (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst new file mode 100644 index 00000000..b8fdf489 --- /dev/null +++ b/docs/configuration/protocols/bfd.rst @@ -0,0 +1,117 @@ +.. include:: /_include/need_improvement.txt + +.. _routing-bfd: + +### +BFD +### + +:abbr:`BFD (Bidirectional Forwarding Detection)` is described and extended by +the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`. + + +Configure BFD +============= + +.. cfgcmd:: set protocols bfd peer
+ + Set BFD peer IPv4 address or IPv6 address + +.. cfgcmd:: set protocols bfd peer
echo-mode + + Enables the echo transmission mode + +.. cfgcmd:: set protocols bfd peer
multihop + + Allow this BFD peer to not be directly connected + +.. cfgcmd:: set protocols bfd peer
source [address
| interface ] + + Bind listener to specifid interface/address, mandatory for IPv6 + +.. cfgcmd:: set protocols bfd peer
interval echo-interval <10-60000> + + The minimal echo receive transmission interval that this system is capable of handling + +.. cfgcmd:: set protocols bfd peer
interval multiplier <2-255> + + Remote transmission interval will be multiplied by this value + +.. cfgcmd:: set protocols bfd peer
interval [receive | transmit] <10-60000> + + Interval in milliseconds + +.. cfgcmd:: set protocols bfd peer
shutdown + + Disable a BFD peer + + +Enable BFD in BGP +----------------- + +.. cfgcmd:: set protocols bgp neighbor
bfd + + Enable BFD on a single BGP neighbor + +.. cfgcmd:: set protocols bgp peer-group bfd + + Enable BFD on a BGP peer group + + + +Enable BFD in OSPF +------------------ + +.. cfgcmd:: set interfaces ethernet ip ospf bfd + + Enable BFD for ospf on a interface + +.. cfgcmd:: set interfaces ethernet ipv6 ospfv3 bfd + + Enable BFD for ospfv3 on a interface + + + +Operational Commands +==================== + +.. opcmd:: show protocols bfd peer + + Show all BFD peers + + .. code-block:: none + + BFD Peers: + peer 198.51.100.33 vrf default interface eth4.100 + ID: 4182341893 + Remote ID: 12678929647 + Status: up + Uptime: 1 month(s), 16 hour(s), 29 minute(s), 38 second(s) + Diagnostics: ok + Remote diagnostics: ok + Local timers: + Receive interval: 300ms + Transmission interval: 300ms + Echo transmission interval: 50ms + Remote timers: + Receive interval: 300ms + Transmission interval: 300ms + Echo transmission interval: 0ms + + peer 198.51.100.55 vrf default interface eth4.101 + ID: 4618932327 + Remote ID: 3312345688 + Status: up + Uptime: 20 hour(s), 16 minute(s), 19 second(s) + Diagnostics: ok + Remote diagnostics: ok + Local timers: + Receive interval: 300ms + Transmission interval: 300ms + Echo transmission interval: 50ms + Remote timers: + Receive interval: 300ms + Transmission interval: 300ms + Echo transmission interval: 0ms + + diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst new file mode 100644 index 00000000..c576d836 --- /dev/null +++ b/docs/configuration/protocols/bgp.rst @@ -0,0 +1,335 @@ +.. _bgp: + +### +BGP +### + +:abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols +and the de facto standard interdomain routing protocol. The latest BGP version +is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` +adds multiprotocol support to BGP. + +VyOS makes use of :abbr:`FRR (Free Range Routing)` and we would like to thank +them for their effort! + +Basic Concepts +============== + +.. _bgp-autonomous-systems: + +Autonomous Systems +------------------ + +From :rfc:`1930`: + + An AS is a connected group of one or more IP prefixes run by one or more + network operators which has a SINGLE and CLEARLY DEFINED routing policy. + +Each AS has an identifying number associated with it called an :abbr:`ASN +(Autonomous System Number)`. This is a two octet value ranging in value from 1 +to 65535. The AS numbers 64512 through 65535 are defined as private AS numbers. +Private AS numbers must not be advertised on the global Internet. + +The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of +BGP. BGP is a distance vector routing protocol, and the AS-Path framework +provides distance vector metric and loop detection to BGP. + +.. _bgp-address-families: + +Address Families +---------------- + +Multiprotocol extensions enable BGP to carry routing information for multiple +network layer protocols. BGP supports an Address Family Identifier (AFI) for +IPv4 and IPv6. + +.. _bgp-route-selection: + +Route Selection +--------------- + +The route selection process used by FRR's BGP implementation uses the following +decision criterion, starting at the top of the list and going towards the +bottom until one of the factors can be used. + +1. **Weight check** + + Prefer higher local weight routes to lower routes. + +2. **Local preference check** + + Prefer higher local preference routes to lower. + +3. **Local route check** + + Prefer local routes (statics, aggregates, redistributed) to received routes. + +4. **AS path length check** + + Prefer shortest hop-count AS_PATHs. + +5. **Origin check** + + Prefer the lowest origin type route. That is, prefer IGP origin routes to + EGP, to Incomplete routes. + +6. **MED check** + + Where routes with a MED were received from the same AS, prefer the route + with the lowest MED. + +7. **External check** + + Prefer the route received from an external, eBGP peer over routes received + from other types of peers. + +8. **IGP cost check** + + Prefer the route with the lower IGP cost. + +9. **Multi-path check** + + If multi-pathing is enabled, then check whether the routes not yet + distinguished in preference may be considered equal. If + :cfgcmd:`bgp bestpath as-path multipath-relax` is set, all such routes are + considered equal, otherwise routes received via iBGP with identical AS_PATHs + or routes received from eBGP neighbours in the same AS are considered equal. + +10. **Already-selected external check** + + Where both routes were received from eBGP peers, then prefer the route + which is already selected. Note that this check is not applied if + :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can + prevent some cases of oscillation. + +11. **Router-ID check** + + Prefer the route with the lowest `router-ID`. If the route has an + `ORIGINATOR_ID` attribute, through iBGP reflection, then that router ID is + used, otherwise the `router-ID` of the peer the route was received from is + used. + +12. **Cluster-List length check** + + The route with the shortest cluster-list length is used. The cluster-list + reflects the iBGP reflection path the route has taken. + +13. **Peer address** + + Prefer the route received from the peer with the higher transport layer + address, as a last-resort tie-breaker. + +.. _bgp-capability-negotiation: + +Capability Negotiation +---------------------- + +When adding IPv6 routing information exchange feature to BGP. There were some +proposals. :abbr:`IETF (Internet Engineering Task Force)` +:abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol +Extension for BGP. The specification is described in :rfc:`2283`. The protocol +does not define new protocols. It defines new attributes to existing BGP. When +it is used exchanging IPv6 routing information it is called BGP-4+. When it is +used for exchanging multicast routing information it is called MBGP. + +*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports +the protocol, *bgpd* can exchange IPv6 and/or multicast routing information. + +Traditional BGP did not have the feature to detect a remote peer's +capabilities, e.g. whether it can handle prefix types other than IPv4 unicast +routes. This was a big problem using Multiprotocol Extension for BGP in an +operational network. :rfc:`2842` adopted a feature called Capability +Negotiation. *bgpd* use this Capability Negotiation to detect the remote peer's +capabilities. If a peer is only configured as an IPv4 unicast neighbor, *bgpd* +does not send these Capability Negotiation packets (at least not unless other +optional BGP features require capability negotiation). + +By default, FRR will bring up peering with minimal common capability for the +both sides. For example, if the local router has unicast and multicast +capabilities and the remote router only has unicast capability the local router +will establish the connection with unicast only capability. When there are no +common capabilities, FRR sends Unsupported Capability error and then resets the +connection. + +.. _bgp-router-configuration: + +BGP Router Configuration +======================== + +ASN and Router ID +----------------- + +.. cfgcmd:: set protocols bgp + + First of all you must configure BGP router with the :abbr:`ASN (Autonomous + System Number)`. The AS number is an identifier for the autonomous system. + The BGP protocol uses the AS number for detecting whether the BGP connection + is internal or external. + +.. cfgcmd:: set protocols bgp parameters router-id + + This command specifies the router-ID. If router ID is not specified it will + use the highest interface IP address. + +Route Selection +--------------- + +.. cfgcmd:: set protocols bgp parameters bestpath as-path confed + + This command specifies that the length of confederation path sets and + sequences should be taken into account during the BGP best path + decision process. + +.. cfgcmd:: set protocols bgp parameters bestpath as-path multipath-relax + + This command specifies that BGP decision process should consider paths + of equal AS_PATH length candidates for multipath computation. Without + the knob, the entire AS_PATH must match for multipath computation. + +.. cfgcmd:: set protocols bgp parameters bestpath as-path ignore + + Ignore AS_PATH length when selecting a route + +IPv4 +^^^^ + +A simple eBGP configuration: + +**Node 1:** + +.. code-block:: none + + set protocols bgp 65534 neighbor 192.168.0.2 ebgp-multihop '2' + set protocols bgp 65534 neighbor 192.168.0.2 remote-as '65535' + set protocols bgp 65534 neighbor 192.168.0.2 update-source '192.168.0.1' + set protocols bgp 65534 address-family ipv4-unicast network '172.16.0.0/16' + set protocols bgp 65534 parameters router-id '192.168.0.1' + +**Node 2:** + +.. code-block:: none + + set protocols bgp 65535 neighbor 192.168.0.1 ebgp-multihop '2' + set protocols bgp 65535 neighbor 192.168.0.1 remote-as '65534' + set protocols bgp 65535 neighbor 192.168.0.1 update-source '192.168.0.2' + set protocols bgp 65535 address-family ipv4-unicast network '172.17.0.0/16' + set protocols bgp 65535 parameters router-id '192.168.0.2' + + +Don't forget, the CIDR declared in the network statement MUST **exist in your +routing table (dynamic or static), the best way to make sure that is true is +creating a static route:** + +**Node 1:** + +.. code-block:: none + + set protocols static route 172.16.0.0/16 blackhole distance '254' + +**Node 2:** + +.. code-block:: none + + set protocols static route 172.17.0.0/16 blackhole distance '254' + + +IPv6 +^^^^ + +A simple BGP configuration via IPv6. + +**Node 1:** + +.. code-block:: none + + set protocols bgp 65534 neighbor 2001:db8::2 ebgp-multihop '2' + set protocols bgp 65534 neighbor 2001:db8::2 remote-as '65535' + set protocols bgp 65534 neighbor 2001:db8::2 update-source '2001:db8::1' + set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast + set protocols bgp 65534 address-family ipv6-unicast network '2001:db8:1::/48' + set protocols bgp 65534 parameters router-id '10.1.1.1' + +**Node 2:** + +.. code-block:: none + + set protocols bgp 65535 neighbor 2001:db8::1 ebgp-multihop '2' + set protocols bgp 65535 neighbor 2001:db8::1 remote-as '65534' + set protocols bgp 65535 neighbor 2001:db8::1 update-source '2001:db8::2' + set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast + set protocols bgp 65535 address-family ipv6-unicast network '2001:db8:2::/48' + set protocols bgp 65535 parameters router-id '10.1.1.2' + +Don't forget, the CIDR declared in the network statement **MUST exist in your +routing table (dynamic or static), the best way to make sure that is true is +creating a static route:** + +**Node 1:** + +.. code-block:: none + + set protocols static route6 2001:db8:1::/48 blackhole distance '254' + +**Node 2:** + +.. code-block:: none + + set protocols static route6 2001:db8:2::/48 blackhole distance '254' + +Route Filter +^^^^^^^^^^^^ + +Route filter can be applied using a route-map: + +**Node1:** + +.. code-block:: none + + set policy prefix-list AS65535-IN rule 10 action 'permit' + set policy prefix-list AS65535-IN rule 10 prefix '172.16.0.0/16' + set policy prefix-list AS65535-OUT rule 10 action 'deny' + set policy prefix-list AS65535-OUT rule 10 prefix '172.16.0.0/16' + set policy prefix-list6 AS65535-IN rule 10 action 'permit' + set policy prefix-list6 AS65535-IN rule 10 prefix '2001:db8:2::/48' + set policy prefix-list6 AS65535-OUT rule 10 action 'deny' + set policy prefix-list6 AS65535-OUT rule 10 prefix '2001:db8:2::/48' + set policy route-map AS65535-IN rule 10 action 'permit' + set policy route-map AS65535-IN rule 10 match ip address prefix-list 'AS65535-IN' + set policy route-map AS65535-IN rule 10 match ipv6 address prefix-list 'AS65535-IN' + set policy route-map AS65535-IN rule 20 action 'deny' + set policy route-map AS65535-OUT rule 10 action 'deny' + set policy route-map AS65535-OUT rule 10 match ip address prefix-list 'AS65535-OUT' + set policy route-map AS65535-OUT rule 10 match ipv6 address prefix-list 'AS65535-OUT' + set policy route-map AS65535-OUT rule 20 action 'permit' + set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map export 'AS65535-OUT' + set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv4-unicast route-map import 'AS65535-IN' + set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map export 'AS65535-OUT' + set protocols bgp 65534 neighbor 2001:db8::2 address-family ipv6-unicast route-map import 'AS65535-IN' + +**Node2:** + +.. code-block:: none + + set policy prefix-list AS65534-IN rule 10 action 'permit' + set policy prefix-list AS65534-IN rule 10 prefix '172.17.0.0/16' + set policy prefix-list AS65534-OUT rule 10 action 'deny' + set policy prefix-list AS65534-OUT rule 10 prefix '172.17.0.0/16' + set policy prefix-list6 AS65534-IN rule 10 action 'permit' + set policy prefix-list6 AS65534-IN rule 10 prefix '2001:db8:1::/48' + set policy prefix-list6 AS65534-OUT rule 10 action 'deny' + set policy prefix-list6 AS65534-OUT rule 10 prefix '2001:db8:1::/48' + set policy route-map AS65534-IN rule 10 action 'permit' + set policy route-map AS65534-IN rule 10 match ip address prefix-list 'AS65534-IN' + set policy route-map AS65534-IN rule 10 match ipv6 address prefix-list 'AS65534-IN' + set policy route-map AS65534-IN rule 20 action 'deny' + set policy route-map AS65534-OUT rule 10 action 'deny' + set policy route-map AS65534-OUT rule 10 match ip address prefix-list 'AS65534-OUT' + set policy route-map AS65534-OUT rule 10 match ipv6 address prefix-list 'AS65534-OUT' + set policy route-map AS65534-OUT rule 20 action 'permit' + set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map export 'AS65534-OUT' + set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv4-unicast route-map import 'AS65534-IN' + set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map export 'AS65534-OUT' + set protocols bgp 65535 neighbor 2001:db8::1 address-family ipv6-unicast route-map import 'AS65534-IN' + +We could expand on this and also deny link local and multicast in the rule 20 +action deny. diff --git a/docs/configuration/protocols/igmp-proxy.rst b/docs/configuration/protocols/igmp-proxy.rst new file mode 100644 index 00000000..cce5f948 --- /dev/null +++ b/docs/configuration/protocols/igmp-proxy.rst @@ -0,0 +1,2 @@ +igmp-proxy +########## \ No newline at end of file diff --git a/docs/configuration/protocols/igmp.rst b/docs/configuration/protocols/igmp.rst new file mode 100644 index 00000000..9104b0c9 --- /dev/null +++ b/docs/configuration/protocols/igmp.rst @@ -0,0 +1,244 @@ +.. _multicast: + +######### +Multicast +######### + +VyOS facilitates IP Multicast by supporting **PIM Sparse Mode**, +**IGMP** and **IGMP-Proxy**. + +************ +PIM and IGMP +************ + +PIM (Protocol Independent Multicast) must be configured in every +interface of every participating router. Every router must also have the +location of the Rendevouz Point manually configured. Then, +unidirectional shared trees rooted at the Rendevouz Point will +automatically be built for multicast distribution. + +Traffic from multicast sources will go to the Rendezvous Point, and +receivers will pull it from a shared tree using IGMP (Internet Group +Management Protocol). + +Multicast receivers will talk IGMP to their local router, so, besides +having PIM configured in every router, IGMP must also be configured in +any router where there could be a multicast receiver locally connected. + +VyOS supports both IGMP version 2 and version 3 (which allows +source-specific multicast). + + +Example +======= + +In the following example we can see a basic multicast setup: + +.. image:: /_static/images/multicast-basic.png + :width: 90% + :align: center + :alt: Network Topology Diagram + + + +**Router 1** + +.. code-block:: none + + set interfaces ethernet eth2 address '172.16.0.2/24' + set interfaces ethernet eth1 address '100.64.0.1/24' + set protocols ospf area 0 network '172.16.0.0/24' + set protocols ospf area 0 network '100.64.0.0/24' + set protocols igmp interface eth1 + set protocols pim interface eth1 + set protocols pim interface eth2 + set protocols pim rp address 172.16.255.1 group '224.0.0.0/4' + +**Router 3** + +.. code-block:: none + + set interfaces dummy dum0 address '172.16.255.1/24' + set interfaces ethernet eth0 address '172.16.0.1/24' + set interfaces ethernet eth1 address '172.16.1.1/24' + set protocols ospf area 0 network '172.16.0.0/24' + set protocols ospf area 0 network '172.16.255.0/24' + set protocols ospf area 0 network '172.16.1.0/24' + set protocols pim interface dum0 + set protocols pim interface eth0 + set protocols pim interface eth1 + set protocols pim rp address 172.16.255.1 group '224.0.0.0/4' + +**Router 2** + +.. code-block:: none + + set interfaces ethernet eth1 address '10.0.0.1/24' + set interfaces ethernet eth2 address '172.16.1.2/24' + set protocols ospf area 0 network '10.0.0.0/24' + set protocols ospf area 0 network '172.16.1.0/24' + set protocols pim interface eth1 + set protocols pim interface eth2 + set protocols pim rp address 172.16.255.1 group '224.0.0.0/4' + + + + + +Basic commands +============== + +These are the commands for a basic setup. + +.. cfgcmd:: set protocols pim interface + + Use this command to enable PIM in the selected interface so that it + can communicate with PIM neighbors. + + +.. cfgcmd:: set protocols pim rp address
group + + Use this comand to manually configure a Rendevouz Point for PIM so + that join messages can be sent there. Set the Rendevouz Point address + and the matching prefix of group ranges covered. These values must + be shared with every router participating in the PIM network. + + +.. cfgcmd:: set protocols igmp interface eth1 + + Use this command to configure an interface with IGMP so that PIM can + receive IGMP reports and query on the selected interface. By defaul + IGMP version 3 will be used. + + + +Tuning commands +=============== + +You can also tune multicast with the following commands. + +.. cfgcmd:: set protocols pim interface dr-priority + + Use this PIM command in the selected interface to set the priority + (1-4294967295) you want to influence in the election of a node to + become the Designated Router for a LAN segment. The default priority + is 1, set a higher value to give the router more preference in the + DR election process. + + +.. cfgcmd:: set protocols pim int hello + + Use this command to configure the PIM hello interval in seconds + (1-180) for the selected interface. + + +.. cfgcmd:: set protocols pim rp keep-alive-timer + + Use this PIM command to modify the the time out value (31-60000 + seconds) for an `(S,G) `_ + flow. 31 seconds is chosen for a lower bound as some hardware + platforms cannot see data flowing in better than 30 second chunks. + + +.. cfgcmd:: set protocols igmp interface join source + + Use this command to allow the selected interface join a multicast + group defining the multicast address you want to join and the source + IP address too. + + +.. cfgcmd:: set protocols igmp interface + + Use this command to configure in the selected interface the IGMP + host query interval (1-1800) in seconds that PIM will use. + + +.. cfgcmd:: set protocols igmp interface + + Use this command to configure in the selected interface the IGMP + query response timeout value (10-250) in deciseconds. If a report is + not returned in the specified time, it will be asumed the `(S,G) or + (*,G) state `_ has + timed out. + + +.. cfgcmd:: set protocols igmp interface version + + Use this command to define in the selected interface whether you + choose IGMP version 2 or 3. The default value is 3. + + + +********** +IGMP Proxy +********** + +:abbr:`IGMP (Internet Group Management Protocol)` proxy sends IGMP host messages +on behalf of a connected client. The configuration must define one, and only one +upstream interface, and one or more downstream interfaces. + +Configuration +============= + +.. cfgcmd:: set protocols igmp-proxy interface role + + * **upstream:** The upstream network interface is the outgoing interface + which is responsible for communicating to available multicast data sources. + There can only be one upstream interface. + + * **downstream:** Downstream network interfaces are the distribution + interfaces to the destination networks, where multicast clients can join + groups and receive multicast data. One or more downstream interfaces must + be configured. + +.. cfgcmd:: set protocols igmp-proxy interface alt-subnet + + Defines alternate sources for multicasting and IGMP data. The network address + must be on the following format 'a.b.c.d/n'. By default the router will + accept data from sources on the same network as configured on an interface. + If the multicast source lies on a remote network, one must define from where + traffic should be accepted. + + This is especially useful for the upstream interface, since the source for + multicast traffic is often from a remote location. + + This option can be supplied multiple times. + +.. cfgcmd:: set protocols igmp-proxy disable-quickleave + + Disables quickleave mode. In this mode the daemon will not send a Leave IGMP + message upstream as soon as it receives a Leave message for any downstream + interface. The daemon will not ask for Membership reports on the downstream + interfaces, and if a report is received the group is not joined again + upstream. + + If it's vital that the daemon should act exactly as a real multicast client + on the upstream interface, this function should be enabled. + + Enabling this function increases the risk of bandwidth saturation. + +.. cfgcmd:: set protocols igmp-proxy disable + + Disable this service. + +Example +------- + +Interface `eth1` LAN is behind NAT. In order to subscribe `10.0.0.0/23` subnet +multicast which is in `eth0` WAN we need to configure igmp-proxy. + +.. code-block:: none + + set protocols igmp-proxy interface eth0 role upstream + set protocols igmp-proxy interface eth0 alt-subnet 10.0.0.0/23 + set protocols igmp-proxy interface eth1 role downstream + +Operation +========= + +.. opcmd:: restart igmp-proxy + + Restart the IGMP proxy process. + + + diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst new file mode 100644 index 00000000..271b6056 --- /dev/null +++ b/docs/configuration/protocols/index.rst @@ -0,0 +1,22 @@ +######### +Protocols +######### + + +.. toctree:: + :maxdepth: 1 + :includehidden: + + bfd + bgp + igmp + igmp-proxy + mpls + ospf + ospfv3 + pim + rip + ripng + rpki + static + vrf diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst new file mode 100644 index 00000000..82e99a17 --- /dev/null +++ b/docs/configuration/protocols/mpls.rst @@ -0,0 +1,157 @@ +.. _mpls: + +#################################### +MPLS (Multiprotocol Label Switching) +#################################### + +:abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm +which differs from regular IP forwarding. Instead of IP addresses being used to +make the decision on finding the exit interface, a router will instead use an +exact match on a 32 bit/4 byte header called the MPLS label. This label is +inserted between the ethernet (layer 2) header and the IP (layer 3) header. +One can statically or dynamically assign label allocations, but we will focus +on dynamic allocation of labels using some sort of label distribution protocol +(such as the aptly named Label Distribution Protocol / LDP, Resource Reservation +Protocol / RSVP, or Segment Routing through OSPF/ISIS). These protocols allow +for the creation of a unidirectional/unicast path called a labeled switched +path (initialized as LSP) throughout the network that operates very much like +a tunnel through the network. An easy way of thinking about how an MPLS LSP +actually forwards traffic throughout a network is to think of a GRE tunnel. +They are not the same in how they operate, but they are the same in how they +handle the tunneled packet. It would be good to think of MPLS as a tunneling +technology that can be used to transport many different types of packets, to +aid in traffic engineering by allowing one to specify paths throughout the +network (using RSVP or SR), and to generally allow for easier intra/inter +network transport of data packets. + +For more information on how MPLS label switching works, please go visit +`Wikipedia (MPLS)`_. + +.. note:: MPLS support in VyOS is not finished yet, and therefore its + functionality is limited. Currently there is no support for MPLS enabled VPN + services such as L3VPNs, L2VPNs, and mVPNs. RSVP support is also not present + as the underlying routing stack (FRR) does not implement it. Currently VyOS + can be configured as a label switched router (MPLS P router), in both + penultimate and ultimate hop popping operations. + +Label Distribution Protocol +=========================== + +The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume +a single protocol to create MPLS paths. VyOS supports the Label Distribution +Protocol (LDP) as implemented by FRR, based on :rfc:`5036`. + +:abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling protocol +that distributes labels creating MPLS label switched paths in a dynamic manner. +LDP is not a routing protocol, as it relies on other routing protocols for +forwarding decisions. LDP cannot bootstrap itself, and therefore relies on said +routing protocols for communication with other routers that use LDP. + +In order to allow for LDP on the local router to exchange label advertisements +with other routers, a TCP session will be established between automatically +discovered and statically assigned routers. LDP will try to establish a TCP +session to the **transport address** of other routers. Therefore for LDP to +function properly please make sure the transport address is shown in the +routing table and reachable to traffic at all times. + +It is highly recommended to use the same address for both the LDP router-id and +the discovery transport address, but for VyOS MPLS LDP to work both parameters +must be explicitly set in the configuration. + +Configuration Options +===================== + +.. cfgcmd:: set protocols mpls ldp interface + + Use this command to enable LDP, and enable MPLS processing on the interface you + define. + +.. cfgcmd:: set protocols mpls ldp router-id
+ + Use this command to configure the IP address used as the LDP router-id of the + local device. + +.. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address +.. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address + + Use this command to set the IPv4 or IPv6 transport-address used by LDP. + +.. cfgcmd:: set protocols mpls ldp neighbor password + + Use this command to configure authentication for LDP peers. Set the + IP address of the LDP peer and a password that should be shared in + order to become neighbors. + +.. cfgcmd:: set protocols mpls ldp discovery hello-interval +.. cfgcmd:: set protocols mpls ldp discovery hello-holdtime + + Use this command if you would like to set the discovery hello and hold time + parameters. + +.. cfgcmd:: set protocols mpls ldp discovery session-ipv4-holdtime +.. cfgcmd:: set protocols mpls ldp discovery session-ipv6-holdtime + + Use this command if you would like to set the TCP session hold time intervals. + +.. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null +.. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null + + Use this command if you would like for the router to advertise FECs with a label + of 0 for explicit null operations. + + +Sample configuration to setup LDP on VyOS +----------------------------------------- + +.. code-block:: none + + set protocols ospf area 0 network '192.168.255.252/32' <--- Routing for loopback + set protocols ospf area 0 network '192.168.0.5/32' <--- Routing for an interface connecting to the network + set protocols ospf parameters router-id '192.168.255.252' <--- Router ID setting for OSPF + set protocols mpls ldp discovery transport-ipv4-address '192.168.255.252' <--- Transport address for LDP for TCP sessions to connect to + set protocols mpls ldp interface 'eth1' <--- Enable MPLS and LDP for an interface connecting to network + set protocols mpls ldp interface 'lo' <--- Enable MPLS and LDP on loopback for future services connectivity + set protocols mpls ldp router-id '192.168.255.252' <--- Router ID setting for LDP + set interfaces ethernet eth1 address '192.168.0.5/31' <--- Interface IP for connecting to network + set interfaces loopback lo address '192.168.255.252/32' <--- Interface loopback IP for router ID and other uses + + +Operational Mode Commands +========================= + +When LDP is working, you will be able to see label information in the outcome +of ``show ip route``. Besides that information, there are also specific *show* +commands for LDP: + +Show +---- + +.. opcmd:: show mpls ldp binding + + Use this command to see the Label Information Base. + +.. opcmd:: show mpls ldp discovery + + Use this command to see discovery hello information + +.. opcmd:: show mpls ldp interface + + Use this command to see LDP interface information + +.. opcmd:: show mpls ldp neighbor + + Use this command to see LDP neighbor information + +.. opcmd:: show mpls ldp neighbor detail + + Use this command to see detailed LDP neighbor information + +Reset +----- + +.. opcmd:: reset mpls ldp neighbor + + Use this command to reset an LDP neighbor/TCP session that is established + + +.. _`Wikipedia (MPLS)`: https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst new file mode 100644 index 00000000..ff7c5e64 --- /dev/null +++ b/docs/configuration/protocols/ospf.rst @@ -0,0 +1,70 @@ +.. include:: /_include/need_improvement.txt + +.. _routing-ospf: + +#### +OSPF +#### + +:abbr:`OSPF (Open Shortest Path First)` is a routing protocol for Internet +Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls +into the group of interior gateway protocols (IGPs), operating within a single +autonomous system (AS). It is defined as OSPF Version 2 in :rfc:`2328` (1998) +for IPv4. Updates for IPv6 are specified as OSPF Version 3 in :rfc:`5340` +(2008). OSPF supports the :abbr:`CIDR (Classless Inter-Domain Routing)` +addressing model. + +OSPF is a widely used IGP in large enterprise networks. + +OSPFv2 (IPv4) +############# + +In order to have a VyOS system exchanging routes with OSPF neighbors, you will +at least need to configure an OSPF area and some network. + +.. code-block:: none + + set protocols ospf area 0 network 192.168.0.0/24 + +That is the minimum configuration you will need. +It is a good practice to define the router ID too. + +.. code-block:: none + + set protocols ospf parameters router-id 10.1.1.1 + + +Below you can see a typical configuration using 2 nodes, redistribute loopback +address and the node 1 sending the default route: + +**Node 1** + +.. code-block:: none + + set interfaces loopback lo address 10.1.1.1/32 + set protocols ospf area 0 network 192.168.0.0/24 + set protocols ospf default-information originate always + set protocols ospf default-information originate metric 10 + set protocols ospf default-information originate metric-type 2 + set protocols ospf log-adjacency-changes + set protocols ospf parameters router-id 10.1.1.1 + set protocols ospf redistribute connected metric-type 2 + set protocols ospf redistribute connected route-map CONNECT + + set policy route-map CONNECT rule 10 action permit + set policy route-map CONNECT rule 10 match interface lo + +**Node 2** + +.. code-block:: none + + set interfaces loopback lo address 10.2.2.2/32 + set protocols ospf area 0 network 192.168.0.0/24 + set protocols ospf log-adjacency-changes + set protocols ospf parameters router-id 10.2.2.2 + set protocols ospf redistribute connected metric-type 2 + set protocols ospf redistribute connected route-map CONNECT + + set policy route-map CONNECT rule 10 action permit + set policy route-map CONNECT rule 10 match interface lo + diff --git a/docs/configuration/protocols/ospfv3.rst b/docs/configuration/protocols/ospfv3.rst new file mode 100644 index 00000000..f0e28983 --- /dev/null +++ b/docs/configuration/protocols/ospfv3.rst @@ -0,0 +1,71 @@ +OSPFv3 (IPv6) +############# + +A typical configuration using 2 nodes. + +**Node 1:** + +.. code-block:: none + + set protocols ospfv3 area 0.0.0.0 interface eth1 + set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64 + set protocols ospfv3 parameters router-id 192.168.1.1 + set protocols ospfv3 redistribute connected + +**Node 2:** + +.. code-block:: none + + set protocols ospfv3 area 0.0.0.0 interface eth1 + set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64 + set protocols ospfv3 parameters router-id 192.168.2.1 + set protocols ospfv3 redistribute connected + +.. note:: You can not easily redistribute IPv6 routes via OSPFv3 on a WireGuard + interface link. This requires you to configure link-local addresses manually + on the WireGuard interfaces, see :vytask:`T1483`. + +Example configuration for WireGuard interfaces: + +**Node 1** + +.. code-block:: none + + set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64' + set interfaces wireguard wg01 address '192.168.0.1/24' + set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0' + set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0' + set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345' + set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...=' + set interfaces wireguard wg01 port '12345' + set protocols ospfv3 parameters router-id 192.168.1.1 + set protocols ospfv3 area 0.0.0.0 interface 'wg01' + set protocols ospfv3 area 0.0.0.0 interface 'lo' + +**Node 2** + +.. code-block:: none + + set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64' + set interfaces wireguard wg01 address '192.168.0.2/24' + set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0' + set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0' + set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345' + set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...=' + set interfaces wireguard wg01 port '12345' + set protocols ospfv3 parameters router-id 192.168.1.2 + set protocols ospfv3 area 0.0.0.0 interface 'wg01' + set protocols ospfv3 area 0.0.0.0 interface 'lo' + +**Status** + +.. code-block:: none + + vyos@ospf01:~$ sh ipv6 ospfv3 neighbor + Neighbor ID Pri DeadTime State/IfState Duration I/F[State] + 192.168.0.2 1 00:00:37 Full/PointToPoint 00:18:03 wg01[PointToPoint] + + vyos@ospf02# run sh ipv6 ospfv3 neighbor + Neighbor ID Pri DeadTime State/IfState Duration I/F[State] + 192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint] + diff --git a/docs/configuration/protocols/pim.rst b/docs/configuration/protocols/pim.rst new file mode 100644 index 00000000..1dd373d8 --- /dev/null +++ b/docs/configuration/protocols/pim.rst @@ -0,0 +1,2 @@ +PIM +### \ No newline at end of file diff --git a/docs/configuration/protocols/rip.rst b/docs/configuration/protocols/rip.rst new file mode 100644 index 00000000..0d73ad34 --- /dev/null +++ b/docs/configuration/protocols/rip.rst @@ -0,0 +1,37 @@ +.. include:: /_include/need_improvement.txt + +.. _rip: + +### +RIP +### + +:abbr:`RIP (Routing Information Protocol)` is a widely deployed interior gateway +protocol. RIP was developed in the 1970s at Xerox Labs as part of the XNS +routing protocol. RIP is a distance-vector protocol and is based on the +Bellman-Ford algorithms. As a distance-vector protocol, RIP router send updates +to its neighbors periodically, thus allowing the convergence to a known +topology. In each update, the distance to any given network will be broadcast +to its neighboring router. + +Supported versions of RIP are: +* RIPv1 as described in :rfc:`1058` +* RIPv2 as described in :rfc:`2453` + +Simple RIP configuration using 2 nodes and redistributing connected interfaces. + +**Node 1:** + +.. code-block:: none + + set interfaces loopback address 10.1.1.1/32 + set protocols rip network 192.168.0.0/24 + set protocols rip redistribute connected + +**Node 2:** + +.. code-block:: none + + set interfaces loopback address 10.2.2.2/32 + set protocols rip network 192.168.0.0/24 + set protocols rip redistribute connected diff --git a/docs/configuration/protocols/ripng.rst b/docs/configuration/protocols/ripng.rst new file mode 100644 index 00000000..dec6bddf --- /dev/null +++ b/docs/configuration/protocols/ripng.rst @@ -0,0 +1,3 @@ +##### +RIPng +##### \ No newline at end of file diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst new file mode 100644 index 00000000..9813b1b6 --- /dev/null +++ b/docs/configuration/protocols/rpki.rst @@ -0,0 +1,113 @@ +.. _rpki: + +#### +RPKI +#### + +.. pull-quote:: + + There are two types of Network Admins who deal with BGP, those who have + created an international incident and/or outage, and those who are lying + + -- `tweet by EvilMog`_, 2020-02-21 + +:abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:`PKI +(Public Key Infrastructure)` designed to secure the Internet routing +infrastructure. It associates BGP route announcements with the correct +originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then +use to check each route against the corresponding :abbr:`ROA (Route Origin +Authorisation)` for validity. RPKI is described in :rfc:`6480`. + +A BGP-speaking router like VyOS can retrieve ROA information from RPKI +"Relying Party software" (often just called an "RPKI server" or "RPKI +validator") by using :abbr:`RTR (RPKI to Router)` protocol. There are several +open source implementations to choose from, such as NLNetLabs' Routinator_ +(written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and +RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described +in :rfc:`8210`. + +.. tip:: + If you are new to these routing security technologies then there is an + `excellent guide to RPKI`_ by NLnet Labs which will get you up to speed + very quickly. Their documentation explains everything from what RPKI is to + deploying it in production (albeit with a focus on using NLnet Labs' + tools). It also has some `help and operational guidance`_ including + "What can I do about my route having an Invalid state?" + +First you will need to deploy an RPKI validator for your routers to use. The +RIPE NCC helpfully provide `some instructions`_ to get you started with +several different options. Once your server is running you can start +validating announcements. + +Imported prefixes during the validation may have values: + + valid + The prefix and ASN that originated it match a signed ROA. These are + probably trustworthy route announcements. + + invalid + The prefix or prefix length and ASN that originated it doesn't + match any existing ROA. This could be the result of a prefix hijack, or + merely a misconfiguration, but should probably be treated as + untrustworthy route announcements. + + notfound + No ROA exists which covers that prefix. Unfortunately this is the case + for about 80% of the IPv4 prefixes which were announced to the :abbr:`DFZ + (default-free zone)` at the start of 2020 (see more detail in + NLnet Labs' `RPKI analytics`_). + +.. note:: + If you are responsible for the global addresses assigned to your + network, please make sure that your prefixes have ROAs associated with them + to avoid being `notfound` by RPKI. For most ASNs this will involve + publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE + NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged + to do whenever you plan to announce addresses into the DFZ. + + Particularly large networks may wish to run their own RPKI certificate + authority and publication server instead of publishing ROAs via their RIR. + This is a subject far beyond the scope of VyOS' documentation. Consider + reading about Krill_ if this is a rabbit hole you need or especially want + to dive down. + +We can build route-maps for import based on these states. Here is a simple +RPKI configuration, where `routinator` is the RPKI-validating "cache" +server with ip `192.0.2.1`: + +.. code-block:: none + + set protocols rpki cache routinator address '192.0.2.1' + set protocols rpki cache routinator port '3323' + +Here is an example route-map to apply to routes learned at import. In this +filter we reject prefixes with the state `invalid`, and set a higher +`local-preference` if the prefix is RPKI `valid` rather than merely +`notfound`. + +.. code-block:: none + + set policy route-map ROUTES-IN rule 10 action 'permit' + set policy route-map ROUTES-IN rule 10 match rpki 'valid' + set policy route-map ROUTES-IN rule 10 set local-preference '300' + set policy route-map ROUTES-IN rule 20 action 'permit' + set policy route-map ROUTES-IN rule 20 match rpki 'notfound' + set policy route-map ROUTES-IN rule 20 set local-preference '125' + set policy route-map ROUTES-IN rule 30 action 'deny' + set policy route-map ROUTES-IN rule 30 match rpki 'invalid' + +Once your routers are configured to reject RPKI-invalid prefixes, you can +test whether the configuration is working correctly using the `RIPE Labs RPKI +Test`_ experimental tool. + +.. _tweet by EvilMog: https://twitter.com/Evil_Mog/status/1230924170508169216 +.. _Routinator: https://www.nlnetlabs.nl/projects/rpki/routinator/ +.. _GoRTR: https://github.com/cloudflare/gortr +.. _OctoRPKI: https://github.com/cloudflare/cfrpki#octorpki +.. _Validator: https://www.ripe.net/manage-ips-and-asns/resource-management/certification/tools-and-resources +.. _some instructions: https://labs.ripe.net/Members/tashi_phuntsho_3/how-to-install-an-rpki-validator +.. _Krill: https://www.nlnetlabs.nl/projects/rpki/krill/ +.. _RPKI analytics: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/ +.. _RIPE Labs RPKI Test: https://sg-pub.ripe.net/jasper/rpki-web-test/ +.. _excellent guide to RPKI: https://rpki.readthedocs.io/ +.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.html diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst new file mode 100644 index 00000000..fbde8228 --- /dev/null +++ b/docs/configuration/protocols/static.rst @@ -0,0 +1,195 @@ +.. _static-routing: + +###### +Static +###### + +Static routes are manually configured routes, which, in general, cannot be +updated dynamically from information VyOS learns about the network topology from +other routing protocols. However, if a link fails, the router will remove +routes, including static routes, from the :abbr:`RIPB (Routing Information +Base)` that used this interface to reach the next hop. In general, static +routes should only be used for very simple network topologies, or to override +the behavior of a dynamic routing protocol for a small number of routes. The +collection of all routes the router has learned from its configuration or from +its dynamic routing protocols is stored in the RIB. Unicast routes are directly +used to determine the forwarding table used for unicast packet forwarding. + +Static Routes +############# + +.. cfgcmd:: set protocols static route next-hop
+ + Configure next-hop `
` for an IPv4 static route. Multiple static + routes can be created. + +.. cfgcmd:: set protocols static route next-hop
disable + + Disable this IPv4 static route entry. + +.. cfgcmd:: set protocols static route next-hop
distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + +.. cfgcmd:: set protocols static route6 next-hop
+ + Configure next-hop `
` for an IPv6 static route. Multiple static + routes can be created. + +.. cfgcmd:: set protocols static route6 next-hop
disable + + Disable this IPv6 static route entry. + +.. cfgcmd:: set protocols static route6 next-hop
distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + + +Interface Routes +================ + +.. cfgcmd:: set protocols static interface-route next-hop-interface + + Allows you to configure the next-hop interface for an interface-based IPv4 + static route. `` will be the next-hop interface where trafic is + routed for the given ``. + +.. cfgcmd:: set protocols static interface-route next-hop-interface disable + + Disables interface-based IPv4 static route. + +.. cfgcmd:: set protocols static interface-route next-hop-interface distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + + Allows you to configure the next-hop interface for an interface-based IPv6 + static route. `` will be the next-hop interface where trafic is + routed for the given ``. + +.. cfgcmd:: set protocols static interface-route6 next-hop-interface disable + + Disables interface-based IPv6 static route. + +.. cfgcmd:: set protocols static interface-route6 next-hop-interface distance + + Defines next-hop distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + Range is 1 to 255, default is 1. + + +Blackhole +========= + +.. cfgcmd:: set protocols static route blackhole + + Use this command to configure a "black-hole" route on the router. A + black-hole route is a route for which the system silently discard packets + that are matched. This prevents networks leaking out public interfaces, but + it does not prevent them from being used as a more specific route inside your + network. + +.. cfgcmd:: set protocols static route blackhole distance + + Defines blackhole distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + +.. cfgcmd:: set protocols static route6 blackhole + + Use this command to configure a "black-hole" route on the router. A + black-hole route is a route for which the system silently discard packets + that are matched. This prevents networks leaking out public interfaces, but + it does not prevent them from being used as a more specific route inside your + network. + +.. cfgcmd:: set protocols static route6 blackhole distance + + Defines blackhole distance for this route, routes with smaller administrative + distance are elected prior those with a higher distance. + + +Alternate Routing Tables +======================== + +TBD + +Alternate routing tables are used with policy based routing of by utilizing +:ref:`vrf`. + + +.. _routing-arp: + +### +ARP +### + +:abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for +discovering the link layer address, such as a MAC address, associated with a +given internet layer address, typically an IPv4 address. This mapping is a +critical function in the Internet protocol suite. ARP was defined in 1982 by +:rfc:`826` which is Internet Standard STD 37. + +In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is +provided by the Neighbor Discovery Protocol (NDP). + +To manipulate or display ARP_ table entries, the following commands are +implemented. + +Configure +========= + +.. cfgcmd:: set protocols static arp
hwaddr + + This will configure a static ARP entry always resolving `
` to + ``. + + Example: + + .. code-block:: none + + set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa + +Operation +========= + +.. opcmd:: show protocols static arp + + Display all known ARP table entries spanning across all interfaces + +.. code-block:: none + + vyos@vyos:~$ show protocols static arp + Address HWtype HWaddress Flags Mask Iface + 10.1.1.1 ether 00:53:00:de:23:2e C eth1 + 10.1.1.100 ether 00:53:00:de:23:aa CM eth1 + + +.. opcmd:: show protocols static arp interface eth1 + + Display all known ARP table entries on a given interface only (`eth1`): + +.. code-block:: none + + vyos@vyos:~$ show protocols static arp interface eth1 + Address HWtype HWaddress Flags Mask Iface + 10.1.1.1 ether 00:53:00:de:23:2e C eth1 + 10.1.1.100 ether 00:53:00:de:23:aa CM eth1 + +.. _ARP: https://en.wikipedia.org/wiki/Address_Resolution_Protocol diff --git a/docs/configuration/protocols/vrf.rst b/docs/configuration/protocols/vrf.rst new file mode 100644 index 00000000..e7609a77 --- /dev/null +++ b/docs/configuration/protocols/vrf.rst @@ -0,0 +1,3 @@ +############# +Protocols VRF +############# -- cgit v1.2.3 From 6f6950d14e46ef92d961682b23fb28936c23f9b7 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 7 Dec 2020 20:29:11 +0100 Subject: fix build errors after arrange --- docs/changelog/index.rst | 3 ++ docs/cli.rst | 9 ++---- docs/configuration/firewall/index.rst | 54 ++++++++++++++++++++------------- docs/configuration/protocols/static.rst | 11 +++++-- docs/configuration/system/index.rst | 10 +++++- docs/configuration/vpn/index.rst | 13 +++++++- docs/configuration/vpn/rsa-keys.rst | 4 +++ docs/contributing/documentation.rst | 2 +- 8 files changed, 73 insertions(+), 33 deletions(-) create mode 100644 docs/configuration/vpn/rsa-keys.rst (limited to 'docs/configuration/protocols') diff --git a/docs/changelog/index.rst b/docs/changelog/index.rst index 26262932..8d2e8a86 100644 --- a/docs/changelog/index.rst +++ b/docs/changelog/index.rst @@ -1,3 +1,6 @@ +.. _release-notes: + + ######### Changelog ######### diff --git a/docs/cli.rst b/docs/cli.rst index 34ab3df6..7964c490 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -12,8 +12,7 @@ Operational Mode Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the -modification of system configuration. The list of all operational level commands -is available at :ref:`operational_level_commands`. +modification of system configuration. The CLI provides a built-in help system. In the CLI the ``?`` key may be used to display available commands. The ``TAB`` key can be used to auto-complete @@ -75,9 +74,6 @@ When viewing in page mode the following commands are available: Configuration Mode ################## -The list of all operational level commands is available at -:ref:`configuration_level_commands`. - To enter configuration mode use the ``configure`` command: .. code-block:: none @@ -112,7 +108,8 @@ thus also be easily cloned by simply copying the required configuration files. Terminology -=========== +########### + live A VyOS system has three major types of configurations: diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 2615774f..e95ecb53 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -1,11 +1,12 @@ .. _firewall: +######## Firewall -======== - +######## +******** Overview --------- +******** VyOS makes use of Linux `netfilter `_ for packet filtering. @@ -24,8 +25,9 @@ or zone based firewall policy. OS, is a reference to as `local` with respect to its input interface. +*************** Global settings ---------------- +*************** Some firewall settings are global and have a affect on the whole system. @@ -140,8 +142,9 @@ Some firewall settings are global and have a affect on the whole system. Set the global setting for related connections. +****** Groups ------- +****** Firewall groups represent collections of IP addresses, networks, or ports. Once created, a group can be referenced by firewall rules as @@ -158,7 +161,7 @@ names. Address Groups -************** +============== In a **address group** a single IP adresses or IP address ranges are definded. @@ -182,7 +185,7 @@ definded. Network Groups -************** +============== While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need @@ -207,7 +210,7 @@ recommended. Port Groups -*********** +=========== A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that @@ -232,8 +235,9 @@ filtering unnecessary ports. Ranges of ports can be specified by using Provide a port group description. +********* Rule-Sets ----------- +********* A rule-set is a named collection of firewall rules that can be applied to an interface or zone. Each rule is numbered, has an action to apply @@ -281,7 +285,7 @@ the action of the rule will executed. If you want to disable a rule but let it in the configuration. Matching criteria -***************** +================= There are a lot of matching criteria gainst which the package can be tested. @@ -413,8 +417,9 @@ There are a lot of matching criteria gainst which the package can be tested. Match against the state of a packet. +*********************************** Applying a Rule-Set to an Interface ------------------------------------ +*********************************** A Rule-Set can be appliend to every inteface: @@ -439,8 +444,9 @@ A Rule-Set can be appliend to every inteface: several interfaces. An interface can only have one rule-set per chain. +************************** Zone-based Firewall Policy --------------------------- +************************** As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when @@ -453,7 +459,7 @@ An basic introduction to zone-based firewalls can be found `here and an example at :ref:`examples-zone-policy`. Define a Zone -************* +============= To define a zone setup either one with interfaces or a local zone. @@ -477,7 +483,7 @@ To define a zone setup either one with interfaces or a local zone. Applying a Rule-Set to a Zone -***************************** +============================= Before you are able to apply a rule-set to a zone you have to create the zones first. @@ -496,11 +502,12 @@ first. set zone-policy zone LAN from DMZ firewall name DMZv4-to-LANv4 +*********************** Operation-mode Firewall ------------------------ +*********************** Rule-set overview -***************** +================= .. opcmd:: show firewall @@ -663,7 +670,7 @@ Rule-set overview Zone-Policy Overview -******************** +==================== .. opcmd:: show zone-policy zone @@ -684,7 +691,7 @@ Zone-Policy Overview Show Firewall log -***************** +================= .. opcmd:: show log firewall [name | ipv6name] @@ -698,7 +705,7 @@ Show Firewall log Example Partial Config ----------------------- +====================== .. code-block:: none @@ -770,9 +777,10 @@ Example Partial Config .. _routing-mss-clamp: -################ + +**************** TCP-MSS Clamping -################ +**************** As Internet wide PMTU discovery rarely works, we sometimes need to clamp our TCP MSS value to a specific value. This is a field in the TCP @@ -788,9 +796,11 @@ value for IPv4 and IPv6. in 1452 bytes on a 1492 byte MTU. + IPv4 ==== + .. cfgcmd:: set firewall options interface adjust-mss Use this command to set the maximum segment size for IPv4 transit @@ -808,6 +818,8 @@ for your WireGuard `wg02` tunnel. set firewall options interface pppoe0 adjust-mss '1452' set firewall options interface wg02 adjust-mss '1372' + + IPv6 ==== diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst index fbde8228..43b77c41 100644 --- a/docs/configuration/protocols/static.rst +++ b/docs/configuration/protocols/static.rst @@ -15,8 +15,9 @@ collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding. +************* Static Routes -############# +************* .. cfgcmd:: set protocols static route next-hop
@@ -152,8 +153,9 @@ provided by the Neighbor Discovery Protocol (NDP). To manipulate or display ARP_ table entries, the following commands are implemented. +********* Configure -========= +********* .. cfgcmd:: set protocols static arp
hwaddr @@ -166,8 +168,11 @@ Configure set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa + +********* Operation -========= +********* + .. opcmd:: show protocols static arp diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index ecf09a64..4bb16c42 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -22,7 +22,7 @@ System name-server name-servers-dhcp ntp - options + option proxy static-host-mapping sysctl @@ -30,3 +30,11 @@ System task-scheduler time-zone wifi-requlatory-domain + + +.. toctree:: + :maxdepth: 1 + :includehidden: + + default-route + eventhandler diff --git a/docs/configuration/vpn/index.rst b/docs/configuration/vpn/index.rst index 397093c2..abaca198 100644 --- a/docs/configuration/vpn/index.rst +++ b/docs/configuration/vpn/index.rst @@ -12,4 +12,15 @@ VPN openconnect pptp rsa-keys - sstp \ No newline at end of file + sstp + + + +pages to sort + +.. toctree:: + :maxdepth: 1 + :includehidden: + + dmvpn + site2site_ipsec \ No newline at end of file diff --git a/docs/configuration/vpn/rsa-keys.rst b/docs/configuration/vpn/rsa-keys.rst new file mode 100644 index 00000000..9f289d0d --- /dev/null +++ b/docs/configuration/vpn/rsa-keys.rst @@ -0,0 +1,4 @@ + +######## +RSA-Keys +######## \ No newline at end of file diff --git a/docs/contributing/documentation.rst b/docs/contributing/documentation.rst index 197f5b03..f15595bf 100644 --- a/docs/contributing/documentation.rst +++ b/docs/contributing/documentation.rst @@ -261,7 +261,7 @@ Page content The documentation have 3 different types of pages, the same kind of pages must have the same structure to achieve a recognition factor. -For all *.rst files must follow the same TOC Level syntax and have to start with +For all rst files must follow the same TOC Level syntax and have to start with .. code-block:: -- cgit v1.2.3 From b8a2fd5e578f200928a457b9f967ed92619bda88 Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 8 Dec 2020 15:12:56 +0100 Subject: fix build error after merge --- docs/_include/interface-common-with-dhcp.txt | 2 +- docs/_include/interface-common.txt | 4 ++-- docs/_include/interface-vlan-8021ad.txt | 8 ++++---- docs/_include/interface-vlan-8021q.txt | 8 ++++---- docs/configuration/protocols/index.rst | 2 +- docs/configuration/protocols/isis.rst | 2 +- docs/contributing/documentation.rst | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/_include/interface-common-with-dhcp.txt b/docs/_include/interface-common-with-dhcp.txt index 46dddb9b..47b4796f 100644 --- a/docs/_include/interface-common-with-dhcp.txt +++ b/docs/_include/interface-common-with-dhcp.txt @@ -16,6 +16,6 @@ :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt :var0: {{ var0 }} :var1: {{ var1 }} diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt index 79269fe3..5a997482 100644 --- a/docs/_include/interface-common.txt +++ b/docs/_include/interface-common.txt @@ -22,11 +22,11 @@ :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-ip.txt +.. cmdinclude:: /_include/interface-ip.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-ipv6.txt +.. cmdinclude:: /_include/interface-ipv6.txt :var0: {{ var0 }} :var1: {{ var1 }} diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt index 6a34786f..0a1722dc 100644 --- a/docs/_include/interface-vlan-8021ad.txt +++ b/docs/_include/interface-vlan-8021ad.txt @@ -88,7 +88,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-ip.txt +.. cmdinclude:: /_include/interface-ip.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -98,7 +98,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-ipv6.txt +.. cmdinclude:: /_include/interface-ipv6.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -140,7 +140,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -150,4 +150,4 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt index e4ed9db0..63f4433f 100644 --- a/docs/_include/interface-vlan-8021q.txt +++ b/docs/_include/interface-vlan-8021q.txt @@ -71,14 +71,14 @@ term used for this is ``vif``. :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-ip.txt +.. cmdinclude:: /_include/interface-ip.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-ipv6.txt +.. cmdinclude:: /_include/interface-ipv6.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif @@ -108,11 +108,11 @@ term used for this is ``vif``. :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. include:: ../common-references.rst +.. include:: /_include/common-references.txt diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst index 819db4df..8ef35b5d 100644 --- a/docs/configuration/protocols/index.rst +++ b/docs/configuration/protocols/index.rst @@ -11,7 +11,7 @@ Protocols bgp igmp igmp-proxy - is-is + isis mpls ospf ospfv3 diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 807dca83..64cc2535 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _isis: diff --git a/docs/contributing/documentation.rst b/docs/contributing/documentation.rst index 1766d6ca..ddd21396 100644 --- a/docs/contributing/documentation.rst +++ b/docs/contributing/documentation.rst @@ -213,7 +213,7 @@ file and replace the ``{{ var0 }}`` - ``{{ var9 }}`` with the correct value .. code-block:: none - .. cmdinclude:: interface-address.txt + .. cmdinclude:: /_include/interface-address.txt :var0: ethernet :var1: eth1 -- cgit v1.2.3 From d6af3a609f478f4affd7b0d40ca9bd612db1dc64 Mon Sep 17 00:00:00 2001 From: Cheeze_It Date: Wed, 9 Dec 2020 12:41:04 -0700 Subject: mpls-conf: T915: Added documentation for LDP import and export Added examples for the new import and export functionality that LDP is now getting on vyos/vyos-1x#639 --- docs/configuration/protocols/mpls.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst index 4451c5c3..1814cbb1 100644 --- a/docs/configuration/protocols/mpls.rst +++ b/docs/configuration/protocols/mpls.rst @@ -111,6 +111,22 @@ Configuration Options Use this command if you would like to set the TCP session hold time intervals. +.. cfgcmd:: set protocols mpls ldp import ipv4 import-filter filter-access-list +.. cfgcmd:: set protocols mpls ldp import ipv6 import-filter filter-access-list6 + + Use these commands to control the importing of forwarding equivalence classes + (FECs) for LDP from neighbors. This would be useful for example on only + accepting the labeled routes that are needed and not ones that are not + needed, such as accepting loopback interfaces and rejecting all others. + +.. cfgcmd:: set protocols mpls ldp export ipv4 export-filter filter-access-list +.. cfgcmd:: set protocols mpls ldp export ipv6 export-filter filter-access-list6 + + Use these commands to control the exporting of forwarding equivalence classes + (FECs) for LDP to neighbors. This would be useful for example on only + announcing the labeled routes that are needed and not ones that are not + needed, such as announcing loopback interfaces and no others. + .. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null .. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null -- cgit v1.2.3 From 52828ba38878810aef96450d4eab122dffeecf6d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 10 Dec 2020 18:20:57 +0100 Subject: mpls: use short description for headline --- docs/configuration/protocols/mpls.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst index 1814cbb1..7d930016 100644 --- a/docs/configuration/protocols/mpls.rst +++ b/docs/configuration/protocols/mpls.rst @@ -1,8 +1,8 @@ .. _mpls: -#################################### -MPLS (Multiprotocol Label Switching) -#################################### +#### +MPLS +#### :abbr:`MPLS (Multi-Protocol Label Switching)` is a packet forwarding paradigm which differs from regular IP forwarding. Instead of IP addresses being used to -- cgit v1.2.3 From 42eb7c8ee7f2d8db588f3de85537a2a0e9c3e553 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 10 Dec 2020 18:21:09 +0100 Subject: mpls: use proper line break limit --- docs/configuration/protocols/mpls.rst | 100 +++++++++++++++++++--------------- 1 file changed, 57 insertions(+), 43 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst index 7d930016..863e7f62 100644 --- a/docs/configuration/protocols/mpls.rst +++ b/docs/configuration/protocols/mpls.rst @@ -58,26 +58,27 @@ It is highly recommended to use the same address for both the LDP router-id and the discovery transport address, but for VyOS MPLS LDP to work both parameters must be explicitly set in the configuration. -Another thing to keep in mind with LDP is that much like BGP, it is a protocol that -runs on top of TCP. It however does not have an ability to do something like a -refresh capability like BGPs route refresh capability. Therefore one might have -to reset the neighbor for a capability change or a configuration change to work. +Another thing to keep in mind with LDP is that much like BGP, it is a protocol +that runs on top of TCP. It however does not have an ability to do something +like a refresh capability like BGPs route refresh capability. Therefore one +might have to reset the neighbor for a capability change or a configuration +change to work. Configuration Options ===================== .. cfgcmd:: set protocols mpls ldp interface - Use this command to enable LDP, and enable MPLS processing on the interface you - define. + Use this command to enable LDP, and enable MPLS processing on the interface + you define. .. cfgcmd:: set protocols mpls ldp router-id
Use this command to configure the IP address used as the LDP router-id of the local device. -.. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address -.. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address +.. cfgcmd:: set protocols mpls ldp discovery transport-ipv4-address
+.. cfgcmd:: set protocols mpls ldp discovery transport-ipv6-address
Use this command to set the IPv4 or IPv6 transport-address used by LDP. @@ -85,18 +86,19 @@ Configuration Options Use this command to configure authentication for LDP peers. Set the IP address of the LDP peer and a password that should be shared in - order to become neighbors. - + order to become neighbors. + .. cfgcmd:: set protocols mpls ldp neighbor
session-holdtime - + Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work. - -.. cfgcmd:: set protocols mpls ldp neighbor
ttl-security + +.. cfgcmd:: set protocols mpls ldp neighbor
ttl-security + Use this command to enable, disable, or specify hop count for TTL security - for LDP peers. By default the value is set to 255 (or max TTL). + for LDP peers. By default the value is set to 255 (or max TTL). .. cfgcmd:: set protocols mpls ldp discovery hello-ipv4-interval .. cfgcmd:: set protocols mpls ldp discovery hello-ipv4-holdtime @@ -111,16 +113,20 @@ Configuration Options Use this command if you would like to set the TCP session hold time intervals. -.. cfgcmd:: set protocols mpls ldp import ipv4 import-filter filter-access-list -.. cfgcmd:: set protocols mpls ldp import ipv6 import-filter filter-access-list6 +.. cfgcmd:: set protocols mpls ldp import ipv4 import-filter filter-access-list + +.. cfgcmd:: set protocols mpls ldp import ipv6 import-filter filter-access-list6 + Use these commands to control the importing of forwarding equivalence classes (FECs) for LDP from neighbors. This would be useful for example on only accepting the labeled routes that are needed and not ones that are not needed, such as accepting loopback interfaces and rejecting all others. - -.. cfgcmd:: set protocols mpls ldp export ipv4 export-filter filter-access-list -.. cfgcmd:: set protocols mpls ldp export ipv6 export-filter filter-access-list6 + +.. cfgcmd:: set protocols mpls ldp export ipv4 export-filter filter-access-list + +.. cfgcmd:: set protocols mpls ldp export ipv6 export-filter filter-access-list6 + Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only @@ -130,43 +136,51 @@ Configuration Options .. cfgcmd:: set protocols mpls ldp export ipv4 explicit-null .. cfgcmd:: set protocols mpls ldp export ipv6 explicit-null - Use this command if you would like for the router to advertise FECs with a label - of 0 for explicit null operations. - -.. cfgcmd:: set protocols mpls ldp allocation ipv4 access-list -.. cfgcmd:: set protocols mpls ldp allocation ipv6 access-list6 + Use this command if you would like for the router to advertise FECs with a + label of 0 for explicit null operations. + +.. cfgcmd:: set protocols mpls ldp allocation ipv4 access-list + +.. cfgcmd:: set protocols mpls ldp allocation ipv6 access-list6 + + + Use this command if you would like to control the local FEC allocations for + LDP. A good example would be for your local router to not allocate a label for + everything. Just a label for what it's useful. A good example would be just a + loopback label. - Use this command if you would like to control the local FEC allocations for LDP. A - good example would be for your local router to not allocate a label for everything. - Just a label for what it's useful. A good example would be just a loopback label. - .. cfgcmd:: set protocols mpls ldp parameters cisco-interop-tlv - Use this command to use a Cisco non-compliant format to send and interpret the - Dual-Stack capability TLV for IPv6 LDP communications. This is related to :rfc:`7552`. - + Use this command to use a Cisco non-compliant format to send and interpret + the Dual-Stack capability TLV for IPv6 LDP communications. This is related to + :rfc:`7552`. + .. cfgcmd:: set protocols mpls ldp parameters transport-prefer-ipv4 - Use this command to prefer IPv4 for TCP peer transport connection for LDP when - both an IPv4 and IPv6 LDP address are configured on the same interface. - + Use this command to prefer IPv4 for TCP peer transport connection for LDP + when both an IPv4 and IPv6 LDP address are configured on the same interface. + .. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 enable .. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 enable - Use this command to enable targeted LDP sessions to the local router. The router - will then respond to any sessions that are trying to connect to it that are not - a link local type of TCP connection. - + Use this command to enable targeted LDP sessions to the local router. The + router will then respond to any sessions that are trying to connect to it that + are not a link local type of TCP connection. + .. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 address
.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 address
Use this command to enable the local router to try and connect with a targeted LDP session to another router. - -.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 hello-holdtime -.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 hello-interval -.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 hello-holdtime -.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 hello-interval + +.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 hello-holdtime + +.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv4 hello-interval + +.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 hello-holdtime + +.. cfgcmd:: set protocols mpls ldp targeted-neighbor ipv6 hello-interval + Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors. -- cgit v1.2.3 From b599646995d2f805709e5eb975ef14eb4ce28a2e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 10 Dec 2020 18:23:01 +0100 Subject: ospf: combine v3/v3 in one chapter --- docs/configuration/protocols/ospf.rst | 72 +++++++++++++++++++++++++++++++++ docs/configuration/protocols/ospfv3.rst | 71 -------------------------------- 2 files changed, 72 insertions(+), 71 deletions(-) delete mode 100644 docs/configuration/protocols/ospfv3.rst (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index ff7c5e64..ee6753c5 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -68,3 +68,75 @@ address and the node 1 sending the default route: set policy route-map CONNECT rule 10 action permit set policy route-map CONNECT rule 10 match interface lo + +OSPFv3 (IPv6) +############# + +A typical configuration using 2 nodes. + +**Node 1:** + +.. code-block:: none + + set protocols ospfv3 area 0.0.0.0 interface eth1 + set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64 + set protocols ospfv3 parameters router-id 192.168.1.1 + set protocols ospfv3 redistribute connected + +**Node 2:** + +.. code-block:: none + + set protocols ospfv3 area 0.0.0.0 interface eth1 + set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64 + set protocols ospfv3 parameters router-id 192.168.2.1 + set protocols ospfv3 redistribute connected + +.. note:: You can not easily redistribute IPv6 routes via OSPFv3 on a WireGuard + interface link. This requires you to configure link-local addresses manually + on the WireGuard interfaces, see :vytask:`T1483`. + +Example configuration for WireGuard interfaces: + +**Node 1** + +.. code-block:: none + + set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64' + set interfaces wireguard wg01 address '192.168.0.1/24' + set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0' + set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0' + set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345' + set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...=' + set interfaces wireguard wg01 port '12345' + set protocols ospfv3 parameters router-id 192.168.1.1 + set protocols ospfv3 area 0.0.0.0 interface 'wg01' + set protocols ospfv3 area 0.0.0.0 interface 'lo' + +**Node 2** + +.. code-block:: none + + set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64' + set interfaces wireguard wg01 address '192.168.0.2/24' + set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0' + set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0' + set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345' + set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...=' + set interfaces wireguard wg01 port '12345' + set protocols ospfv3 parameters router-id 192.168.1.2 + set protocols ospfv3 area 0.0.0.0 interface 'wg01' + set protocols ospfv3 area 0.0.0.0 interface 'lo' + +**Status** + +.. code-block:: none + + vyos@ospf01:~$ sh ipv6 ospfv3 neighbor + Neighbor ID Pri DeadTime State/IfState Duration I/F[State] + 192.168.0.2 1 00:00:37 Full/PointToPoint 00:18:03 wg01[PointToPoint] + + vyos@ospf02# run sh ipv6 ospfv3 neighbor + Neighbor ID Pri DeadTime State/IfState Duration I/F[State] + 192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint] + diff --git a/docs/configuration/protocols/ospfv3.rst b/docs/configuration/protocols/ospfv3.rst deleted file mode 100644 index f0e28983..00000000 --- a/docs/configuration/protocols/ospfv3.rst +++ /dev/null @@ -1,71 +0,0 @@ -OSPFv3 (IPv6) -############# - -A typical configuration using 2 nodes. - -**Node 1:** - -.. code-block:: none - - set protocols ospfv3 area 0.0.0.0 interface eth1 - set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64 - set protocols ospfv3 parameters router-id 192.168.1.1 - set protocols ospfv3 redistribute connected - -**Node 2:** - -.. code-block:: none - - set protocols ospfv3 area 0.0.0.0 interface eth1 - set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64 - set protocols ospfv3 parameters router-id 192.168.2.1 - set protocols ospfv3 redistribute connected - -.. note:: You can not easily redistribute IPv6 routes via OSPFv3 on a WireGuard - interface link. This requires you to configure link-local addresses manually - on the WireGuard interfaces, see :vytask:`T1483`. - -Example configuration for WireGuard interfaces: - -**Node 1** - -.. code-block:: none - - set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64' - set interfaces wireguard wg01 address '192.168.0.1/24' - set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0' - set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0' - set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345' - set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...=' - set interfaces wireguard wg01 port '12345' - set protocols ospfv3 parameters router-id 192.168.1.1 - set protocols ospfv3 area 0.0.0.0 interface 'wg01' - set protocols ospfv3 area 0.0.0.0 interface 'lo' - -**Node 2** - -.. code-block:: none - - set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64' - set interfaces wireguard wg01 address '192.168.0.2/24' - set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0' - set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0' - set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345' - set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...=' - set interfaces wireguard wg01 port '12345' - set protocols ospfv3 parameters router-id 192.168.1.2 - set protocols ospfv3 area 0.0.0.0 interface 'wg01' - set protocols ospfv3 area 0.0.0.0 interface 'lo' - -**Status** - -.. code-block:: none - - vyos@ospf01:~$ sh ipv6 ospfv3 neighbor - Neighbor ID Pri DeadTime State/IfState Duration I/F[State] - 192.168.0.2 1 00:00:37 Full/PointToPoint 00:18:03 wg01[PointToPoint] - - vyos@ospf02# run sh ipv6 ospfv3 neighbor - Neighbor ID Pri DeadTime State/IfState Duration I/F[State] - 192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint] - -- cgit v1.2.3 From dc2f70f10e05b2df120972f8b31debfa3ade65b2 Mon Sep 17 00:00:00 2001 From: rebortg Date: Thu, 10 Dec 2020 22:10:46 +0100 Subject: sort IP commands under configuration --- docs/configuration/protocols/index.rst | 1 - docs/configuration/system/ip.rst | 72 ++++++++- docs/configuration/system/ipv6.rst | 184 ++++++++++++++++++++++- docs/operation/index.rst | 1 - docs/operation/ip-commands.rst | 258 --------------------------------- 5 files changed, 252 insertions(+), 264 deletions(-) delete mode 100644 docs/operation/ip-commands.rst (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst index 8ef35b5d..eba56bf2 100644 --- a/docs/configuration/protocols/index.rst +++ b/docs/configuration/protocols/index.rst @@ -14,7 +14,6 @@ Protocols isis mpls ospf - ospfv3 pim rip ripng diff --git a/docs/configuration/system/ip.rst b/docs/configuration/system/ip.rst index 74116eb0..78aeef4e 100644 --- a/docs/configuration/system/ip.rst +++ b/docs/configuration/system/ip.rst @@ -1,2 +1,70 @@ -ip -## \ No newline at end of file +## +IP +## + +System configuration commands +----------------------------- + +.. cfgcmd:: set system ip disable-forwarding + + Use this command to disable IPv4 forwarding on all interfaces. + +.. cfgcmd:: set system ip arp table-size + + Use this command to define the maximum number of entries to keep in + the ARP cache (1024, 2048, 4096, 8192, 16384, 32768). + +.. cfgcmd:: set system ip multipath layer4-hashing + + Use this command to use Layer 4 information for IPv4 ECMP hashing. + + +Operational commands +-------------------- + +show commands +^^^^^^^^^^^^^ + +See below the different parameters available for the IPv4 **show** command: + +.. code-block:: none + + vyos@vyos:~$ show ip + Possible completions: + access-list Show all IP access-lists + as-path-access-list + Show all as-path-access-lists + bgp Show Border Gateway Protocol (BGP) information + community-list + Show IP community-lists + extcommunity-list + Show extended IP community-lists + forwarding Show IP forwarding status + groups Show IP multicast group membership + igmp Show IGMP (Internet Group Management Protocol) information + large-community-list + Show IP large-community-lists + multicast Show IP multicast + ospf Show IPv4 Open Shortest Path First (OSPF) routing information + pim Show PIM (Protocol Independent Multicast) information + ports Show IP ports in use by various system services + prefix-list Show all IP prefix-lists + protocol Show IP route-maps per protocol + rip Show Routing Information Protocol (RIP) information + route Show IP routes + + +reset commands +^^^^^^^^^^^^^^ + +And the different IPv4 **reset** commands available: + +.. code-block:: none + + vyos@vyos:~$ reset ip + Possible completions: + arp Reset Address Resolution Protocol (ARP) cache + bgp Clear Border Gateway Protocol (BGP) statistics or status + igmp IGMP clear commands + multicast IP multicast routing table + route Reset IP route \ No newline at end of file diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst index 19ed6d62..cba5c0e0 100644 --- a/docs/configuration/system/ipv6.rst +++ b/docs/configuration/system/ipv6.rst @@ -1,2 +1,182 @@ -ipv6 -#### \ No newline at end of file +#### +IPv6 +#### + +System configuration commands +----------------------------- + +.. cfgcmd:: set system ipv6 disable + + Use this command to disable assignment of IPv6 addresses on all + interfaces. + +.. cfgcmd:: set system ipv6 disable-forwarding + + Use this command to disable IPv6 forwarding on all interfaces. + +.. cfgcmd:: set system ipv6 neighbor table-size + + Use this command to define the maximum number of entries to keep in + the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768). + +.. cfgcmd:: set system ipv6 strict-dad + + Use this command to disable IPv6 operation on interface when + Duplicate Address Detection fails on Link-Local address. + +.. cfgcmd:: set system ipv6 multipath layer4-hashing + + Use this command to user Layer 4 information for ECMP hashing. + + +Operational commands +-------------------- + +Show commands +^^^^^^^^^^^^^ + +.. opcmd:: show ipv6 neighbors + + Use this command to show IPv6 Neighbor Discovery Protocol information. + +.. opcmd:: show ipv6 groups + + Use this command to show IPv6 multicast group membership. + +.. opcmd:: show ipv6 forwarding + + Use this command to show IPv6 forwarding status. + +.. opcmd:: show ipv6 route + + Use this command to show IPv6 routes. + + Check the many parameters available for the `show ipv6 route` command: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 route + Possible completions: + Execute the current command + Show IPv6 routes of given address or prefix + + bgp Show IPv6 BGP routes + cache Show kernel IPv6 route cache + connected Show IPv6 connected routes + forward Show kernel IPv6 route table + isis Show IPv6 ISIS routes + kernel Show IPv6 kernel routes + ospfv3 Show IPv6 OSPF6 routes + ripng Show IPv6 RIPNG routes + static Show IPv6 static routes + summary Show IPv6 routes summary + table Show IP routes in policy table + vrf Show IPv6 routes in VRF + + +.. opcmd:: show ipv6 prefix-list + + Use this command to show all IPv6 prefix lists + + There are different parameters for getting prefix-list information: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 prefix-list + Possible completions: + Execute the current command + Show specified IPv6 prefix-list + detail Show detail of IPv6 prefix-lists + summary Show summary of IPv6 prefix-lists + +.. opcmd:: show ipv6 access-list + + Use this command to show all IPv6 access lists + + You can also specify which IPv6 access-list should be shown: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 access-list + Possible completions: + Execute the current command + Show specified IPv6 access-list + +.. opcmd:: show ipv6 bgp + + Use this command to show IPv6 Border Gateway Protocol information. + + + In addition, you can specify many other parameters to get BGP + information: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 bgp + Possible completions: + Execute the current command + Show BGP information for given address or prefix + + community Show routes matching the communities + community-list + Show routes matching the community-list + filter-list Show routes conforming to the filter-list + large-community + Show routes matching the large-community-list + large-community-list + neighbors Show detailed information on TCP and BGP neighbor connections + prefix-list Show routes matching the prefix-list + regexp Show routes matching the AS path regular expression + route-map Show BGP routes matching the specified route map + summary Show summary of BGP neighbor status + + +.. opcmd:: show ipv6 ospfv3 + + Use this command to get information about OSPFv3. + + You can get more specific OSPFv3 information by using the parameters + shown below: + + .. code-block:: none + + vyos@vyos:~$ show ipv6 ospfv3 + Possible completions: + Execute the current command + area Show OSPFv3 spf-tree information + border-routers + Show OSPFv3 border-router (ABR and ASBR) information + database Show OSPFv3 Link state database information + interface Show OSPFv3 interface information + linkstate Show OSPFv3 linkstate routing information + neighbor Show OSPFv3 neighbor information + redistribute Show OSPFv3 redistribute External information + route Show OSPFv3 routing table information + +.. opcmd:: show ipv6 ripng + + Use this command to get information about the RIPNG protocol + +.. opcmd:: show ipv6 ripng status + + Use this command to show the status of the RIPNG protocol + + +Reset commands +^^^^^^^^^^^^^^ + +.. opcmd:: reset ipv6 bgp
+ + Use this command to clear Border Gateway Protocol statistics or + status. + + +.. opcmd:: reset ipv6 neighbors
+ + Use this command to reset IPv6 Neighbor Discovery Protocol cache for + an address or interface. + +.. opcmd:: reset ipv6 route cache + + Use this command to flush the kernel IPv6 route cache. + An address can be added to flush it only for that route. \ No newline at end of file diff --git a/docs/operation/index.rst b/docs/operation/index.rst index 647b5b25..c19afeab 100644 --- a/docs/operation/index.rst +++ b/docs/operation/index.rst @@ -7,5 +7,4 @@ Operation Mode :includehidden: information - ip-commands boot-options \ No newline at end of file diff --git a/docs/operation/ip-commands.rst b/docs/operation/ip-commands.rst deleted file mode 100644 index eba4fd90..00000000 --- a/docs/operation/ip-commands.rst +++ /dev/null @@ -1,258 +0,0 @@ -.. _ip-commands: - -########### -IP commands -########### - -IPv4 -==== - -System configuration commands ------------------------------ - -.. cfgcmd:: set system ip disable-forwarding - - Use this command to disable IPv4 forwarding on all interfaces. - -.. cfgcmd:: set system ip arp table-size - - Use this command to define the maximum number of entries to keep in - the ARP cache (1024, 2048, 4096, 8192, 16384, 32768). - -.. cfgcmd:: set system ip multipath layer4-hashing - - Use this command to use Layer 4 information for IPv4 ECMP hashing. - - -Operational commands --------------------- - -show commands -^^^^^^^^^^^^^ - -See below the different parameters available for the IPv4 **show** command: - -.. code-block:: none - - vyos@vyos:~$ show ip - Possible completions: - access-list Show all IP access-lists - as-path-access-list - Show all as-path-access-lists - bgp Show Border Gateway Protocol (BGP) information - community-list - Show IP community-lists - extcommunity-list - Show extended IP community-lists - forwarding Show IP forwarding status - groups Show IP multicast group membership - igmp Show IGMP (Internet Group Management Protocol) information - large-community-list - Show IP large-community-lists - multicast Show IP multicast - ospf Show IPv4 Open Shortest Path First (OSPF) routing information - pim Show PIM (Protocol Independent Multicast) information - ports Show IP ports in use by various system services - prefix-list Show all IP prefix-lists - protocol Show IP route-maps per protocol - rip Show Routing Information Protocol (RIP) information - route Show IP routes - - -reset commands -^^^^^^^^^^^^^^ - -And the different IPv4 **reset** commands available: - -.. code-block:: none - - vyos@vyos:~$ reset ip - Possible completions: - arp Reset Address Resolution Protocol (ARP) cache - bgp Clear Border Gateway Protocol (BGP) statistics or status - igmp IGMP clear commands - multicast IP multicast routing table - route Reset IP route - -IPv6 -==== - -System configuration commands ------------------------------ - -.. cfgcmd:: set system ipv6 disable - - Use this command to disable assignment of IPv6 addresses on all - interfaces. - -.. cfgcmd:: set system ipv6 disable-forwarding - - Use this command to disable IPv6 forwarding on all interfaces. - -.. cfgcmd:: set system ipv6 neighbor table-size - - Use this command to define the maximum number of entries to keep in - the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768). - -.. cfgcmd:: set system ipv6 strict-dad - - Use this command to disable IPv6 operation on interface when - Duplicate Address Detection fails on Link-Local address. - -.. cfgcmd:: set system ipv6 multipath layer4-hashing - - Use this command to user Layer 4 information for ECMP hashing. - - -Operational commands --------------------- - -Show commands -^^^^^^^^^^^^^ - -.. opcmd:: show ipv6 neighbors - - Use this command to show IPv6 Neighbor Discovery Protocol information. - -.. opcmd:: show ipv6 groups - - Use this command to show IPv6 multicast group membership. - -.. opcmd:: show ipv6 forwarding - - Use this command to show IPv6 forwarding status. - -.. opcmd:: show ipv6 route - - Use this command to show IPv6 routes. - - Check the many parameters available for the `show ipv6 route` command: - - .. code-block:: none - - vyos@vyos:~$ show ipv6 route - Possible completions: - Execute the current command - Show IPv6 routes of given address or prefix - - bgp Show IPv6 BGP routes - cache Show kernel IPv6 route cache - connected Show IPv6 connected routes - forward Show kernel IPv6 route table - isis Show IPv6 ISIS routes - kernel Show IPv6 kernel routes - ospfv3 Show IPv6 OSPF6 routes - ripng Show IPv6 RIPNG routes - static Show IPv6 static routes - summary Show IPv6 routes summary - table Show IP routes in policy table - vrf Show IPv6 routes in VRF - - -.. opcmd:: show ipv6 prefix-list - - Use this command to show all IPv6 prefix lists - - There are different parameters for getting prefix-list information: - - .. code-block:: none - - vyos@vyos:~$ show ipv6 prefix-list - Possible completions: - Execute the current command - Show specified IPv6 prefix-list - detail Show detail of IPv6 prefix-lists - summary Show summary of IPv6 prefix-lists - -.. opcmd:: show ipv6 access-list - - Use this command to show all IPv6 access lists - - You can also specify which IPv6 access-list should be shown: - - .. code-block:: none - - vyos@vyos:~$ show ipv6 access-list - Possible completions: - Execute the current command - Show specified IPv6 access-list - -.. opcmd:: show ipv6 bgp - - Use this command to show IPv6 Border Gateway Protocol information. - - - In addition, you can specify many other parameters to get BGP - information: - - .. code-block:: none - - vyos@vyos:~$ show ipv6 bgp - Possible completions: - Execute the current command - Show BGP information for given address or prefix - - community Show routes matching the communities - community-list - Show routes matching the community-list - filter-list Show routes conforming to the filter-list - large-community - Show routes matching the large-community-list - large-community-list - neighbors Show detailed information on TCP and BGP neighbor connections - prefix-list Show routes matching the prefix-list - regexp Show routes matching the AS path regular expression - route-map Show BGP routes matching the specified route map - summary Show summary of BGP neighbor status - - -.. opcmd:: show ipv6 ospfv3 - - Use this command to get information about OSPFv3. - - You can get more specific OSPFv3 information by using the parameters - shown below: - - .. code-block:: none - - vyos@vyos:~$ show ipv6 ospfv3 - Possible completions: - Execute the current command - area Show OSPFv3 spf-tree information - border-routers - Show OSPFv3 border-router (ABR and ASBR) information - database Show OSPFv3 Link state database information - interface Show OSPFv3 interface information - linkstate Show OSPFv3 linkstate routing information - neighbor Show OSPFv3 neighbor information - redistribute Show OSPFv3 redistribute External information - route Show OSPFv3 routing table information - -.. opcmd:: show ipv6 ripng - - Use this command to get information about the RIPNG protocol - -.. opcmd:: show ipv6 ripng status - - Use this command to show the status of the RIPNG protocol - - -Reset commands -^^^^^^^^^^^^^^ - -.. opcmd:: reset ipv6 bgp
- - Use this command to clear Border Gateway Protocol statistics or - status. - - -.. opcmd:: reset ipv6 neighbors
- - Use this command to reset IPv6 Neighbor Discovery Protocol cache for - an address or interface. - -.. opcmd:: reset ipv6 route cache - - Use this command to flush the kernel IPv6 route cache. - An address can be added to flush it only for that route. - -- cgit v1.2.3 From 7b04596343a1894a638ff1de030fb0a179980194 Mon Sep 17 00:00:00 2001 From: rebortg Date: Fri, 11 Dec 2020 22:41:24 +0100 Subject: protocols: fix lint errors --- docs/configuration/protocols/bfd.rst | 9 ++++++--- docs/configuration/protocols/igmp.rst | 12 ++++++++---- docs/configuration/protocols/isis.rst | 20 ++++++++++++-------- docs/configuration/protocols/mpls.rst | 4 ++++ docs/configuration/protocols/rpki.rst | 6 +++++- docs/configuration/protocols/static.rst | 24 ++++++++++++++++-------- 6 files changed, 51 insertions(+), 24 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst index b8fdf489..20ff3b8a 100644 --- a/docs/configuration/protocols/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -25,19 +25,22 @@ Configure BFD Allow this BFD peer to not be directly connected -.. cfgcmd:: set protocols bfd peer
source [address
| interface ] +.. cfgcmd:: set protocols bfd peer
source + [address
| interface ] Bind listener to specifid interface/address, mandatory for IPv6 .. cfgcmd:: set protocols bfd peer
interval echo-interval <10-60000> - The minimal echo receive transmission interval that this system is capable of handling + The minimal echo receive transmission interval that this system is + capable of handling .. cfgcmd:: set protocols bfd peer
interval multiplier <2-255> Remote transmission interval will be multiplied by this value -.. cfgcmd:: set protocols bfd peer
interval [receive | transmit] <10-60000> +.. cfgcmd:: set protocols bfd peer
interval + [receive | transmit] <10-60000> Interval in milliseconds diff --git a/docs/configuration/protocols/igmp.rst b/docs/configuration/protocols/igmp.rst index 9104b0c9..7109deb6 100644 --- a/docs/configuration/protocols/igmp.rst +++ b/docs/configuration/protocols/igmp.rst @@ -96,7 +96,8 @@ These are the commands for a basic setup. can communicate with PIM neighbors. -.. cfgcmd:: set protocols pim rp address
group +.. cfgcmd:: set protocols pim rp address
group + Use this comand to manually configure a Rendevouz Point for PIM so that join messages can be sent there. Set the Rendevouz Point address @@ -140,7 +141,8 @@ You can also tune multicast with the following commands. platforms cannot see data flowing in better than 30 second chunks. -.. cfgcmd:: set protocols igmp interface join source +.. cfgcmd:: set protocols igmp interface join + source Use this command to allow the selected interface join a multicast group defining the multicast address you want to join and the source @@ -153,7 +155,8 @@ You can also tune multicast with the following commands. host query interval (1-1800) in seconds that PIM will use. -.. cfgcmd:: set protocols igmp interface +.. cfgcmd:: set protocols igmp interface Use this command to configure in the selected interface the IGMP query response timeout value (10-250) in deciseconds. If a report is @@ -180,7 +183,8 @@ upstream interface, and one or more downstream interfaces. Configuration ============= -.. cfgcmd:: set protocols igmp-proxy interface role +.. cfgcmd:: set protocols igmp-proxy interface role + * **upstream:** The upstream network interface is the outgoing interface which is responsible for communicating to available multicast data sources. diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 64cc2535..753637f9 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -6,12 +6,14 @@ IS-IS ##### -:abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway routing protocol. -Like OSPF, IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s -topology and, from that database, to determine the best (that is, shortest) path to a destination. -The routers exchange topology information with their nearest neighbors. -IS-IS runs directly on the data link layer (Layer 2). -IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. +:abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state +interior gateway routing protocol. Like OSPF, IS-IS runs the Dijkstra +shortest-path first (SPF) algorithm to create a database of the network’s +topology and, from that database, to determine the best (that is, shortest) +path to a destination. The routers exchange topology information with their +nearest neighbors. IS-IS runs directly on the data link layer (Layer 2). +IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be +8 to 20 bytes long, but are generally 10 bytes long. For example :abbr:`NET (Network Entity Title)` @@ -28,12 +30,14 @@ The IS-IS address consists of three parts: ``0001`` IS-IS area number (Area1) System identifier: - ``1921.6800.1002`` For system idetifier we recommend to use IP address or MAC address of the router. + ``1921.6800.1002`` For system idetifier we recommend to use IP address or + MAC address of the router. NET selector: ``00`` Must always be 00, to indicate "this system". -Simple IS-IS configuration using 2 nodes and redistributing connected interfaces. +Simple IS-IS configuration using 2 nodes and redistributing connected +interfaces. **Node 1:** diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst index 863e7f62..3b59d8ea 100644 --- a/docs/configuration/protocols/mpls.rst +++ b/docs/configuration/protocols/mpls.rst @@ -240,4 +240,8 @@ Reset Use this command to reset an LDP neighbor/TCP session that is established +.. stop_vyoslinter + .. _`Wikipedia (MPLS)`: https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching + +.. start_vyoslinter \ No newline at end of file diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst index 9813b1b6..c3ff442b 100644 --- a/docs/configuration/protocols/rpki.rst +++ b/docs/configuration/protocols/rpki.rst @@ -100,6 +100,8 @@ Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using the `RIPE Labs RPKI Test`_ experimental tool. +.. stop_vyoslinter + .. _tweet by EvilMog: https://twitter.com/Evil_Mog/status/1230924170508169216 .. _Routinator: https://www.nlnetlabs.nl/projects/rpki/routinator/ .. _GoRTR: https://github.com/cloudflare/gortr @@ -110,4 +112,6 @@ Test`_ experimental tool. .. _RPKI analytics: https://www.nlnetlabs.nl/projects/rpki/rpki-analytics/ .. _RIPE Labs RPKI Test: https://sg-pub.ripe.net/jasper/rpki-web-test/ .. _excellent guide to RPKI: https://rpki.readthedocs.io/ -.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.html +.. _help and operational guidance: https://rpki.readthedocs.io/en/latest/about/help.htm + +.. start_vyoslinter diff --git a/docs/configuration/protocols/static.rst b/docs/configuration/protocols/static.rst index 43b77c41..42c0c4b7 100644 --- a/docs/configuration/protocols/static.rst +++ b/docs/configuration/protocols/static.rst @@ -28,7 +28,8 @@ Static Routes Disable this IPv4 static route entry. -.. cfgcmd:: set protocols static route next-hop
distance +.. cfgcmd:: set protocols static route next-hop
+ distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. @@ -47,7 +48,8 @@ Static Routes Disable this IPv6 static route entry. -.. cfgcmd:: set protocols static route6 next-hop
distance +.. cfgcmd:: set protocols static route6 next-hop
+ distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. @@ -61,34 +63,40 @@ Static Routes Interface Routes ================ -.. cfgcmd:: set protocols static interface-route next-hop-interface +.. cfgcmd:: set protocols static interface-route next-hop-interface + Allows you to configure the next-hop interface for an interface-based IPv4 static route. `` will be the next-hop interface where trafic is routed for the given ``. -.. cfgcmd:: set protocols static interface-route next-hop-interface disable +.. cfgcmd:: set protocols static interface-route next-hop-interface + disable Disables interface-based IPv4 static route. -.. cfgcmd:: set protocols static interface-route next-hop-interface distance +.. cfgcmd:: set protocols static interface-route next-hop-interface + distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. Range is 1 to 255, default is 1. -.. cfgcmd:: set protocols static interface-route6 next-hop-interface +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + Allows you to configure the next-hop interface for an interface-based IPv6 static route. `` will be the next-hop interface where trafic is routed for the given ``. -.. cfgcmd:: set protocols static interface-route6 next-hop-interface disable +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + disable Disables interface-based IPv6 static route. -.. cfgcmd:: set protocols static interface-route6 next-hop-interface distance +.. cfgcmd:: set protocols static interface-route6 next-hop-interface + distance Defines next-hop distance for this route, routes with smaller administrative distance are elected prior those with a higher distance. -- cgit v1.2.3 From 0fc606aa74dba402e72ddb6c8abda3b2d0dffe0f Mon Sep 17 00:00:00 2001 From: Cheeze_It Date: Tue, 22 Dec 2020 11:16:50 -0700 Subject: mpls: T915: Added documentation for LDP ordered control Added the ordered control command in the documentation. Also added the RFC in which it is referred to as well. --- docs/configuration/protocols/mpls.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/mpls.rst b/docs/configuration/protocols/mpls.rst index 3b59d8ea..312a0df2 100644 --- a/docs/configuration/protocols/mpls.rst +++ b/docs/configuration/protocols/mpls.rst @@ -155,6 +155,12 @@ Configuration Options the Dual-Stack capability TLV for IPv6 LDP communications. This is related to :rfc:`7552`. +.. cfgcmd:: set protocols mpls ldp parameters ordered-control + + Use this command to use ordered label distribution control mode. FRR + by default uses independent label distribution control mode for label + distribution. This is related to :rfc:`5036`. + .. cfgcmd:: set protocols mpls ldp parameters transport-prefer-ipv4 Use this command to prefer IPv4 for TCP peer transport connection for LDP -- cgit v1.2.3 From 037e05eaa54588fa58b2f5f81401bba6e28c8232 Mon Sep 17 00:00:00 2001 From: maehdros Date: Tue, 29 Dec 2020 15:19:45 +0100 Subject: Update ospf.rst Add a small command to see the OSPFv3 redistribute routes; I plan to write a bit more --- docs/configuration/protocols/ospf.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index ee6753c5..a8293f4d 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -92,6 +92,12 @@ A typical configuration using 2 nodes. set protocols ospfv3 parameters router-id 192.168.2.1 set protocols ospfv3 redistribute connected +**To see the redistributed routes:** + +.. code-block:: none + + show ipv6 ospfv3 redistribute + .. note:: You can not easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`. -- cgit v1.2.3 From e9cc3b86b22e2ccb898608c6b5feb688492b06c0 Mon Sep 17 00:00:00 2001 From: maehdros Date: Tue, 29 Dec 2020 15:50:44 +0100 Subject: Update ospf.rst Update can not to cannot --- docs/configuration/protocols/ospf.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index a8293f4d..a4188c68 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -98,7 +98,7 @@ A typical configuration using 2 nodes. show ipv6 ospfv3 redistribute -.. note:: You can not easily redistribute IPv6 routes via OSPFv3 on a WireGuard +.. note:: You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`. -- cgit v1.2.3 From 4e558719994c88038925d792458ba30dc3febbb2 Mon Sep 17 00:00:00 2001 From: craterman Date: Mon, 4 Jan 2021 21:19:34 +0400 Subject: Update bgp.rst Add some commands to Route Selection section; Add Administrative Distance configuration section; Add Network Advertisement configuration; Add Peers configuration section; Add Timers configuration --- docs/configuration/protocols/bgp.rst | 255 +++++++++++++++++++++++++++++++++++ 1 file changed, 255 insertions(+) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index c576d836..b2858222 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -174,6 +174,13 @@ ASN and Router ID Route Selection --------------- +.. cfgcmd:: set protocols bgp parameters always-compare-med + + This command provides to compare the MED on routes, even when they were + received from different neighbouring ASes. Setting this option makes the + order of preference of routes more defined, and should eliminate MED + induced oscillations. + .. cfgcmd:: set protocols bgp parameters bestpath as-path confed This command specifies that the length of confederation path sets and @@ -190,6 +197,254 @@ Route Selection Ignore AS_PATH length when selecting a route +.. cfgcmd:: set protocols bgp parameters bestpath compare-routerid + + Ensure that when comparing routes where both are equal on most metrics, + including local-pref, AS_PATH length, IGP cost, MED, that the tie is + broken based on router-ID. + + If this option is enabled, then the already-selected check, where + already selected eBGP routes are preferred, is skipped. + + If a route has an ORIGINATOR_ID attribute because it has been reflected, + that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer + the route was received from will be used. + + The advantage of this is that the route-selection (at this point) will + be more deterministic. The disadvantage is that a few or even one lowest-ID + router may attract all traffic to otherwise-equal paths because of this + check. It may increase the possibility of MED or IGP oscillation, unless + other measures were taken to avoid these. The exact behaviour will be + sensitive to the iBGP and reflection topology. + +.. cfgcmd:: set protocols bgp parameters bestpath med confed + + This command specifies that BGP considers the MED when comparing routes + originated from different sub-ASs within the confederation to which this + BGP speaker belongs. The default state, where the MED attribute is not + considered. + +.. cfgcmd:: set protocols bgp parameters bestpath med missing-as-worst + + This command specifies that a route with a MED is always considered to be + better than a route without a MED by causing the missing MED attribute to + have a value of infinity. The default state, where the missing MED + attribute is considered to have a value of zero. + +.. cfgcmd:: set protocols bgp parameters default local-pref + + This command specifies the default local preference value. The local + preference range is 0 to 4294967295. + +.. cfgcmd:: set protocols bgp parameters default no-ipv4-unicast + + This command allows the user to specify that IPv4 peering is turned off by + default. + +.. cfgcmd:: set protocols bgp parameters deterministic-med + + This command provides to compare different MED values that advertised by + neighbours in the same AS for routes selection. When this command is enabled, + routes from the same autonomous system are grouped together, and the best + entries of each group are compared. + +Administrative Distance +----------------------- + +.. cfgcmd:: set protocols bgp parameters distance global + + This command change distance value of BGP. The arguments are the distance + values for external routes, internal routes and local routes respectively. + The distance range is 1 to 255. + +.. cfgcmd:: set protocols bgp parameters distance prefix distance + + This command sets the administrative distance for a particular route. The + distance range is 1 to 255. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + +Network Advertisement +--------------------- + +.. cfgcmd:: set protocols bgp address-family network + + This command is used for advertising IPv4 or IPv6 networks. + + .. note:: By default, the BGP prefix is advertised even if it's not + present in the routing table. This behaviour differs from the + implementation of some vendors. + +.. cfgcmd:: set protocols bgp parameters network-import-check + + This configuration modifies the behavior of the network statement. + If you have this configured the underlying network must exist in the rib + +Peers +----- + +Defining Peers +^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp neighbor remote-as + + This command creates a new neighbor whose remote-as is NASN. The neighbor + address can be an IPv4 address or an IPv6 address or an interface to use + for the connection. + +.. cfgcmd:: set protocols bgp neighbor remote-as internal + + Create a peer as you would when you specify an ASN, except that if the + peers ASN is different than mine as specified under the :cfgcmd:`protocols + bgp ` command the connection will be denied. + +.. cfgcmd:: set protocols bgp neighbor remote-as external + + Create a peer as you would when you specify an ASN, except that if the + peers ASN is the same as mine as specified under the :cfgcmd:`protocols + bgp ` command the connection will be denied. + +.. cfgcmd:: set protocols bgp neighbor shutdown + + This command disable the peer. To reenable the peer use the delete + form of this command. + +.. cfgcmd:: set protocols bgp neighbor description + + Set description of the peer. + +Capability Negotiation +^^^^^^^^^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp neighbor capability dynamic + + This command would allow the dynamic update of capabilities over an + established BGP session. + +.. cfgcmd:: set protocols bgp neighbor capability extended-nexthop + + Allow bgp to negotiate the extended-nexthop capability with it’s peer. + If you are peering over a IPv6 Link-Local address then this capability + is turned on automatically. If you are peering over a IPv6 Global Address + then turning on this command will allow BGP to install IPv4 routes with + IPv6 nexthops if you do not have IPv4 configured on interfaces. + +.. cfgcmd:: set protocols bgp neighbor disable-capability-negotiation + + Suppress sending Capability Negotiation as OPEN message optional + parameter to the peer. This command only affects the peer is + configured other than IPv4 unicast configuration. + + When remote peer does not have capability negotiation feature, + remote peer will not send any capabilities at all. In that case, + bgp configures the peer with configured capabilities. + + You may prefer locally configured capabilities more than the negotiated + capabilities even though remote peer sends capabilities. If the peer is + configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities + then override negotiated capabilities with configured values. + + Additionally you should keep in mind that this feature fundamentally + disables the ability to use widely deployed BGP features. BGP unnumbered, + hostname support, AS4, Addpath, Route Refresh, ORF, Dynamic Capabilities, + and graceful restart. + +.. cfgcmd:: set protocols bgp neighbor override-capability + + This command allow override the result of Capability Negotiation with + local configuration. Ignore remote peer’s capability value. + +.. cfgcmd:: set protocols bgp neighbor strict-capability-match + + This command forces strictly compare remote capabilities and local + capabilities. If capabilities are different, send Unsupported Capability + error then reset connection. + + You may want to disable sending Capability Negotiation OPEN message + optional parameter to the peer when remote peer does not implement + Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` + command to disable the feature. + +Peer Parameters +^^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp neighbor address-family allowas-in number + + This command accept incoming routes with AS path containing AS + number with the same value as the current system AS. This is + used when you want to use the same AS number in your sites, + but you can’t connect them directly. + + The number parameter (1-10) configures the amount of accepted + occurences of the system AS number in AS path. + + This command is only allowed for eBGP peers. + +.. cfgcmd:: set protocols bgp neighbor address-family as-override + + This command override AS number of the originating router with + the local AS number. + + Usually this configuration is used in PEs (Provider Edge) to + replace the incoming customer AS number so the connected CE ( + Customer Edge) can use the same AS number as the other customer + sites. This allows customers of the provider network to use the + same AS number across their sites. + + This command is only allowed for eBGP peers. + +.. cfgcmd:: set protocols bgp neighbor address-family attribute-unchanged + + This command specifies attributes to be left unchanged for + advertisements sent to a peer. + +.. cfgcmd:: set protocols bgp neighbor address-family maximum-prefix + + This command specifies a maximum number of prefixes we can receive + from a given peer. If this number is exceeded, the BGP session + will be destroyed. The number range is 1 to 4294967295. + +.. cfgcmd:: set protocols bgp neighbor address-family nexthop-self + + This command forces the BGP speaker to report itself as the + next hop for an advertised route it advertised to a neighbor. + +.. cfgcmd:: set protocols bgp neighbor address-family remove-private-as + + This command removes the private ASN of routes that are advertised + to the configured peer. It removes only private ASNs on routes + advertised to EBGP peers. + + If the AS-Path for the route has only private ASNs, the private + ASNs are removed. + + If the AS-Path for the route has a private ASN between public + ASNs, it is assumed that this is a design choice, and the + private ASN is not removed. + +.. cfgcmd:: set protocols bgp neighbor address-family weight + + This command specifies a default weight value for the neighbor’s + routes. The number range is 1 to 65535. + +Timers +------ + +.. cfgcmd:: set protocols bgp timers holdtime + + This command specifies hold-time in seconds. The timer can + range from 4 to 65535.The default value is 180 second. If + you set value to 0 VyOS will not hold routes. + +.. cfgcmd:: set protocols bgp timers keepalive + + This command specifies keep-alive time in seconds. The timer + can range from 4 to 65535.The default value is 60 second. + +Configuration Examples +---------------------- + IPv4 ^^^^ -- cgit v1.2.3 From f7a079f8081f9703bd762adb5a8d5626079d80ef Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Tue, 5 Jan 2021 20:12:04 +0400 Subject: bgp: extend current brief documentation - add route aggregation configuration section; - add commands for peer configuration; - add peer groups configuration section - add redistribution configuration - add general configuration --- docs/configuration/protocols/bgp.rst | 186 ++++++++++++++++++++++++++++++++--- 1 file changed, 170 insertions(+), 16 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index b2858222..54d996e8 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -236,11 +236,6 @@ Route Selection This command specifies the default local preference value. The local preference range is 0 to 4294967295. -.. cfgcmd:: set protocols bgp parameters default no-ipv4-unicast - - This command allows the user to specify that IPv4 peering is turned off by - default. - .. cfgcmd:: set protocols bgp parameters deterministic-med This command provides to compare different MED values that advertised by @@ -272,14 +267,66 @@ Network Advertisement This command is used for advertising IPv4 or IPv6 networks. - .. note:: By default, the BGP prefix is advertised even if it's not - present in the routing table. This behaviour differs from the - implementation of some vendors. + .. note:: By default, the BGP prefix is advertised even if it's not present in + the routing table. This behaviour differs from the implementation of some vendors. .. cfgcmd:: set protocols bgp parameters network-import-check This configuration modifies the behavior of the network statement. - If you have this configured the underlying network must exist in the rib + If you have this configured the underlying network must exist in the + routing table. + +Route Aggregation +----------------- + +.. cfgcmd:: set protocols bgp address-family aggregate-address + + This command specifies an aggregate address. The router will also + announce longer-prefixes inside of the aggregate address. + +.. cfgcmd:: set protocols bgp address-family aggregate-address as-set + + This command specifies an aggregate address with a mathematical set of + autonomous systems. This command summarizes the AS_PATH attributes of + all the individual routes. + +.. cfgcmd:: set protocols bgp address-family aggregate-address summary-only + + This command specifies an aggregate address and provides that + longer-prefixes inside of the aggregate address are suppressed + before sending BGP updates out to peers. + +Redistribution +-------------- + +.. cfgcmd:: set protocols bgp address-family redistribute connected + + Redistribute connected routes to BGP process. + +.. cfgcmd:: set protocols bgp address-family redistribute kernel + + Redistribute kernel routes to BGP process. + +.. cfgcmd:: set protocols bgp address-family redistribute ospf + + Redistribute OSPF routes to BGP process. + +.. cfgcmd:: set protocols bgp address-family redistribute rip + + Redistribute RIP routes to BGP process. + +.. cfgcmd:: set protocols bgp address-family redistribute static + + Redistribute static routes to BGP process. + +.. cfgcmd:: set protocols bgp address-family redistribute metric + + This command specifies metric (MED) for redistributed routes. The + metric range is 0 to 4294967295. + +.. cfgcmd:: set protocols bgp address-family redistribute route-map + + This command allows to use route map to filter redistributed routes. Peers ----- @@ -291,7 +338,7 @@ Defining Peers This command creates a new neighbor whose remote-as is NASN. The neighbor address can be an IPv4 address or an IPv6 address or an interface to use - for the connection. + for the connection. The command it applicable for peer and peer group. .. cfgcmd:: set protocols bgp neighbor remote-as internal @@ -307,12 +354,17 @@ Defining Peers .. cfgcmd:: set protocols bgp neighbor shutdown - This command disable the peer. To reenable the peer use the delete - form of this command. + This command disable the peer or peer group. To reenable the peer use + the delete form of this command. .. cfgcmd:: set protocols bgp neighbor description - Set description of the peer. + Set description of the peer or peer group. + +.. cfgcmd:: set protocols bgp neighbor update-source + + Specify the IPv4 source address to use for the BGP session to this neighbour, + may be specified as either an IPv4 address directly or as an interface name. Capability Negotiation ^^^^^^^^^^^^^^^^^^^^^^ @@ -379,7 +431,8 @@ Peer Parameters The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path. - This command is only allowed for eBGP peers. + This command is only allowed for eBGP peers. It is not applicable + for peer groups. .. cfgcmd:: set protocols bgp neighbor address-family as-override @@ -397,7 +450,7 @@ Peer Parameters .. cfgcmd:: set protocols bgp neighbor address-family attribute-unchanged This command specifies attributes to be left unchanged for - advertisements sent to a peer. + advertisements sent to a peer or peer group. .. cfgcmd:: set protocols bgp neighbor address-family maximum-prefix @@ -428,8 +481,109 @@ Peer Parameters This command specifies a default weight value for the neighbor’s routes. The number range is 1 to 65535. +.. cfgcmd:: set protocols bgp neighbor advertisement-interval + + This command specifies the minimum route advertisement interval for + the peer. This number is between 0 and 600 seconds, with the default + advertisement interval being 0. + +.. cfgcmd:: set protocols bgp neighbor disable-connected-check + + This command allows peerings between directly connected eBGP peers + using loopback addresses without adjusting the default TTL of 1. + +.. cfgcmd:: set protocols bgp neighbor ebgp-multihop + + This command allows sessions to be established with eBGP neighbors + when they are multiple hops away. When the neighbor is not directly + connected and this knob is not enabled, the session will not establish. + The number of hops range is 1 to 255. + +.. cfgcmd:: set protocols bgp neighbor local-as [no-prepend] [replace-as] + + Specify an alternate AS for this BGP process when interacting with + the specified peer or peer group. With no modifiers, the specified + local-as is prepended to the received AS_PATH when receiving routing + updates from the peer, and prepended to the outgoing AS_PATH (after + the process local AS) when transmitting local routes to the peer. + + If the :cfgcmd:`no-prepend` attribute is specified, then the supplied + local-as is not prepended to the received AS_PATH. + + If the :cfgcmd:`replace-as` attribute is specified, then only the supplied + local-as is prepended to the AS_PATH when transmitting local-route + updates to this peer. + + Note that replace-as can only be specified if no-prepend is. + This command is only allowed for eBGP peers. + +.. cfgcmd:: set protocols bgp neighbor passive + + Configures the BGP speaker so that it only accepts inbound connections + from, but does not initiate outbound connections to the peer or peer group. + +.. cfgcmd:: set protocols bgp neighbor ttl-security hops + + This command enforces Generalized TTL Security Mechanism (GTSM), + as specified in :rfc:`5082`. With this command, only neighbors + that are the specified number of hops away will be allowed to + become neighbors. The number of hops range is 1 to 254.This + command is mutually exclusive with :cfgcmd:`ebgp-multihop`. + +Peer Groups +^^^^^^^^^^^ + +Peer groups are used to help improve scaling by generating the same update +information to all members of a peer group. Note that this means that the +routes generated by a member of a peer group will be sent back to that +originating peer with the originator identifier attribute set to indicated +the originating peer. All peers not associated with a specific peer group +are treated as belonging to a default peer group, and will share updates. + +.. cfgcmd:: set protocols bgp peer-group + + This command defines a new peer group. You can specify to the group + the same parameters that you can specify for specific neighbors. + +.. cfgcmd:: set protocols bgp neighbor peer-group + + This command bind specific peer to peer group with a given name. + +General configuration +--------------------- + +.. cfgcmd:: set protocols bgp maximum-paths + + This command defines the maximum number of parallel routes that + the BGP can support. In order for BGP to use the second path, the + following attributes have to match: Weight, Local Preference, AS + Path (both AS number and AS path length), Origin code, MED, IGP + metric. Also, the next hop address for each path must be different. + +.. cfgcmd:: set protocols bgp parameters default no-ipv4-unicast + + This command allows the user to specify that IPv4 peering is turned off by + default. + +.. cfgcmd:: set protocols bgp parameters log-neighbor-changes + + Tis command enable logging neighbor up/down changes and reset reason. + +.. cfgcmd:: set protocols bgp parameters no-client-to-client-reflection + + Tis command disables route reflection between route reflector clients. + By default, the clients of a route reflector are not required to be + fully meshed and the routes from a client are reflected to other clients. + However, if the clients are fully meshed, route reflection is not required. + In this case, use the :cfgcmd:`no-client-to-client-reflection` command + to disable client-to-client reflection. + +.. cfgcmd:: set protocols bgp parameters no-fast-external-failover + + Disable immediate sesison reset if peer's connected link goes down. + Timers ------- +^^^^^^ .. cfgcmd:: set protocols bgp timers holdtime -- cgit v1.2.3 From 760c6a753032cda4b55903de9a0cc70192f60829 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Wed, 6 Jan 2021 21:49:02 +0400 Subject: bgp: add operational level command reference Add operational command section --- docs/configuration/protocols/bgp.rst | 138 ++++++++++++++++++++++++++++++++++- 1 file changed, 136 insertions(+), 2 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 54d996e8..b577e5b9 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -497,7 +497,8 @@ Peer Parameters This command allows sessions to be established with eBGP neighbors when they are multiple hops away. When the neighbor is not directly connected and this knob is not enabled, the session will not establish. - The number of hops range is 1 to 255. + The number of hops range is 1 to 255. This command is mutually + exclusive with :cfgcmd:`ttl-security hops`. .. cfgcmd:: set protocols bgp neighbor local-as [no-prepend] [replace-as] @@ -527,7 +528,7 @@ Peer Parameters This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are the specified number of hops away will be allowed to - become neighbors. The number of hops range is 1 to 254.This + become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`. Peer Groups @@ -596,6 +597,139 @@ Timers This command specifies keep-alive time in seconds. The timer can range from 4 to 65535.The default value is 60 second. +Operational Mode Commands +========================= + +Show +---- + +.. opcmd:: show bgp + + This command displays all entries in BGP routing table. + +.. code-block:: none + + BGP table version is 10, local router ID is 10.0.35.3, vrf id 0 + Default local pref 100, local AS 65000 + Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, + i internal, r RIB-failure, S Stale, R Removed + Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self + Origin codes: i - IGP, e - EGP, ? - incomplete + + Network Next Hop Metric LocPrf Weight Path + *> 198.51.100.0/24 10.0.34.4 0 0 65004 i + *> 203.0.113.0/24 10.0.35.5 0 0 65005 i + + Displayed 2 routes and 2 total paths + +.. opcmd:: show bgp + + This command displays information about the particular entry in the BGP routing table. + +.. code-block:: none + + BGP routing table entry for 198.51.100.0/24 + Paths: (1 available, best #1, table default) + Advertised to non peer-group peers: + 10.0.13.1 10.0.23.2 10.0.34.4 10.0.35.5 + 65004 + 10.0.34.4 from 10.0.34.4 (10.0.34.4) + Origin IGP, metric 0, valid, external, best (First path received) + Last update: Wed Jan 6 12:18:53 2021 + +.. opcmd:: show ip bgp cidr-only + + This command displays routes with classless interdomain routing (CIDR). + +.. opcmd:: show bgp community + + This command displays routes that belong to specified BGP communities. + Valid value is a community number in the range from 1 to 4294967200, + or AA:NN (autonomous system-community number/2-byte number), no-export, + local-as, or no-advertise. + +.. opcmd:: show bgp community-list + + This command displays routes that are permitted by the BGP + community list. + +.. opcmd:: show ip bgp dampened-paths + + This command displays BGP dampened routes. + +.. opcmd:: show bgp neighbors
advertised-routes + + This command displays BGP routes advertised to a neighbor. + +.. opcmd:: show bgp neighbors
received-routes + + This command displays BGP routes originating from the specified BGP + neighbor before inbound policy is applied. To use this command inbound + soft reconfiguration must be enabled. + +.. opcmd:: show bgp neighbors
routes + + This command displays BGP received-routes that are accepted after filtering. + +.. opcmd:: show bgp neighbors
dampened-routes + + This command displays dampened routes received from BGP neighbor. + +.. opcmd:: show bgp regexp + + This command displays information about BGP routes whose AS path + matches the specified regular expression. + +.. opcmd:: show bgp summary + + This command displays the status of all BGP connections. + +.. code-block:: none + + IPv4 Unicast Summary: + BGP router identifier 10.0.35.3, local AS number 65000 vrf-id 0 + BGP table version 11 + RIB entries 5, using 920 bytes of memory + Peers 4, using 82 KiB of memory + + Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd + 10.0.13.1 4 65000 148 159 0 0 0 02:16:01 0 + 10.0.23.2 4 65000 136 143 0 0 0 02:13:21 0 + 10.0.34.4 4 65004 161 163 0 0 0 02:16:01 1 + 10.0.35.5 4 65005 162 166 0 0 0 02:16:01 1 + + Total number of neighbors 4 + +Reset +----- + +.. opcmd:: reset bgp
[soft [in|out]] + + This command resets BGP connections to the specified neighbor IP address. + With argument :cfgcmd:`soft` this command initiates a soft reset. If + you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both + inbound and outbound soft reconfiguration are triggered. + +.. opcmd:: reset ip bgp all + + This command resets all BGP connections of given router. + +.. opcmd:: reset ip bgp dampening + + This command uses to clear BGP route dampening information and to + unsuppress suppressed routes. + +.. opcmd:: reset ip bgp external + + This command resets all external BGP peers of given router. + +.. opcmd:: reset ip bgp peer-group [soft [in|out]] + + This command resets BGP connections to the specified peer group. + With argument :cfgcmd:`soft` this command initiates a soft reset. If + you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both + inbound and outbound soft reconfiguration are triggered. + Configuration Examples ---------------------- -- cgit v1.2.3 From 64781cbbfd6456a6b92abf6507aefb8d82e80d5f Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Wed, 6 Jan 2021 21:50:16 +0400 Subject: Update ospf.rst add command and their explanation --- docs/configuration/protocols/ospf.rst | 86 +++++++++++++++++++++++++++++++---- 1 file changed, 78 insertions(+), 8 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index a4188c68..77bb34b0 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -19,20 +19,90 @@ OSPF is a widely used IGP in large enterprise networks. OSPFv2 (IPv4) ############# -In order to have a VyOS system exchanging routes with OSPF neighbors, you will -at least need to configure an OSPF area and some network. +.. cfgcmd:: set protocols ospf area -.. code-block:: none + This command is udes to enable the OSPF process. The area number can be + specified in decimal notation in the range from 0 to 4294967295. Or it + can be specified in dotted decimal notation similar to ip address. - set protocols ospf area 0 network 192.168.0.0/24 +.. cfgcmd:: set protocols ospf area network A.B.C.D/M -That is the minimum configuration you will need. -It is a good practice to define the router ID too. + This command specifies the OSPF enabled interface(s). If the interface has + an address from defined range then the command enables ospf on this + interface so router can provide network information to the other ospf + routers via this interface. -.. code-block:: none +.. cfgcmd:: set protocols ospf auto-cost reference-bandwidth - set protocols ospf parameters router-id 10.1.1.1 + This command sets the reference bandwidth for cost calculations, where + bandwidth can be in range from 1 to 4294967, specified in Mbits/s. The + default is 100Mbit/s (i.e. a link of bandwidth 100Mbit/s or higher will + have a cost of 1. Cost of lower bandwidth links will be scaled with + reference to this cost). + +.. cfgcmd:: set protocols ospf default-information originate [always] [metric ] [metric-type <1|2>] [route-map ] + + Originate an AS-External (type-5) LSA describing a default route into all + external-routing capable areas, of the specified metric and metric type. + If the :cfgcmd:`always` keyword is given then the default is always advertised, + even when there is no default present in the routing table. The argument + :cfgcmd:`route-map` specifies to advertise the default route if the route map + is satisfied. + +.. cfgcmd:: set protocols ospf default-metric + + This command specifies the default metric value of redistributed routes. + The metric range is 0 to 16777214. + +.. cfgcmd:: set protocols ospf distance global + + This command change distance value of OSPF. The distance range is 1 to 255. + +.. cfgcmd:: set protocols ospf distance ospf + + This command change distance value of OSPF. The arguments are the distance + values for external routes, inter-area routes and intra-area routes + respectively. The distance range is 1 to 255. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + +.. cfgcmd:: set protocols ospf parameters router-id + + This command sets the router-ID of the OSPF process. The router-ID may be an + IP address of the router, but need not be - it can be any arbitrary 32bit number. + However it MUST be unique within the entire OSPF domain to the OSPF speaker – bad + things will happen if multiple OSPF speakers are configured with the same router-ID! + +.. cfgcmd:: set protocols ospf parameters rfc1583-compatibility + + :rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) + in section 16.4.1 a change to the path preference algorithm that prevents possible + routing loops that were possible in the old version of OSPFv2. More specifically it + demands that inter-area paths and intra-area backbone path are now of equal preference + but still both preferred to external paths. + + This command should NOT be set normally. + +.. cfgcmd:: set protocols ospf passive-interface + + This command specifies interface as passive. Passive interface advertises its address, + but does not run the OSPF protocol (adjacencies are not formed and hello packets are + not generated). + +.. cfgcmd:: set protocols ospf passive-interface default + + This command specifies all interfaces as passive by default. Because this command changes + the configuration logic to a default passive; therefore, interfaces where router adjacencies + are expected need to be configured with the :cfgcmd:`passive-interface-exclude` command. + +.. cfgcmd:: set protocols ospf passive-interface-exclude + + This command allows exclude interface from passive state. This command is used if the + command :cfgcmd:`passive-interface default` was configured. +Configuration example +--------------------- Below you can see a typical configuration using 2 nodes, redistribute loopback address and the node 1 sending the default route: -- cgit v1.2.3 From bf5a8171be5d5a3985d7f7a134af7f086bc90b29 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Thu, 7 Jan 2021 15:08:11 +0400 Subject: Update ospf.rst --- docs/configuration/protocols/ospf.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 77bb34b0..acb1bce8 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -25,10 +25,10 @@ OSPFv2 (IPv4) specified in decimal notation in the range from 0 to 4294967295. Or it can be specified in dotted decimal notation similar to ip address. -.. cfgcmd:: set protocols ospf area network A.B.C.D/M +.. cfgcmd:: set protocols ospf area network This command specifies the OSPF enabled interface(s). If the interface has - an address from defined range then the command enables ospf on this + an address from defined range then the command enables OSPF on this interface so router can provide network information to the other ospf routers via this interface. -- cgit v1.2.3 From 188cf6695622c5cd43d695a01c38327efedfd239 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Fri, 8 Jan 2021 21:39:29 +0400 Subject: ospf: update routing protocol command definitions --- docs/configuration/protocols/ospf.rst | 259 +++++++++++++++++++++++++++++++++- 1 file changed, 253 insertions(+), 6 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index acb1bce8..77ed4a37 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -19,6 +19,9 @@ OSPF is a widely used IGP in large enterprise networks. OSPFv2 (IPv4) ############# +General configuration +--------------------- + .. cfgcmd:: set protocols ospf area This command is udes to enable the OSPF process. The area number can be @@ -49,11 +52,6 @@ OSPFv2 (IPv4) :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied. -.. cfgcmd:: set protocols ospf default-metric - - This command specifies the default metric value of redistributed routes. - The metric range is 0 to 16777214. - .. cfgcmd:: set protocols ospf distance global This command change distance value of OSPF. The distance range is 1 to 255. @@ -70,10 +68,27 @@ OSPFv2 (IPv4) .. cfgcmd:: set protocols ospf parameters router-id This command sets the router-ID of the OSPF process. The router-ID may be an - IP address of the router, but need not be - it can be any arbitrary 32bit number. + IP address of the router, but need not be – it can be any arbitrary 32bit number. However it MUST be unique within the entire OSPF domain to the OSPF speaker – bad things will happen if multiple OSPF speakers are configured with the same router-ID! +.. cfgcmd:: set protocols ospf parameters abr-type + + This command selects ABR model. OSPF router supports four ABR models: + + "cisco" – a router will be considered as ABR if it has several configured links to + the networks in different areas one of which is a backbone area. Moreover, the link + to the backbone area should be active (working). + "ibm" – identical to "cisco" model but in this case a backbone area link may not be active. + "standard" – router has several active links to different areas. + "shortcut" – identical to "standard" but in this model a router is allowed to use a + connected areas topology without involving a backbone area for inter-area connections. + + Detailed information about "cisco" and "ibm" models differences can be found in :rfc:`3509`. + A "shortcut" model allows ABR to create routes between areas based on the topology of the + areas connected to this router but not using a backbone area in case if non-backbone route + will be cheaper. For more information about "shortcut" model, see :t:`ospf-shortcut-abr-02.txt` + .. cfgcmd:: set protocols ospf parameters rfc1583-compatibility :rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) @@ -101,6 +116,238 @@ OSPFv2 (IPv4) This command allows exclude interface from passive state. This command is used if the command :cfgcmd:`passive-interface default` was configured. +.. cfgcmd:: set protocols ospf refresh timers + + The router automatically updates link-state information with its neighbors. Only an obsolete + information is updated which age has exceeded a specific threshold. This parameter changes + a threshold value, which by default is 1800 seconds (half an hour). The value is applied + to the whole OSPF router. The timer range is 10 to 1800. + + +Areas configuration +------------------- + +.. cfgcmd:: set protocols ospf area area-type stub + + This command specifies the area to be a Stub Area. That is, an area where no router + originates routes external to OSPF and hence an area where all external routes are + via the ABR(s). Hence, ABRs for such an area do not need to pass AS-External LSAs + (type-5) or ASBR-Summary LSAs (type-4) into the area. They need only pass + Network-Summary (type-3) LSAs into such an area, along with a default-route summary. + +.. cfgcmd:: set protocols ospf area area-type stub no-summary + + This command specifies the area to be a Totally Stub Area. In addition to stub area + limitations this area type prevents an ABR from injecting Network-Summary (type-3) + LSAs into the specified stub area. Only default summary route is allowed. + +.. cfgcmd:: set protocols ospf area area-type stub default-cost + + This command sets the cost of default-summary LSAs announced to stubby areas. + The cost range is 0 to 16777215. + +.. cfgcmd:: set protocols ospf area area-type nssa + + This command specifies the area to be a Not So Stubby Area. External routing information + is imported into an NSSA in Type-7 LSAs. Type-7 LSAs are similar to Type-5 AS-external + LSAs, except that they can only be flooded into the NSSA. In order to further propagate + the NSSA external information, the Type-7 LSA must be translated to a Type-5 + AS-external-LSA by the NSSA ABR. + +.. cfgcmd:: set protocols ospf area area-type nssa no-summary + + This command specifies the area to be a NSSA Totally Stub Area. ABRs for such an area do + not need to pass Network-Summary (type-3) LSAs (except the default summary route), + ASBR-Summary LSAs (type-4) and AS-External LSAs (type-5) into the area. But Type-7 LSAs + that convert to Type-5 at the NSSA ABR are allowed. + +.. cfgcmd:: set protocols ospf area area-type nssa default-cost + + This command sets the default cost of LSAs announced to NSSA areas. + The cost range is 0 to 16777215. + +.. cfgcmd:: set protocols ospf area area-type nssa translate + + Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into + Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless + of the translator state of other NSSA border routers. When role is Candidate, this router + participates in the translator election to determine if it will perform the translations + duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs. + +.. cfgcmd:: set protocols ospf area authentication plaintext-password + + This command specifies that simple password authentication should be used for the given + area. The password must also be configured on a per-interface basis. + +.. cfgcmd:: set protocols ospf area authentication md5 + + This command specify that OSPF packets must be authenticated with MD5 HMACs within the + given area. Keying material must also be configured on a per-interface basis. + +.. cfgcmd:: set protocols ospf area shortcut + + This parameter allows to "shortcut" routes (non-backbone) for inter-area routes. There + are three modes available for routes shortcutting: + + "default" – this area will be used for shortcutting only if ABR does not have a link + to the backbone area or this link was lost. + "enable" – the area will be used for shortcutting every time the route that goes through + it is cheaper. + "disable" – this area is never used by ABR for routes shortcutting. + +.. cfgcmd:: set protocols ospf area virtual-link + + Provides a backbone area coherence by virtual link establishment. + + In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully + connected. I.e. any backbone area router must have a route to any other backbone area + router. Moreover, every ABR must have a link to backbone area. However, it is not always + possible to have a physical link to a backbone area. In this case between two ABR (one + of them has a link to the backbone area) in the area (not stub area) a virtual link is organized. + + – area identifier through which a virtual link goes. + – ABR router-id with which a virtual link is established. Virtual link must be + configured on both routers. + + Formally, a virtual link looks like a point-to-point network connecting two ABR from one + area one of which physically connected to a backbone area. This pseudo-network is considered + to belong to a backbone area. + + +Interfaces configuration +------------------------ + +.. cfgcmd:: set interfaces ip ospf authentication plaintext-password + + This command sets OSPF authentication key to a simple password. After setting, all OSPF + packets are authenticated. Key has length up to 8 chars. + + Simple text password authentication is insecure and deprecated in favour of MD5 HMAC + authentication. + +.. cfgcmd:: set interfaces ip ospf authentication md5 key-id md5-key + + This command specifys that MD5 HMAC authentication must be used on this interface. It sets + OSPF authentication key to a cryptographic password. Key-id identifies secret key used to + create the message digest. This ID is part of the protocol and must be consistent across + routers on a link. The key can be long up to 16 chars (larger strings will be truncated), + and is associated with the given key-id. + +.. cfgcmd:: set interfaces ip ospf bandwidth + + This command sets the interface bandwidth for cost calculations, where + bandwidth can be in range from 1 to 100000, specified in Mbits/s. + +.. cfgcmd:: set interfaces ip ospf cost + + This command sets link cost for the specified interface. The cost value is set to + router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535. + +.. cfgcmd:: set interfaces ip ospf dead-interval + + Set number of seconds for router Dead Interval timer value used for Wait Timer and + Inactivity Timer. This value must be the same for all routers attached to a common + network. The default value is 40 seconds. The interval range is 1 to 65535. + +.. cfgcmd:: set interfaces ip ospf hello-interval + + Set number of seconds for Hello Interval timer value. Setting this value, Hello + packet will be sent every timer value seconds on the specified interface. This + value must be the same for all routers attached to a common network. The default + value is 10 seconds. The interval range is 1 to 65535. + +.. cfgcmd:: set interfaces ip ospf mtu-ignore + + This command disables check of the MTU value in the OSPF DBD packets. Thus, use + of this command allows the OSPF adjacency to reach the FULL state even though + there is an interface MTU mismatch between two OSPF routers. + +.. cfgcmd:: set interfaces ip ospf network + + This command allows to specify the distribution type for the network connected + to this interface: + + "broadcast" – broadcast IP addresses distribution. + "non-broadcast" – address distribution in NBMA networks topology. + "point-to-multipoint" – address distribution in point-to-multipoint networks. + "point-to-point" – address distribution in point-to-point networks. + +.. cfgcmd:: set interfaces ip ospf priority + + This command sets Router Priority integer value. The router with the highest + priority will be more eligible to become Designated Router. Setting the value + to 0, makes the router ineligible to become Designated Router. The default value + is 1. The interval range is 0 to 255. + +.. cfgcmd:: set interfaces ip ospf retransmit-interval + + This command sets number of seconds for RxmtInterval timer value. This value is used + when retransmitting Database Description and Link State Request packets if acknowledge + was not received. The default value is 5 seconds. The interval range is 3 to 65535. + +.. cfgcmd:: set interfaces ip ospf transmit-delay + + This command sets number of seconds for InfTransDelay value. It allows to set and adjust + for each interface the delay interval before starting the synchronizing process of the + router's database with all neighbors. The default value is 1 seconds. The interval range + is 3 to 65535. + + +Redistribution configuration +---------------------------- + +.. cfgcmd:: set protocols ospf redistribute bgp + + Redistribute BGP routes to OSPF process. + +.. cfgcmd:: set protocols ospf redistribute connected + + Redistribute connected routes to OSPF process. + +.. cfgcmd:: set protocols ospf redistribute kernel + + Redistribute kernel routes to OSPF process. + +.. cfgcmd:: set protocols ospf redistribute rip + + Redistribute RIP routes to OSPF process. + +.. cfgcmd:: set protocols ospf redistribute static + + Redistribute static routes to OSPF process. + +.. cfgcmd:: set protocols ospf default-metric + + This command specifies the default metric value of redistributed routes. + The metric range is 0 to 16777214. + +.. cfgcmd:: set protocols ospf redistribute metric + + This command specifies metric for redistributed routes from given route source. There + are five modes available for route source: bgp, connected, kernel, rip, static. The + metric range is 1 to 16. + +.. cfgcmd:: set protocols ospf redistribute metric-type <1|2> + + This command specifies metric type for redistributed routes. Difference between two metric + types that metric type 1 is a metric which is "commensurable" with inner OSPF links. When + calculating a metric to the external destination, the full path metric is calculated as a + metric sum path of a router which had advertised this link plus the link metric. Thus, a + route with the least summary metric will be selected. If external link is advertised with + metric type 2 the path is selected which lies through the router which advertised this link + with the least metric despite of the fact that internal path to this router is longer (with + more cost). However, if two routers advertised an external link and with metric type 2 the + preference is given to the path which lies through the router with a shorter internal path. + If two different routers advertised two links to the same external destimation but with + different metric type, metric type 1 is preferred. If type of a metric left undefined the + router will consider these external links to have a default metric type 2. + +.. cfgcmd:: set protocols ospf redistribute route-map + + This command allows to use route map to filter redistributed routes from given route source. + There are five modes available for route source: bgp, connected, kernel, rip, static. + + Configuration example --------------------- -- cgit v1.2.3 From e9a0b934175a89ce4998e2157e5ba98ffa016665 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Sat, 9 Jan 2021 23:49:26 +0400 Subject: ospf: updates --- docs/configuration/protocols/ospf.rst | 323 +++++++++++++++++++++++++++++++--- 1 file changed, 300 insertions(+), 23 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 77ed4a37..7d9950e6 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -1,5 +1,3 @@ -.. include:: /_include/need_improvement.txt - .. _routing-ospf: #### @@ -19,7 +17,7 @@ OSPF is a widely used IGP in large enterprise networks. OSPFv2 (IPv4) ############# -General configuration +General Configuration --------------------- .. cfgcmd:: set protocols ospf area @@ -43,6 +41,17 @@ General configuration have a cost of 1. Cost of lower bandwidth links will be scaled with reference to this cost). +.. cfgcmd:: set protocols ospf parameters router-id + + This command sets the router-ID of the OSPF process. The router-ID may be an + IP address of the router, but need not be – it can be any arbitrary 32bit number. + However it MUST be unique within the entire OSPF domain to the OSPF speaker – bad + things will happen if multiple OSPF speakers are configured with the same router-ID! + + +Optional Configuration +---------------------- + .. cfgcmd:: set protocols ospf default-information originate [always] [metric ] [metric-type <1|2>] [route-map ] Originate an AS-External (type-5) LSA describing a default route into all @@ -65,23 +74,36 @@ General configuration .. note:: Routes with a distance of 255 are effectively disabled and not installed into the kernel. -.. cfgcmd:: set protocols ospf parameters router-id +.. cfgcmd:: set protocols ospf log-adjacency-changes [detail] + + This command allows to log changes in adjacency. With the optional + :cfgcmd:`detail` argument, all changes in adjacency status are shown. + Without :cfgcmd:`detail`, only changes to full or regressions are shown. + +.. cfgcmd:: set protocols ospf max-metric router-lsa |on-startup > + + This enables :rfc:`3137` support, where the OSPF process describes its + transit links in its router-LSA as having infinite distance so that other + routers will avoid calculating transit paths through the router while + still being able to reach networks through the router. - This command sets the router-ID of the OSPF process. The router-ID may be an - IP address of the router, but need not be – it can be any arbitrary 32bit number. - However it MUST be unique within the entire OSPF domain to the OSPF speaker – bad - things will happen if multiple OSPF speakers are configured with the same router-ID! + This support may be enabled administratively (and indefinitely) with the + :cfgcmd:`administrative` command. It may also be enabled conditionally. + Conditional enabling of max-metric router-lsas can be for a period of + seconds after startup with the :cfgcmd:`on-startup ` command + and/or for a period of seconds prior to shutdown with the + :cfgcmd:`on-shutdown ` command. The time range is 5 to 86400. .. cfgcmd:: set protocols ospf parameters abr-type This command selects ABR model. OSPF router supports four ABR models: - "cisco" – a router will be considered as ABR if it has several configured links to + **cisco** – a router will be considered as ABR if it has several configured links to the networks in different areas one of which is a backbone area. Moreover, the link to the backbone area should be active (working). - "ibm" – identical to "cisco" model but in this case a backbone area link may not be active. - "standard" – router has several active links to different areas. - "shortcut" – identical to "standard" but in this model a router is allowed to use a + **ibm** – identical to "cisco" model but in this case a backbone area link may not be active. + **standard** – router has several active links to different areas. + **shortcut** – identical to "standard" but in this model a router is allowed to use a connected areas topology without involving a backbone area for inter-area connections. Detailed information about "cisco" and "ibm" models differences can be found in :rfc:`3509`. @@ -123,8 +145,18 @@ General configuration a threshold value, which by default is 1800 seconds (half an hour). The value is applied to the whole OSPF router. The timer range is 10 to 1800. +.. cfgcmd:: set protocols ospf timers throttle spf + + This command sets the initial delay, the initial-holdtime and the maximum-holdtime between + when SPF is calculated and the event which triggered the calculation. The times are specified + in milliseconds and must be in the range of 0 to 600000 milliseconds. :cfgcmd:`delay` sets + the initial SPF schedule delay in milliseconds. The default value is 200 ms. + :cfgcmd:`initial-holdtime` sets the minimum hold time between two consecutive SPF calculations. + The default value is 1000 ms. :cfgcmd:`max-holdtime` sets the maximum wait time between two + consecutive SPF calculations. The default value is 10000 ms. + -Areas configuration +Areas Configuration ------------------- .. cfgcmd:: set protocols ospf area area-type stub @@ -189,11 +221,11 @@ Areas configuration This parameter allows to "shortcut" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting: - "default" – this area will be used for shortcutting only if ABR does not have a link + **default** – this area will be used for shortcutting only if ABR does not have a link to the backbone area or this link was lost. - "enable" – the area will be used for shortcutting every time the route that goes through + **enable** – the area will be used for shortcutting every time the route that goes through it is cheaper. - "disable" – this area is never used by ABR for routes shortcutting. + **disable** – this area is never used by ABR for routes shortcutting. .. cfgcmd:: set protocols ospf area virtual-link @@ -214,7 +246,7 @@ Areas configuration to belong to a backbone area. -Interfaces configuration +Interfaces Configuration ------------------------ .. cfgcmd:: set interfaces ip ospf authentication plaintext-password @@ -267,10 +299,10 @@ Interfaces configuration This command allows to specify the distribution type for the network connected to this interface: - "broadcast" – broadcast IP addresses distribution. - "non-broadcast" – address distribution in NBMA networks topology. - "point-to-multipoint" – address distribution in point-to-multipoint networks. - "point-to-point" – address distribution in point-to-point networks. + **broadcast** – broadcast IP addresses distribution. + **non-broadcast** – address distribution in NBMA networks topology. + **point-to-multipoint** – address distribution in point-to-multipoint networks. + **point-to-point** – address distribution in point-to-point networks. .. cfgcmd:: set interfaces ip ospf priority @@ -293,7 +325,32 @@ Interfaces configuration is 3 to 65535. -Redistribution configuration +Manual Neighbor Configuration +----------------------------- + +OSPF routing devices normally discover their neighbors dynamically by listening to the broadcast +or multicast hello packets on the network. Because an NBMA network does not support broadcast (or +multicast), the device cannot discover its neighbors dynamically, so you must configure all the +neighbors statically. + +.. cfgcmd:: set protocols ospf neighbor + + This command specifies the IP address of the neighboring device. + +.. cfgcmd:: set protocols ospf neighbor poll-interval + + This command specifies the length of time, in seconds, before the routing device sends hello + packets out of the interface before it establishes adjacency with a neighbor. The range is 1 + to 65535 seconds. The default value is 60 seconds. + +.. cfgcmd:: set protocols ospf neighbor priority + + This command specifies the router priority value of the nonbroadcast neighbor associated with + the IP address specified. The default is 0. This keyword does not apply to point-to-multipoint + interfaces. + + +Redistribution Configuration ---------------------------- .. cfgcmd:: set protocols ospf redistribute bgp @@ -348,7 +405,227 @@ Redistribution configuration There are five modes available for route source: bgp, connected, kernel, rip, static. -Configuration example +Operational Mode Commands +------------------------- + +.. opcmd:: show ip ospf neighbor + + This command displays the neighbors status. + +.. code-block:: none + + Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL + 10.0.13.1 1 Full/DR 38.365s 10.0.13.1 eth0:10.0.13.3 0 0 0 + 10.0.23.2 1 Full/Backup 39.175s 10.0.23.2 eth1:10.0.23.3 0 0 0 + +.. opcmd:: show ip ospf neighbor detail + + This command displays the neighbors information in a detailed form, not just + a summary table. + +.. code-block:: none + + Neighbor 10.0.13.1, interface address 10.0.13.1 + In the area 0.0.0.0 via interface eth0 + Neighbor priority is 1, State is Full, 5 state changes + Most recent state change statistics: + Progressive change 11m55s ago + DR is 10.0.13.1, BDR is 10.0.13.3 + Options 2 *|-|-|-|-|-|E|- + Dead timer due in 34.854s + Database Summary List 0 + Link State Request List 0 + Link State Retransmission List 0 + Thread Inactivity Timer on + Thread Database Description Retransmision off + Thread Link State Request Retransmission on + Thread Link State Update Retransmission on + + Neighbor 10.0.23.2, interface address 10.0.23.2 + In the area 0.0.0.1 via interface eth1 + Neighbor priority is 1, State is Full, 4 state changes + Most recent state change statistics: + Progressive change 41.193s ago + DR is 10.0.23.3, BDR is 10.0.23.2 + Options 2 *|-|-|-|-|-|E|- + Dead timer due in 35.661s + Database Summary List 0 + Link State Request List 0 + Link State Retransmission List 0 + Thread Inactivity Timer on + Thread Database Description Retransmision off + Thread Link State Request Retransmission on + Thread Link State Update Retransmission on + +.. opcmd:: show ip ospf neighbor + + This command displays the neighbors information in a detailed form for a neighbor + whose IP address is specified. + +.. opcmd:: show ip ospf neighbor + + This command displays the neighbors status for a neighbor on the specified + interface. + +.. opcmd:: show ip ospf interface [intname] + + This command displays state and configuration of OSPF the specified interface, + or all interfaces if no interface is given. + +.. code-block:: none + + eth0 is up + ifindex 2, MTU 1500 bytes, BW 4294967295 Mbit + Internet Address 10.0.13.3/24, Broadcast 10.0.13.255, Area 0.0.0.0 + MTU mismatch detection: enabled + Router ID 10.0.23.3, Network Type BROADCAST, Cost: 1 + Transmit Delay is 1 sec, State Backup, Priority 1 + Backup Designated Router (ID) 10.0.23.3, Interface Address 10.0.13.3 + Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters + Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 + Hello due in 4.470s + Neighbor Count is 1, Adjacent neighbor count is 1 + eth1 is up + ifindex 3, MTU 1500 bytes, BW 4294967295 Mbit + Internet Address 10.0.23.3/24, Broadcast 10.0.23.255, Area 0.0.0.1 + MTU mismatch detection: enabled + Router ID 10.0.23.3, Network Type BROADCAST, Cost: 1 + Transmit Delay is 1 sec, State DR, Priority 1 + Backup Designated Router (ID) 10.0.23.2, Interface Address 10.0.23.2 + Saved Network-LSA sequence number 0x80000002 + Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters + Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 + Hello due in 4.563s + Neighbor Count is 1, Adjacent neighbor count is 1 + +.. opcmd:: show ip ospf route + + This command displays the OSPF routing table, as determined by the most recent + SPF calculation. + +.. code-block:: none + + ============ OSPF network routing table ============ + N IA 10.0.12.0/24 [3] area: 0.0.0.0 + via 10.0.13.3, eth0 + N 10.0.13.0/24 [1] area: 0.0.0.0 + directly attached to eth0 + N IA 10.0.23.0/24 [2] area: 0.0.0.0 + via 10.0.13.3, eth0 + N 10.0.34.0/24 [2] area: 0.0.0.0 + via 10.0.13.3, eth0 + + ============ OSPF router routing table ============= + R 10.0.23.3 [1] area: 0.0.0.0, ABR + via 10.0.13.3, eth0 + R 10.0.34.4 [2] area: 0.0.0.0, ASBR + via 10.0.13.3, eth0 + + ============ OSPF external routing table =========== + N E2 172.16.0.0/24 [2/20] tag: 0 + via 10.0.13.3, eth0 + +The table consists of following data: + +**OSPF network routing table** – includes a list of acquired routes for all +accessible networks (or aggregated area ranges) of OSPF system. "IA" flag means +that route destination is in the area to which the router is not connected, i.e. +it’s an inter-area path. In square brackets a summary metric for all links through +which a path lies to this network is specified. "via" prefix defines a +router-gateway, i.e. the first router on the way to the destination (next hop). +**OSPF router routing table** – includes a list of acquired routes to all +accessible ABRs and ASBRs. +**OSPF external routing table** – includes a list of acquired routes that are +external to the OSPF process. "E" flag points to the external link metric type +(E1 – metric type 1, E2 – metric type 2). External link metric is printed in the +"/" format. + +.. opcmd:: show ip ospf border-routers + + This command displays a table of paths to area boundary and autonomous system + boundary routers. + +.. opcmd:: show ip ospf database + + This command displays a summary table with a database contents (LSA). + +.. code-block:: none + + OSPF Router with ID (10.0.13.1) + + Router Link States (Area 0.0.0.0) + + Link ID ADV Router Age Seq# CkSum Link count + 10.0.13.1 10.0.13.1 984 0x80000005 0xd915 1 + 10.0.23.3 10.0.23.3 1186 0x80000008 0xfe62 2 + 10.0.34.4 10.0.34.4 1063 0x80000004 0x4e3f 1 + + Net Link States (Area 0.0.0.0) + + Link ID ADV Router Age Seq# CkSum + 10.0.13.1 10.0.13.1 994 0x80000003 0x30bb + 10.0.34.4 10.0.34.4 1188 0x80000001 0x9411 + + Summary Link States (Area 0.0.0.0) + + Link ID ADV Router Age Seq# CkSum Route + 10.0.12.0 10.0.23.3 1608 0x80000001 0x6ab6 10.0.12.0/24 + 10.0.23.0 10.0.23.3 981 0x80000003 0xe232 10.0.23.0/24 + + AS External Link States + + Link ID ADV Router Age Seq# CkSum Route + 172.16.0.0 10.0.34.4 1063 0x80000001 0xc40d E2 172.16.0.0/24 [0x0] + +.. opcmd:: show ip ospf database [A.B.C.D] [adv-router |self-originate] + + This command displays a database contents for a specific link advertisement type. + + The type can be the following: + asbr-summary, external, network, nssa-external, opaque-area, opaque-as, + opaque-link, router, summary. + + [A.B.C.D] – link-state-id. With this specified the command displays portion of + the network environment that is being described by the advertisement. The value + entered depends on the advertisement’s LS type. It must be entered in the form + of an IP address. + + :cfgcmd:`adv-router ` – router id, which link advertisements need to be + reviewed. + + :cfgcmd:`self-originate` displays only self-originated LSAs from the local router. + +.. code-block:: none + + OSPF Router with ID (10.0.13.1) + + Router Link States (Area 0.0.0.0) + + LS age: 1213 + Options: 0x2 : *|-|-|-|-|-|E|- + LS Flags: 0x3 + Flags: 0x0 + LS Type: router-LSA + Link State ID: 10.0.13.1 + Advertising Router: 10.0.13.1 + LS Seq Number: 80000009 + Checksum: 0xd119 + Length: 36 + + Number of Links: 1 + + Link connected to: a Transit Network + (Link ID) Designated Router address: 10.0.13.1 + (Link Data) Router Interface address: 10.0.13.1 + Number of TOS metrics: 0 + TOS 0 Metric: 1 + +.. opcmd:: show ip ospf database max-age + + This command displays LSAs in MaxAge list. + + +Configuration Example --------------------- Below you can see a typical configuration using 2 nodes, redistribute loopback -- cgit v1.2.3 From ed39728bdfee89c60926bd64914d9bc3166ce0dc Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Mon, 11 Jan 2021 22:42:37 +0400 Subject: rip: add all commands and their explanations --- docs/configuration/protocols/rip.rst | 226 ++++++++++++++++++++++++++++++++++- 1 file changed, 222 insertions(+), 4 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/rip.rst b/docs/configuration/protocols/rip.rst index 0d73ad34..7e7f0afc 100644 --- a/docs/configuration/protocols/rip.rst +++ b/docs/configuration/protocols/rip.rst @@ -1,5 +1,3 @@ -.. include:: /_include/need_improvement.txt - .. _rip: ### @@ -15,8 +13,228 @@ topology. In each update, the distance to any given network will be broadcast to its neighboring router. Supported versions of RIP are: -* RIPv1 as described in :rfc:`1058` -* RIPv2 as described in :rfc:`2453` + + - RIPv1 as described in :rfc:`1058` + - RIPv2 as described in :rfc:`2453` + +General Configuration +--------------------- + +.. cfgcmd:: set protocols rip network + + This command enables RIP and sets the RIP enable interface by NETWORK. + The interfaces which have addresses matching with NETWORK are enabled. + +.. cfgcmd:: set protocols rip interface + + This command specifies a RIP enabled interface by interface name. Both + the sending and receiving of RIP packets will be enabled on the port + specified in this command. + +.. cfgcmd:: set protocols rip neighbor + + This command specifies a RIP neighbor. When a neighbor doesn’t understand + multicast, this command is used to specify neighbors. In some cases, not + all routers will be able to understand multicasting, where packets are + sent to a network or a group of addresses. In a situation where a neighbor + cannot process multicast packets, it is necessary to establish a direct + link between routers. + +.. cfgcmd:: set protocols rip passive-interface interface + + This command sets the specified interface to passive mode. On passive mode + interface, all receiving packets are processed as normal and VyOS does not + send either multicast or unicast RIP packets except to RIP neighbors + specified with neighbor command. + +.. cfgcmd:: set protocols rip passive-interface interface default + + This command specifies all interfaces to passive mode. + + +Optional Configuration +---------------------- + +.. cfgcmd:: set protocols rip default-distance + + This command change distance value of RIP. The distance range is 1 to 255. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + +.. cfgcmd:: set protocols rip network-distance distance + + This command sets default RIP distance to specified value when the route’s + source IP address matches the specified prefix. + +.. cfgcmd:: set protocols rip network-distance access-list + + This command can be used with previous command to sets default RIP distance + to specified value when the route’s source IP address matches the specified + prefix and the specified access-list. + +.. cfgcmd:: set protocols rip default-information originate + + This command generate a default route into the RIP. + +.. cfgcmd:: set protocols rip distribute-list access-list + + This command can be used to filter the RIP path using access lists. + :cfgcmd:`in` and :cfgcmd:`out` this is the direction in which the access + lists are applied. + +.. cfgcmd:: set protocols rip distribute-list interface access-list + + This command allows you apply access lists to a chosen interface to + filter the RIP path. + +.. cfgcmd:: set protocols rip distribute-list prefix-list + + This command can be used to filter the RIP path using prefix lists. + :cfgcmd:`in` and :cfgcmd:`out` this is the direction in which the prefix + lists are applied. + +.. cfgcmd:: set protocols rip distribute-list interface prefix-list + + This command allows you apply prefix lists to a chosen interface to + filter the RIP path. + +.. cfgcmd:: set protocols rip route + + This command is specific to FRR and VyOS. The route command makes a static + route only inside RIP. This command should be used only by advanced users + who are particularly knowledgeable about the RIP protocol. In most cases, + we recommend creating a static route in VyOS and redistributing it in RIP + using :cfgcmd:`redistribute static. + +.. cfgcmd:: set protocols rip timers update + + This command specifies the update timer. Every update timer seconds, the + RIP process is awakened to send an unsolicited response message containing + the complete routing table to all neighboring RIP routers. The time range + is 5 to 2147483647. The default value is 30 seconds. + +.. cfgcmd:: set protocols rip timers timeout + + This command specifies the timeout timer. Upon expiration of the timeout, + the route is no longer valid; however, it is retained in the routing table + for a short time so that neighbors can be notified that the route has been + dropped. The time range is 5 to 2147483647. The default value is 180 + seconds. + +.. cfgcmd:: set protocols rip timers garbage-collection + + This command specifies the garbage-collection timer. Upon expiration of + the garbage-collection timer, the route is finally removed from the + routing table. The time range is 5 to 2147483647. The default value is 120 + seconds. + + +Redistribution Configuration +---------------------------- + +.. cfgcmd:: set protocols rip redistribute + + This command redistributes routing information from the given route source + into the RIP tables. There are five modes available for route source: bgp, + connected, kernel, ospf, static. + +.. cfgcmd:: set protocols rip redistribute metric + + This command specifies metric for redistributed routes from the given route + source. There are five modes available for route source: bgp, connected, + kernel, ospf, static. The metric range is 1 to 16. + +.. cfgcmd:: set protocols rip redistribute route-map + + This command allows to use route map to filter redistributed routes from + the given route source. There are five modes available for route source: + bgp, connected, kernel, ospf, static. + +.. cfgcmd:: set protocols rip default-metric + + This command modifies the default metric (hop count) value for redistributed + routes. The metric range is 1 to 16. The default value is 1. This command + does not affect connected route even if it is redistributed by + :cfgcmd:`redistribute connected`. To modify connected route’s metric + value, please use :cfgcmd:`redistribute connected metric`. + + +Interfaces Configuration +------------------------ + +.. cfgcmd:: set interfaces ip rip authentication plaintext-password + + This command sets the interface with RIP simple password authentication. + This command also sets authentication string. The string must be shorter + than 16 characters. + +.. cfgcmd:: set interfaces ip rip authentication md5 password + + This command sets the interface with RIP MD5 authentication. This command + also sets MD5 Key. The key must be shorter than 16 characters. + +.. cfgcmd:: set interfaces ip rip split-horizon disable + + This command disables split-horizon on the interface. By default, VyOS does + not advertise RIP routes out the interface over which they were learned + (split horizon). + +.. cfgcmd:: set interfaces ip rip split-horizon poison-reverse + + This command enables poison-reverse on the interface. If both poison reverse + and split horizon are enabled, then VyOS advertises the learned routes + as unreachable over the interface on which the route was learned. + + +Operational Mode Commands +------------------------- + +.. opcmd:: show ip rip + + This command displays RIP routes. + +.. code-block:: none + + Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP + Sub-codes: + (n) - normal, (s) - static, (d) - default, (r) - redistribute, + (i) - interface + + Network Next Hop Metric From Tag Time + C(i) 10.0.12.0/24 0.0.0.0 1 self 0 + C(i) 10.0.13.0/24 0.0.0.0 1 self 0 + R(n) 10.0.23.0/24 10.0.12.2 2 10.0.12.2 0 02:53 + +.. opcmd:: show ip rip status + + The command displays current RIP status. It includes RIP timer, filtering, + version, RIP enabled interface and RIP peer information. + +.. code-block:: none + + Routing Protocol is "rip" + Sending updates every 30 seconds with +/-50%, next due in 11 seconds + Timeout after 180 seconds, garbage collect after 120 seconds + Outgoing update filter list for all interface is not set + Incoming update filter list for all interface is not set + Default redistribution metric is 1 + Redistributing: + Default version control: send version 2, receive any version + Interface Send Recv Key-chain + eth0 2 1 2 + eth2 2 1 2 + Routing for Networks: + 10.0.12.0/24 + eth0 + Routing Information Sources: + Gateway BadPackets BadRoutes Distance Last Update + 10.0.12.2 0 0 120 00:00:11 + Distance: (default is 120) + + +Configuration Example +--------------------- Simple RIP configuration using 2 nodes and redistributing connected interfaces. -- cgit v1.2.3 From 0f51282eb49743889eb372e78f6f397c59ede0b4 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Wed, 13 Jan 2021 00:13:59 +0400 Subject: bfd: add command for isis --- docs/configuration/protocols/bfd.rst | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst index 20ff3b8a..4812f930 100644 --- a/docs/configuration/protocols/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -61,17 +61,24 @@ Enable BFD in BGP Enable BFD on a BGP peer group - Enable BFD in OSPF ------------------ -.. cfgcmd:: set interfaces ethernet ip ospf bfd +.. cfgcmd:: set interfaces ethernet ip ospf bfd + + Enable BFD for OSPF on a interface + +.. cfgcmd:: set interfaces ethernet ipv6 ospfv3 bfd - Enable BFD for ospf on a interface + Enable BFD for OSPFv3 on a interface + + +Enable BFD in ISIS +------------------ -.. cfgcmd:: set interfaces ethernet ipv6 ospfv3 bfd +.. cfgcmd:: set protocols isis interface bfd - Enable BFD for ospfv3 on a interface + Enable BFD for ISIS on a interface -- cgit v1.2.3 From 3ab0c2e760941d910f82758f524b025bda6b5478 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Wed, 13 Jan 2021 00:30:41 +0400 Subject: isis: add configuration commands and their explanations --- docs/configuration/protocols/isis.rst | 239 +++++++++++++++++++++++++++++++++- 1 file changed, 233 insertions(+), 6 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 753637f9..71ddc856 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -7,12 +7,13 @@ IS-IS ##### :abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state -interior gateway routing protocol. Like OSPF, IS-IS runs the Dijkstra -shortest-path first (SPF) algorithm to create a database of the network’s -topology and, from that database, to determine the best (that is, shortest) -path to a destination. The routers exchange topology information with their -nearest neighbors. IS-IS runs directly on the data link layer (Layer 2). -IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be +interior gateway routing protocol which is described in ISO10589, +:rfc:`1195`, :rfc:`5308`. Like OSPF, IS-IS runs the Dijkstra shortest-path +first (SPF) algorithm to create a database of the network’s topology and, +from that database, to determine the best (that is, shortest) path to a +destination. The routers exchange topology information with their nearest +neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS +addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. For example :abbr:`NET (Network Entity Title)` @@ -36,6 +37,232 @@ The IS-IS address consists of three parts: NET selector: ``00`` Must always be 00, to indicate "this system". + +General Configuration +--------------------- + +.. cfgcmd:: set protocols isis net + + This command enables the ISIS process by specifying the ISIS domain with + ‘name’. ISIS implementation does not yet support multiple ISIS processes + but you must specify the name of ISIS process. This commad also sets + network entity title (NET) provided in ISO format. + +.. cfgcmd:: set protocols isis interface + + This command activates ISIS adjacency on this interface. Note that the name + of ISIS instance must be the same as the one used to configure the ISIS + process. + +.. cfgcmd:: set protocols isis dynamic-hostname + + This command enables support for dynamic hostname. Dynamic hostname mapping + determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism + for IS-IS. + +.. cfgcmd:: set protocols isis level + + This command defines the ISIS router behavior: + + **level-1** Act as a station router only. + **level-1-2** Act as both a station router and an area router. + **level-2-only** Act as an area router only. + +.. cfgcmd:: set protocols isis lsp-mtu + + This command configures the maximum size of generated LSPs, in bytes. The + size range is 128 to 4352. + +.. cfgcmd:: set protocols isis metric-style + + This command sets old-style (ISO 10589) or new-style packet formats: + + **narrow** Use old style of TLVs with narrow metric. + **transition** Send and accept both styles of TLVs during transition. + **wide** Use new style of TLVs to carry wider metric. + +.. cfgcmd:: set protocols isis purge-originator + + This command enables :rfc:`6232` purge originator identification. Enable + purge originator identification (POI) by adding the type, length and value + (TLV) with the Intermediate System (IS) identification to the LSPs that do + not contain POI information. If an IS generates a purge, VyOS adds this TLV + with the system ID of the IS to the purge. + +.. cfgcmd:: set protocols isis set-attached-bit + + This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`. + +.. cfgcmd:: set protocols isis set-overload-bit + + This command sets overload bit to avoid any transit traffic through this + router. It is described in :rfc:`3787`. + +.. cfgcmd:: set protocols isis name default-information originate + level-1 + + This command will generate a default-route in L1 database. + +.. cfgcmd:: set protocols isis name default-information originate + level-2 + + This command will generate a default-route in L2 database. + + +Interfaces Configuration +------------------------ + +.. cfgcmd:: set protocols isis interface circuit-type + + + This command specifies circuit type for interface: + + **level-1** Level-1 only adjacencies are formed. + **level-1-2** Level-1-2 adjacencies are formed + **level-2-only** Level-2 only adjacencies are formed + +.. cfgcmd:: set protocols isis interface hello-interval + + + This command sets hello interval in seconds on a given interface. + The range is 1 to 600. + +.. cfgcmd:: set protocols isis interface hello-multiplier + + + This command sets multiplier for hello holding time on a given + interface. The range is 2 to 100. + +.. cfgcmd:: set protocols isis interface hello-padding + + This command configures padding on hello packets to accommodate asymmetrical + maximum transfer units (MTUs) from different hosts as described in + :rfc:`3719`. This helps to prevent a premature adjacency Up state when one + routing device’s MTU does not meet the requirements to establish the + adjacency. + +.. cfgcmd:: set protocols isis interface metric + + This command set default metric for circuit. The metric range is 1 to + 16777215 (Max value depend if metric support narrow or wide value). + +.. cfgcmd:: set protocols isis interface network + point-to-point + + This command specifies network type to ‘Point-to-Point’. The default network + type is broadcast. + +.. cfgcmd:: set protocols isis interface passive + + This command configures the passive mode for this interface. + +.. cfgcmd:: set protocols isis interface password + plaintext-password + + This command configures the authentication password for the interface. + +.. cfgcmd:: set protocols isis interface priority + + This command sets priority for the interface for + :abbr:`DIS (Designated Intermediate System)` election. The priority + range is 0 to 127. + +.. cfgcmd:: set protocols isis interface psnp-interval + + + This command sets PSNP interval in seconds. The interval range is 0 + to 127. + +.. cfgcmd:: set protocols isis interface + three-way-handshake + + This command enables :rfc:`5303` Three-Way Handshake for P2P adjacencies. + Three-Way Handshake is enabled by default. + + +Redistribution Configuration +---------------------------- + +.. cfgcmd:: set protocols isis redistribute ipv4 level-1 + + This command redistributes routing information from the given route source + into the ISIS database as Level-1. There are six modes available for route + source: bgp, connected, kernel, ospf, rip, static. + +.. cfgcmd:: set protocols isis redistribute ipv4 level-2 + + This command redistributes routing information from the given route source + into the ISIS database as Level-2. There are six modes available for route + source: bgp, connected, kernel, ospf, rip, static. + +.. cfgcmd:: set protocols isis redistribute ipv4 + metric + + This command specifies metric for redistributed routes from the given route + source. There are six modes available for route source: bgp, connected, + kernel, ospf, rip, static. The metric range is 1 to 16777215. + +.. cfgcmd:: set protocols isis redistribute ipv4 + route-map + + This command allows to use route map to filter redistributed routes from + the given route source. There are six modes available for route source: + bgp, connected, kernel, ospf, rip, static. + + +Timers Configuration +-------------------- + +.. cfgcmd:: set protocols isis lsp-gen-interval + + This command sets minimum interval in seconds between regenerating same + LSP. The interval range is 1 to 120. + +.. cfgcmd:: set protocols isis lsp-refresh-interval + + This command sets LSP refresh interval in seconds. IS-IS generates LSPs + when the state of a link changes. However, to ensure that routing + databases on all routers remain converged, LSPs in stable networks are + generated on a regular basis even though there has been no change to + the state of the links. The interval range is 1 to 65235. The default + value is 900 seconds. + +.. cfgcmd:: set protocols isis max-lsp-lifetime + + This command sets LSP maximum LSP lifetime in seconds. The interval range + is 350 to 65535. LSPs remain in a database for 1200 seconds by default. + If they are not refreshed by that time, they are deleted. You can change + the LSP refresh interval or the LSP lifetime. The LSP refresh interval + should be less than the LSP lifetime or else LSPs will time out before + they are refreshed. + +.. cfgcmd:: set protocols isis spf-interval + + This command sets minimum interval between consecutive SPF calculations in + seconds.The interval range is 1 to 120. + +.. cfgcmd:: set protocols isis spf-delay-ietf holddown + +.. cfgcmd:: set protocols isis spf-delay-ietf init-delay + + +.. cfgcmd:: set protocols isis spf-delay-ietf long-delay + + +.. cfgcmd:: set protocols isis spf-delay-ietf short-delay + + +.. cfgcmd:: set protocols isis spf-delay-ietf time-to-learn + + + This commands specifies the Finite State Machine (FSM) intended to + control the timing of the execution of SPF calculations in response + to IGP events. The process described in :rfc:`8405`. + + +Configuration Example +--------------------- + Simple IS-IS configuration using 2 nodes and redistributing connected interfaces. -- cgit v1.2.3 From f379d9196375cdb5543877af0a4b82e313c117bc Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 12 Jan 2021 21:46:22 +0100 Subject: disable empty pages, for the moment --- docs/configuration/protocols/igmp-proxy.disable | 2 ++ docs/configuration/protocols/igmp-proxy.rst | 2 -- docs/configuration/protocols/index.rst | 4 ---- docs/configuration/protocols/pim.disable | 2 ++ docs/configuration/protocols/pim.rst | 2 -- docs/configuration/protocols/ripng.disable | 3 +++ docs/configuration/protocols/ripng.rst | 3 --- docs/configuration/protocols/vrf.disable | 3 +++ docs/configuration/protocols/vrf.rst | 3 --- docs/configuration/service/index.rst | 2 -- docs/configuration/service/pppoe-advert.disable | 2 ++ docs/configuration/service/pppoe-advert.rst | 2 -- docs/configuration/service/salt-minion.disable | 2 ++ docs/configuration/service/salt-minion.rst | 2 -- docs/configuration/system/acceleration.disable | 7 +++++++ docs/configuration/system/acceleration.rst | 7 ------- docs/configuration/system/config-management.disable | 2 ++ docs/configuration/system/config-management.rst | 2 -- docs/configuration/system/conntrack.disable | 2 ++ docs/configuration/system/conntrack.rst | 2 -- docs/configuration/system/domain-name.disable | 2 ++ docs/configuration/system/domain-name.rst | 2 -- docs/configuration/system/domain-search.disable | 2 ++ docs/configuration/system/domain-search.rst | 2 -- docs/configuration/system/index.rst | 9 --------- docs/configuration/system/name-servers-dhcp.disable | 2 ++ docs/configuration/system/name-servers-dhcp.rst | 2 -- docs/configuration/system/static-host-mapping.disable | 2 ++ docs/configuration/system/static-host-mapping.rst | 2 -- docs/configuration/system/sysctl.disable | 2 ++ docs/configuration/system/sysctl.rst | 2 -- docs/configuration/system/wifi-requlatory-domain.disable | 2 ++ docs/configuration/system/wifi-requlatory-domain.rst | 2 -- 33 files changed, 37 insertions(+), 52 deletions(-) create mode 100644 docs/configuration/protocols/igmp-proxy.disable delete mode 100644 docs/configuration/protocols/igmp-proxy.rst create mode 100644 docs/configuration/protocols/pim.disable delete mode 100644 docs/configuration/protocols/pim.rst create mode 100644 docs/configuration/protocols/ripng.disable delete mode 100644 docs/configuration/protocols/ripng.rst create mode 100644 docs/configuration/protocols/vrf.disable delete mode 100644 docs/configuration/protocols/vrf.rst create mode 100644 docs/configuration/service/pppoe-advert.disable delete mode 100644 docs/configuration/service/pppoe-advert.rst create mode 100644 docs/configuration/service/salt-minion.disable delete mode 100644 docs/configuration/service/salt-minion.rst create mode 100644 docs/configuration/system/acceleration.disable delete mode 100644 docs/configuration/system/acceleration.rst create mode 100644 docs/configuration/system/config-management.disable delete mode 100644 docs/configuration/system/config-management.rst create mode 100644 docs/configuration/system/conntrack.disable delete mode 100644 docs/configuration/system/conntrack.rst create mode 100644 docs/configuration/system/domain-name.disable delete mode 100644 docs/configuration/system/domain-name.rst create mode 100644 docs/configuration/system/domain-search.disable delete mode 100644 docs/configuration/system/domain-search.rst create mode 100644 docs/configuration/system/name-servers-dhcp.disable delete mode 100644 docs/configuration/system/name-servers-dhcp.rst create mode 100644 docs/configuration/system/static-host-mapping.disable delete mode 100644 docs/configuration/system/static-host-mapping.rst create mode 100644 docs/configuration/system/sysctl.disable delete mode 100644 docs/configuration/system/sysctl.rst create mode 100644 docs/configuration/system/wifi-requlatory-domain.disable delete mode 100644 docs/configuration/system/wifi-requlatory-domain.rst (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/igmp-proxy.disable b/docs/configuration/protocols/igmp-proxy.disable new file mode 100644 index 00000000..cce5f948 --- /dev/null +++ b/docs/configuration/protocols/igmp-proxy.disable @@ -0,0 +1,2 @@ +igmp-proxy +########## \ No newline at end of file diff --git a/docs/configuration/protocols/igmp-proxy.rst b/docs/configuration/protocols/igmp-proxy.rst deleted file mode 100644 index cce5f948..00000000 --- a/docs/configuration/protocols/igmp-proxy.rst +++ /dev/null @@ -1,2 +0,0 @@ -igmp-proxy -########## \ No newline at end of file diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst index eba56bf2..c302d6a9 100644 --- a/docs/configuration/protocols/index.rst +++ b/docs/configuration/protocols/index.rst @@ -10,13 +10,9 @@ Protocols bfd bgp igmp - igmp-proxy isis mpls ospf - pim rip - ripng rpki static - vrf diff --git a/docs/configuration/protocols/pim.disable b/docs/configuration/protocols/pim.disable new file mode 100644 index 00000000..1dd373d8 --- /dev/null +++ b/docs/configuration/protocols/pim.disable @@ -0,0 +1,2 @@ +PIM +### \ No newline at end of file diff --git a/docs/configuration/protocols/pim.rst b/docs/configuration/protocols/pim.rst deleted file mode 100644 index 1dd373d8..00000000 --- a/docs/configuration/protocols/pim.rst +++ /dev/null @@ -1,2 +0,0 @@ -PIM -### \ No newline at end of file diff --git a/docs/configuration/protocols/ripng.disable b/docs/configuration/protocols/ripng.disable new file mode 100644 index 00000000..dec6bddf --- /dev/null +++ b/docs/configuration/protocols/ripng.disable @@ -0,0 +1,3 @@ +##### +RIPng +##### \ No newline at end of file diff --git a/docs/configuration/protocols/ripng.rst b/docs/configuration/protocols/ripng.rst deleted file mode 100644 index dec6bddf..00000000 --- a/docs/configuration/protocols/ripng.rst +++ /dev/null @@ -1,3 +0,0 @@ -##### -RIPng -##### \ No newline at end of file diff --git a/docs/configuration/protocols/vrf.disable b/docs/configuration/protocols/vrf.disable new file mode 100644 index 00000000..e7609a77 --- /dev/null +++ b/docs/configuration/protocols/vrf.disable @@ -0,0 +1,3 @@ +############# +Protocols VRF +############# diff --git a/docs/configuration/protocols/vrf.rst b/docs/configuration/protocols/vrf.rst deleted file mode 100644 index e7609a77..00000000 --- a/docs/configuration/protocols/vrf.rst +++ /dev/null @@ -1,3 +0,0 @@ -############# -Protocols VRF -############# diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst index e73f6dc2..fb194239 100644 --- a/docs/configuration/service/index.rst +++ b/docs/configuration/service/index.rst @@ -17,10 +17,8 @@ Service ipoe-server lldp mdns - pppoe-advert pppoe-server router-advert - salt-minion snmp ssh tftp-server diff --git a/docs/configuration/service/pppoe-advert.disable b/docs/configuration/service/pppoe-advert.disable new file mode 100644 index 00000000..bbb82202 --- /dev/null +++ b/docs/configuration/service/pppoe-advert.disable @@ -0,0 +1,2 @@ +pppoe-advert +############ \ No newline at end of file diff --git a/docs/configuration/service/pppoe-advert.rst b/docs/configuration/service/pppoe-advert.rst deleted file mode 100644 index bbb82202..00000000 --- a/docs/configuration/service/pppoe-advert.rst +++ /dev/null @@ -1,2 +0,0 @@ -pppoe-advert -############ \ No newline at end of file diff --git a/docs/configuration/service/salt-minion.disable b/docs/configuration/service/salt-minion.disable new file mode 100644 index 00000000..63df57a4 --- /dev/null +++ b/docs/configuration/service/salt-minion.disable @@ -0,0 +1,2 @@ +salt-minion +########### \ No newline at end of file diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst deleted file mode 100644 index 63df57a4..00000000 --- a/docs/configuration/service/salt-minion.rst +++ /dev/null @@ -1,2 +0,0 @@ -salt-minion -########### \ No newline at end of file diff --git a/docs/configuration/system/acceleration.disable b/docs/configuration/system/acceleration.disable new file mode 100644 index 00000000..b09da38b --- /dev/null +++ b/docs/configuration/system/acceleration.disable @@ -0,0 +1,7 @@ +.. _acceleration: + +############ +Acceleration +############ + + diff --git a/docs/configuration/system/acceleration.rst b/docs/configuration/system/acceleration.rst deleted file mode 100644 index b09da38b..00000000 --- a/docs/configuration/system/acceleration.rst +++ /dev/null @@ -1,7 +0,0 @@ -.. _acceleration: - -############ -Acceleration -############ - - diff --git a/docs/configuration/system/config-management.disable b/docs/configuration/system/config-management.disable new file mode 100644 index 00000000..40973713 --- /dev/null +++ b/docs/configuration/system/config-management.disable @@ -0,0 +1,2 @@ +config-management +################# \ No newline at end of file diff --git a/docs/configuration/system/config-management.rst b/docs/configuration/system/config-management.rst deleted file mode 100644 index 40973713..00000000 --- a/docs/configuration/system/config-management.rst +++ /dev/null @@ -1,2 +0,0 @@ -config-management -################# \ No newline at end of file diff --git a/docs/configuration/system/conntrack.disable b/docs/configuration/system/conntrack.disable new file mode 100644 index 00000000..7d5d4308 --- /dev/null +++ b/docs/configuration/system/conntrack.disable @@ -0,0 +1,2 @@ +conntrack +######### \ No newline at end of file diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst deleted file mode 100644 index 7d5d4308..00000000 --- a/docs/configuration/system/conntrack.rst +++ /dev/null @@ -1,2 +0,0 @@ -conntrack -######### \ No newline at end of file diff --git a/docs/configuration/system/domain-name.disable b/docs/configuration/system/domain-name.disable new file mode 100644 index 00000000..9028b65b --- /dev/null +++ b/docs/configuration/system/domain-name.disable @@ -0,0 +1,2 @@ +domain-name +########### \ No newline at end of file diff --git a/docs/configuration/system/domain-name.rst b/docs/configuration/system/domain-name.rst deleted file mode 100644 index 9028b65b..00000000 --- a/docs/configuration/system/domain-name.rst +++ /dev/null @@ -1,2 +0,0 @@ -domain-name -########### \ No newline at end of file diff --git a/docs/configuration/system/domain-search.disable b/docs/configuration/system/domain-search.disable new file mode 100644 index 00000000..f4aef62e --- /dev/null +++ b/docs/configuration/system/domain-search.disable @@ -0,0 +1,2 @@ +domain-search +############# \ No newline at end of file diff --git a/docs/configuration/system/domain-search.rst b/docs/configuration/system/domain-search.rst deleted file mode 100644 index f4aef62e..00000000 --- a/docs/configuration/system/domain-search.rst +++ /dev/null @@ -1,2 +0,0 @@ -domain-search -############# \ No newline at end of file diff --git a/docs/configuration/system/index.rst b/docs/configuration/system/index.rst index 4bb16c42..2e428333 100644 --- a/docs/configuration/system/index.rst +++ b/docs/configuration/system/index.rst @@ -7,12 +7,7 @@ System :maxdepth: 1 :includehidden: - acceleration - config-management - conntrack console - domain-name - domain-search flow-accounting host-name ip @@ -20,16 +15,12 @@ System lcd login name-server - name-servers-dhcp ntp option proxy - static-host-mapping - sysctl syslog task-scheduler time-zone - wifi-requlatory-domain .. toctree:: diff --git a/docs/configuration/system/name-servers-dhcp.disable b/docs/configuration/system/name-servers-dhcp.disable new file mode 100644 index 00000000..6719fef9 --- /dev/null +++ b/docs/configuration/system/name-servers-dhcp.disable @@ -0,0 +1,2 @@ +name-servers-dhcp +################# \ No newline at end of file diff --git a/docs/configuration/system/name-servers-dhcp.rst b/docs/configuration/system/name-servers-dhcp.rst deleted file mode 100644 index 6719fef9..00000000 --- a/docs/configuration/system/name-servers-dhcp.rst +++ /dev/null @@ -1,2 +0,0 @@ -name-servers-dhcp -################# \ No newline at end of file diff --git a/docs/configuration/system/static-host-mapping.disable b/docs/configuration/system/static-host-mapping.disable new file mode 100644 index 00000000..97d9a443 --- /dev/null +++ b/docs/configuration/system/static-host-mapping.disable @@ -0,0 +1,2 @@ +static-host-mapping +################### \ No newline at end of file diff --git a/docs/configuration/system/static-host-mapping.rst b/docs/configuration/system/static-host-mapping.rst deleted file mode 100644 index 97d9a443..00000000 --- a/docs/configuration/system/static-host-mapping.rst +++ /dev/null @@ -1,2 +0,0 @@ -static-host-mapping -################### \ No newline at end of file diff --git a/docs/configuration/system/sysctl.disable b/docs/configuration/system/sysctl.disable new file mode 100644 index 00000000..82ffd159 --- /dev/null +++ b/docs/configuration/system/sysctl.disable @@ -0,0 +1,2 @@ +sysctl +###### \ No newline at end of file diff --git a/docs/configuration/system/sysctl.rst b/docs/configuration/system/sysctl.rst deleted file mode 100644 index 82ffd159..00000000 --- a/docs/configuration/system/sysctl.rst +++ /dev/null @@ -1,2 +0,0 @@ -sysctl -###### \ No newline at end of file diff --git a/docs/configuration/system/wifi-requlatory-domain.disable b/docs/configuration/system/wifi-requlatory-domain.disable new file mode 100644 index 00000000..2b6ce7d4 --- /dev/null +++ b/docs/configuration/system/wifi-requlatory-domain.disable @@ -0,0 +1,2 @@ +wifi-requlatory-domain +###################### \ No newline at end of file diff --git a/docs/configuration/system/wifi-requlatory-domain.rst b/docs/configuration/system/wifi-requlatory-domain.rst deleted file mode 100644 index 2b6ce7d4..00000000 --- a/docs/configuration/system/wifi-requlatory-domain.rst +++ /dev/null @@ -1,2 +0,0 @@ -wifi-requlatory-domain -###################### \ No newline at end of file -- cgit v1.2.3 From 16852e808e38f3f1cb4bcd8784748960702c6e66 Mon Sep 17 00:00:00 2001 From: maehdros Date: Tue, 12 Jan 2021 21:58:28 +0100 Subject: BFD: Added explanation on the purpose --- docs/configuration/protocols/bfd.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bfd.rst b/docs/configuration/protocols/bfd.rst index 4812f930..8d19334c 100644 --- a/docs/configuration/protocols/bfd.rst +++ b/docs/configuration/protocols/bfd.rst @@ -9,6 +9,12 @@ BFD :abbr:`BFD (Bidirectional Forwarding Detection)` is described and extended by the following RFCs: :rfc:`5880`, :rfc:`5881` and :rfc:`5883`. +In the age of very fast networks, a second of unreachability may equal millions of lost packets. +The idea behind BFD is to detect very quickly when a peer is down and take action extremely fast. + +BFD sends lots of small UDP packets very quickly to ensures that the peer is still alive. + +This allows avoiding the timers defined in BGP and OSPF protocol to expires. Configure BFD ============= -- cgit v1.2.3 From f428410ad04909ad98a3be475c234b0e48c5126b Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Wed, 13 Jan 2021 23:36:36 +0400 Subject: bgp: fix linter errors --- docs/configuration/protocols/bgp.rst | 213 ++++++++++++++++++++++++++--------- 1 file changed, 160 insertions(+), 53 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index b577e5b9..ae7eb795 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -231,7 +231,8 @@ Route Selection have a value of infinity. The default state, where the missing MED attribute is considered to have a value of zero. -.. cfgcmd:: set protocols bgp parameters default local-pref +.. cfgcmd:: set protocols bgp parameters default local-pref + This command specifies the default local preference value. The local preference range is 0 to 4294967295. @@ -246,13 +247,15 @@ Route Selection Administrative Distance ----------------------- -.. cfgcmd:: set protocols bgp parameters distance global +.. cfgcmd:: set protocols bgp parameters distance global + This command change distance value of BGP. The arguments are the distance values for external routes, internal routes and local routes respectively. The distance range is 1 to 255. -.. cfgcmd:: set protocols bgp parameters distance prefix distance +.. cfgcmd:: set protocols bgp parameters distance prefix distance + This command sets the administrative distance for a particular route. The distance range is 1 to 255. @@ -263,34 +266,47 @@ Administrative Distance Network Advertisement --------------------- -.. cfgcmd:: set protocols bgp address-family network +.. cfgcmd:: set protocols bgp address-family + network This command is used for advertising IPv4 or IPv6 networks. - .. note:: By default, the BGP prefix is advertised even if it's not present in - the routing table. This behaviour differs from the implementation of some vendors. + .. note:: By default, the BGP prefix is advertised even if it's not present + in the routing table. This behaviour differs from the implementation of + some vendors. -.. cfgcmd:: set protocols bgp parameters network-import-check +.. cfgcmd:: set protocols bgp parameters network-import-check - This configuration modifies the behavior of the network statement. - If you have this configured the underlying network must exist in the - routing table. + This configuration modifies the behavior of the network statement. If you + have this configured the underlying network must exist in the routing table. + +.. cfgcmd:: set protocols bgp neighbor address-family + default-originate [route-map ] + + By default, VyOS does not advertise a default route (0.0.0.0/0) even if it is + in routing table. When you want to announce default routes to the peer, use + this command. Using optional argument :cfgcmd:`route-map` you can inject the + default route to given neighbor only if the conditions in the route map are + met. Route Aggregation ----------------- -.. cfgcmd:: set protocols bgp address-family aggregate-address +.. cfgcmd:: set protocols bgp address-family + aggregate-address This command specifies an aggregate address. The router will also announce longer-prefixes inside of the aggregate address. -.. cfgcmd:: set protocols bgp address-family aggregate-address as-set +.. cfgcmd:: set protocols bgp address-family + aggregate-address as-set This command specifies an aggregate address with a mathematical set of autonomous systems. This command summarizes the AS_PATH attributes of all the individual routes. -.. cfgcmd:: set protocols bgp address-family aggregate-address summary-only +.. cfgcmd:: set protocols bgp address-family + aggregate-address summary-only This command specifies an aggregate address and provides that longer-prefixes inside of the aggregate address are suppressed @@ -299,54 +315,64 @@ Route Aggregation Redistribution -------------- -.. cfgcmd:: set protocols bgp address-family redistribute connected +.. cfgcmd:: set protocols bgp address-family + redistribute connected Redistribute connected routes to BGP process. -.. cfgcmd:: set protocols bgp address-family redistribute kernel +.. cfgcmd:: set protocols bgp address-family + redistribute kernel Redistribute kernel routes to BGP process. -.. cfgcmd:: set protocols bgp address-family redistribute ospf +.. cfgcmd:: set protocols bgp address-family + redistribute ospf Redistribute OSPF routes to BGP process. -.. cfgcmd:: set protocols bgp address-family redistribute rip +.. cfgcmd:: set protocols bgp address-family + redistribute rip Redistribute RIP routes to BGP process. -.. cfgcmd:: set protocols bgp address-family redistribute static +.. cfgcmd:: set protocols bgp address-family + redistribute static Redistribute static routes to BGP process. -.. cfgcmd:: set protocols bgp address-family redistribute metric +.. cfgcmd:: set protocols bgp address-family + redistribute metric This command specifies metric (MED) for redistributed routes. The metric range is 0 to 4294967295. -.. cfgcmd:: set protocols bgp address-family redistribute route-map +.. cfgcmd:: set protocols bgp address-family + redistribute route-map This command allows to use route map to filter redistributed routes. -Peers ------ +Peers Configuration +------------------- Defining Peers ^^^^^^^^^^^^^^ -.. cfgcmd:: set protocols bgp neighbor remote-as +.. cfgcmd:: set protocols bgp neighbor remote-as + This command creates a new neighbor whose remote-as is NASN. The neighbor address can be an IPv4 address or an IPv6 address or an interface to use for the connection. The command it applicable for peer and peer group. -.. cfgcmd:: set protocols bgp neighbor remote-as internal +.. cfgcmd:: set protocols bgp neighbor remote-as + internal Create a peer as you would when you specify an ASN, except that if the peers ASN is different than mine as specified under the :cfgcmd:`protocols bgp ` command the connection will be denied. -.. cfgcmd:: set protocols bgp neighbor remote-as external +.. cfgcmd:: set protocols bgp neighbor remote-as + external Create a peer as you would when you specify an ASN, except that if the peers ASN is the same as mine as specified under the :cfgcmd:`protocols @@ -357,11 +383,13 @@ Defining Peers This command disable the peer or peer group. To reenable the peer use the delete form of this command. -.. cfgcmd:: set protocols bgp neighbor description +.. cfgcmd:: set protocols bgp neighbor description + Set description of the peer or peer group. -.. cfgcmd:: set protocols bgp neighbor update-source +.. cfgcmd:: set protocols bgp neighbor update-source + Specify the IPv4 source address to use for the BGP session to this neighbour, may be specified as either an IPv4 address directly or as an interface name. @@ -369,12 +397,14 @@ Defining Peers Capability Negotiation ^^^^^^^^^^^^^^^^^^^^^^ -.. cfgcmd:: set protocols bgp neighbor capability dynamic +.. cfgcmd:: set protocols bgp neighbor capability + dynamic This command would allow the dynamic update of capabilities over an established BGP session. -.. cfgcmd:: set protocols bgp neighbor capability extended-nexthop +.. cfgcmd:: set protocols bgp neighbor capability + extended-nexthop Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability @@ -382,7 +412,8 @@ Capability Negotiation then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces. -.. cfgcmd:: set protocols bgp neighbor disable-capability-negotiation +.. cfgcmd:: set protocols bgp neighbor + disable-capability-negotiation Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is @@ -394,20 +425,22 @@ Capability Negotiation You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is - configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities - then override negotiated capabilities with configured values. + configured by :cfgcmd:`override-capability`, VyOS ignores received + capabilities then override negotiated capabilities with configured values. Additionally you should keep in mind that this feature fundamentally disables the ability to use widely deployed BGP features. BGP unnumbered, hostname support, AS4, Addpath, Route Refresh, ORF, Dynamic Capabilities, and graceful restart. -.. cfgcmd:: set protocols bgp neighbor override-capability +.. cfgcmd:: set protocols bgp neighbor + override-capability This command allow override the result of Capability Negotiation with local configuration. Ignore remote peer’s capability value. -.. cfgcmd:: set protocols bgp neighbor strict-capability-match +.. cfgcmd:: set protocols bgp neighbor + strict-capability-match This command forces strictly compare remote capabilities and local capabilities. If capabilities are different, send Unsupported Capability @@ -421,7 +454,8 @@ Capability Negotiation Peer Parameters ^^^^^^^^^^^^^^^ -.. cfgcmd:: set protocols bgp neighbor address-family allowas-in number +.. cfgcmd:: set protocols bgp neighbor address-family + allowas-in number This command accept incoming routes with AS path containing AS number with the same value as the current system AS. This is @@ -434,7 +468,8 @@ Peer Parameters This command is only allowed for eBGP peers. It is not applicable for peer groups. -.. cfgcmd:: set protocols bgp neighbor address-family as-override +.. cfgcmd:: set protocols bgp neighbor address-family + as-override This command override AS number of the originating router with the local AS number. @@ -447,23 +482,43 @@ Peer Parameters This command is only allowed for eBGP peers. -.. cfgcmd:: set protocols bgp neighbor address-family attribute-unchanged +.. cfgcmd:: set protocols bgp neighbor address-family + attribute-unchanged This command specifies attributes to be left unchanged for advertisements sent to a peer or peer group. -.. cfgcmd:: set protocols bgp neighbor address-family maximum-prefix +.. cfgcmd:: set protocols bgp neighbor address-family + distribute-list + + This command applys the access list filters named in to the + specified BGP neighbor to restrict the routing information that BGP learns + and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the prefix lists are applied. + +.. cfgcmd:: set protocols bgp neighbor address-family + filter-list + + This command applys the AS path access list filters named in to the + specified BGP neighbor to restrict the routing information that BGP learns + and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the prefix lists are applied. + +.. cfgcmd:: set protocols bgp neighbor address-family + maximum-prefix This command specifies a maximum number of prefixes we can receive from a given peer. If this number is exceeded, the BGP session will be destroyed. The number range is 1 to 4294967295. -.. cfgcmd:: set protocols bgp neighbor address-family nexthop-self +.. cfgcmd:: set protocols bgp neighbor address-family + nexthop-self This command forces the BGP speaker to report itself as the next hop for an advertised route it advertised to a neighbor. -.. cfgcmd:: set protocols bgp neighbor address-family remove-private-as +.. cfgcmd:: set protocols bgp neighbor address-family + remove-private-as This command removes the private ASN of routes that are advertised to the configured peer. It removes only private ASNs on routes @@ -475,24 +530,45 @@ Peer Parameters If the AS-Path for the route has a private ASN between public ASNs, it is assumed that this is a design choice, and the private ASN is not removed. + +.. cfgcmd:: set protocols bgp neighbor address-family + soft-reconfiguration inbound + + Changes in BGP policies require the BGP session to be cleared. Clearing has a + large negative impact on network operations. Soft reconfiguration enables you + to generate inbound updates from a neighbor, change and activate BGP policies + without clearing the BGP session. + + This command specifies that route updates received from this neighbor will be + stored unmodified, regardless of the inbound policy. When inbound soft + reconfiguration is enabled, the stored updates are processed by the new + policy configuration to create new inbound updates. + + .. note:: Storage of route updates uses memory. If you enable soft + reconfiguration inbound for multiple neighbors, the amount of memory used + can become significant. -.. cfgcmd:: set protocols bgp neighbor address-family weight +.. cfgcmd:: set protocols bgp neighbor address-family + weight This command specifies a default weight value for the neighbor’s routes. The number range is 1 to 65535. -.. cfgcmd:: set protocols bgp neighbor advertisement-interval +.. cfgcmd:: set protocols bgp neighbor + advertisement-interval This command specifies the minimum route advertisement interval for - the peer. This number is between 0 and 600 seconds, with the default + the peer. The interval value is 0 to 600 seconds, with the default advertisement interval being 0. -.. cfgcmd:: set protocols bgp neighbor disable-connected-check +.. cfgcmd:: set protocols bgp neighbor + disable-connected-check This command allows peerings between directly connected eBGP peers using loopback addresses without adjusting the default TTL of 1. -.. cfgcmd:: set protocols bgp neighbor ebgp-multihop +.. cfgcmd:: set protocols bgp neighbor ebgp-multihop + This command allows sessions to be established with eBGP neighbors when they are multiple hops away. When the neighbor is not directly @@ -500,7 +576,8 @@ Peer Parameters The number of hops range is 1 to 255. This command is mutually exclusive with :cfgcmd:`ttl-security hops`. -.. cfgcmd:: set protocols bgp neighbor local-as [no-prepend] [replace-as] +.. cfgcmd:: set protocols bgp neighbor local-as + [no-prepend] [replace-as] Specify an alternate AS for this BGP process when interacting with the specified peer or peer group. With no modifiers, the specified @@ -515,15 +592,15 @@ Peer Parameters local-as is prepended to the AS_PATH when transmitting local-route updates to this peer. - Note that replace-as can only be specified if no-prepend is. - This command is only allowed for eBGP peers. + .. note:: This command is only allowed for eBGP peers. .. cfgcmd:: set protocols bgp neighbor passive Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group. -.. cfgcmd:: set protocols bgp neighbor ttl-security hops +.. cfgcmd:: set protocols bgp neighbor ttl-security + hops This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors @@ -543,10 +620,15 @@ are treated as belonging to a default peer group, and will share updates. .. cfgcmd:: set protocols bgp peer-group - This command defines a new peer group. You can specify to the group - the same parameters that you can specify for specific neighbors. + This command defines a new peer group. You can specify to the group the same + parameters that you can specify for specific neighbors. + + .. note:: If you apply a parameter to an individual neighbor IP address, you + override the action defined for a peer group that includes that IP + address. -.. cfgcmd:: set protocols bgp neighbor peer-group +.. cfgcmd:: set protocols bgp neighbor peer-group + This command bind specific peer to peer group with a given name. @@ -597,6 +679,30 @@ Timers This command specifies keep-alive time in seconds. The timer can range from 4 to 65535.The default value is 60 second. +Route Reflector Configuration +----------------------------- + +BGP routers connected inside the same AS through BGP belong to an internal BGP +session, or IBGP. In order to prevent routing table loops, IBGP speaker does not +advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). +As such, IBGP requires a full mesh of all peers. For large networks, this +quickly becomes unscalable. Introducing route reflectors removes the need for +the full-mesh. Route reflectors mechanism is described in :rfc:`4456` and +updated by :rfc:`7606`. + +.. cfgcmd:: set protocols bgp neighbor
address-family + route-reflector-client + + This command specifies the given neighbor as route reflector client. + +.. cfgcmd:: set protocols bgp parameters cluster-id + + This command specifies cluster ID which identifies a collection of route + reflectors and their clients, and is used by route reflectors to avoid + looping. By default cluster ID is set to the BGP router id value, but can be + set to an arbitrary 32-bit value. + + Operational Mode Commands ========================= @@ -624,7 +730,8 @@ Show .. opcmd:: show bgp - This command displays information about the particular entry in the BGP routing table. + This command displays information about the particular entry in the BGP + routing table. .. code-block:: none -- cgit v1.2.3 From 636dadd81729cad6bb50f2f89a97a4a70c51b4df Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Fri, 15 Jan 2021 23:13:27 +0400 Subject: isis: T3210: rename command to no-three-way-handshake --- docs/configuration/protocols/isis.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 71ddc856..05a851f1 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -174,10 +174,10 @@ Interfaces Configuration to 127. .. cfgcmd:: set protocols isis interface - three-way-handshake + no-three-way-handshake - This command enables :rfc:`5303` Three-Way Handshake for P2P adjacencies. - Three-Way Handshake is enabled by default. + This command disables Three-Way Handshake for P2P adjacencies which + described in :rfc:`5303`. Three-Way Handshake is enabled by default. Redistribution Configuration -- cgit v1.2.3 From b6c5493342c7b2124cd754279eb8685b753bb629 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Sun, 17 Jan 2021 01:45:07 +0400 Subject: bgp: change comand order, add route filterig * bgp: change comand order, add route filterig Placed upper more often used commands; Add route filtering; Add confederation commands; Add route dampening. --- docs/configuration/protocols/bgp.rst | 633 ++++++++++++++++++++++------------- 1 file changed, 405 insertions(+), 228 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index ae7eb795..27858224 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -28,7 +28,9 @@ From :rfc:`1930`: Each AS has an identifying number associated with it called an :abbr:`ASN (Autonomous System Number)`. This is a two octet value ranging in value from 1 to 65535. The AS numbers 64512 through 65535 are defined as private AS numbers. -Private AS numbers must not be advertised on the global Internet. +Private AS numbers must not be advertised on the global Internet. The 2-byte AS +number range has been exhausted. 4-byte AS numbers are specified in + :rfc:`6793`, and provide a pool of 4294967296 AS numbers. The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of BGP. BGP is a distance vector routing protocol, and the AS-Path framework @@ -156,200 +158,11 @@ connection. BGP Router Configuration ======================== -ASN and Router ID ------------------ - -.. cfgcmd:: set protocols bgp - - First of all you must configure BGP router with the :abbr:`ASN (Autonomous - System Number)`. The AS number is an identifier for the autonomous system. - The BGP protocol uses the AS number for detecting whether the BGP connection - is internal or external. - -.. cfgcmd:: set protocols bgp parameters router-id - - This command specifies the router-ID. If router ID is not specified it will - use the highest interface IP address. - -Route Selection ---------------- - -.. cfgcmd:: set protocols bgp parameters always-compare-med - - This command provides to compare the MED on routes, even when they were - received from different neighbouring ASes. Setting this option makes the - order of preference of routes more defined, and should eliminate MED - induced oscillations. - -.. cfgcmd:: set protocols bgp parameters bestpath as-path confed - - This command specifies that the length of confederation path sets and - sequences should be taken into account during the BGP best path - decision process. - -.. cfgcmd:: set protocols bgp parameters bestpath as-path multipath-relax - - This command specifies that BGP decision process should consider paths - of equal AS_PATH length candidates for multipath computation. Without - the knob, the entire AS_PATH must match for multipath computation. - -.. cfgcmd:: set protocols bgp parameters bestpath as-path ignore - - Ignore AS_PATH length when selecting a route - -.. cfgcmd:: set protocols bgp parameters bestpath compare-routerid - - Ensure that when comparing routes where both are equal on most metrics, - including local-pref, AS_PATH length, IGP cost, MED, that the tie is - broken based on router-ID. - - If this option is enabled, then the already-selected check, where - already selected eBGP routes are preferred, is skipped. - - If a route has an ORIGINATOR_ID attribute because it has been reflected, - that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer - the route was received from will be used. - - The advantage of this is that the route-selection (at this point) will - be more deterministic. The disadvantage is that a few or even one lowest-ID - router may attract all traffic to otherwise-equal paths because of this - check. It may increase the possibility of MED or IGP oscillation, unless - other measures were taken to avoid these. The exact behaviour will be - sensitive to the iBGP and reflection topology. - -.. cfgcmd:: set protocols bgp parameters bestpath med confed - - This command specifies that BGP considers the MED when comparing routes - originated from different sub-ASs within the confederation to which this - BGP speaker belongs. The default state, where the MED attribute is not - considered. - -.. cfgcmd:: set protocols bgp parameters bestpath med missing-as-worst - - This command specifies that a route with a MED is always considered to be - better than a route without a MED by causing the missing MED attribute to - have a value of infinity. The default state, where the missing MED - attribute is considered to have a value of zero. - -.. cfgcmd:: set protocols bgp parameters default local-pref - - - This command specifies the default local preference value. The local - preference range is 0 to 4294967295. - -.. cfgcmd:: set protocols bgp parameters deterministic-med - - This command provides to compare different MED values that advertised by - neighbours in the same AS for routes selection. When this command is enabled, - routes from the same autonomous system are grouped together, and the best - entries of each group are compared. - -Administrative Distance ------------------------ - -.. cfgcmd:: set protocols bgp parameters distance global - - - This command change distance value of BGP. The arguments are the distance - values for external routes, internal routes and local routes respectively. - The distance range is 1 to 255. - -.. cfgcmd:: set protocols bgp parameters distance prefix distance - - - This command sets the administrative distance for a particular route. The - distance range is 1 to 255. - - .. note:: Routes with a distance of 255 are effectively disabled and not - installed into the kernel. - -Network Advertisement ---------------------- - -.. cfgcmd:: set protocols bgp address-family - network - - This command is used for advertising IPv4 or IPv6 networks. - - .. note:: By default, the BGP prefix is advertised even if it's not present - in the routing table. This behaviour differs from the implementation of - some vendors. - -.. cfgcmd:: set protocols bgp parameters network-import-check - - This configuration modifies the behavior of the network statement. If you - have this configured the underlying network must exist in the routing table. - -.. cfgcmd:: set protocols bgp neighbor address-family - default-originate [route-map ] - - By default, VyOS does not advertise a default route (0.0.0.0/0) even if it is - in routing table. When you want to announce default routes to the peer, use - this command. Using optional argument :cfgcmd:`route-map` you can inject the - default route to given neighbor only if the conditions in the route map are - met. - -Route Aggregation ------------------ - -.. cfgcmd:: set protocols bgp address-family - aggregate-address - - This command specifies an aggregate address. The router will also - announce longer-prefixes inside of the aggregate address. - -.. cfgcmd:: set protocols bgp address-family - aggregate-address as-set - - This command specifies an aggregate address with a mathematical set of - autonomous systems. This command summarizes the AS_PATH attributes of - all the individual routes. - -.. cfgcmd:: set protocols bgp address-family - aggregate-address summary-only - - This command specifies an aggregate address and provides that - longer-prefixes inside of the aggregate address are suppressed - before sending BGP updates out to peers. - -Redistribution --------------- - -.. cfgcmd:: set protocols bgp address-family - redistribute connected - - Redistribute connected routes to BGP process. - -.. cfgcmd:: set protocols bgp address-family - redistribute kernel - - Redistribute kernel routes to BGP process. - -.. cfgcmd:: set protocols bgp address-family - redistribute ospf - - Redistribute OSPF routes to BGP process. - -.. cfgcmd:: set protocols bgp address-family - redistribute rip - - Redistribute RIP routes to BGP process. - -.. cfgcmd:: set protocols bgp address-family - redistribute static - - Redistribute static routes to BGP process. - -.. cfgcmd:: set protocols bgp address-family - redistribute metric - - This command specifies metric (MED) for redistributed routes. The - metric range is 0 to 4294967295. - -.. cfgcmd:: set protocols bgp address-family - redistribute route-map - - This command allows to use route map to filter redistributed routes. +First of all you must configure BGP router with the :abbr:`ASN (Autonomous +System Number)`. The AS number is an identifier for the autonomous system. +The BGP protocol uses the AS number for detecting whether the BGP connection +is internal or external. VyOS does not have a special command to start the BGP +process. The BGP process starts when the first neighbor is configured. Peers Configuration ------------------- @@ -360,7 +173,7 @@ Defining Peers .. cfgcmd:: set protocols bgp neighbor remote-as - This command creates a new neighbor whose remote-as is NASN. The neighbor + This command creates a new neighbor whose remote-as is . The neighbor address can be an IPv4 address or an IPv6 address or an interface to use for the connection. The command it applicable for peer and peer group. @@ -368,7 +181,7 @@ Defining Peers internal Create a peer as you would when you specify an ASN, except that if the - peers ASN is different than mine as specified under the :cfgcmd:`protocols + peers ASN is different than mine as specified under the :cfgcmd:`protocols bgp ` command the connection will be denied. .. cfgcmd:: set protocols bgp neighbor remote-as @@ -391,9 +204,10 @@ Defining Peers .. cfgcmd:: set protocols bgp neighbor update-source - Specify the IPv4 source address to use for the BGP session to this neighbour, + Specify the IPv4 source address to use for the BGP session to this neighbor, may be specified as either an IPv4 address directly or as an interface name. + Capability Negotiation ^^^^^^^^^^^^^^^^^^^^^^ @@ -451,6 +265,7 @@ Capability Negotiation Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature. + Peer Parameters ^^^^^^^^^^^^^^^ @@ -488,22 +303,6 @@ Peer Parameters This command specifies attributes to be left unchanged for advertisements sent to a peer or peer group. -.. cfgcmd:: set protocols bgp neighbor address-family - distribute-list - - This command applys the access list filters named in to the - specified BGP neighbor to restrict the routing information that BGP learns - and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` - specify the direction in which the prefix lists are applied. - -.. cfgcmd:: set protocols bgp neighbor address-family - filter-list - - This command applys the AS path access list filters named in to the - specified BGP neighbor to restrict the routing information that BGP learns - and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` - specify the direction in which the prefix lists are applied. - .. cfgcmd:: set protocols bgp neighbor address-family maximum-prefix @@ -566,6 +365,12 @@ Peer Parameters This command allows peerings between directly connected eBGP peers using loopback addresses without adjusting the default TTL of 1. + +.. cfgcmd:: set protocols bgp neighbor + disable-send-community + + This command specifies that the community attribute should not be sent + in route updates to a peer. By default community attribute is sent. .. cfgcmd:: set protocols bgp neighbor ebgp-multihop @@ -598,6 +403,12 @@ Peer Parameters Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group. + +.. cfgcmd:: set protocols bgp neighbor password + + + This command specifies a MD5 password to be used with the tcp socket that + is being used to connect to the remote peer. .. cfgcmd:: set protocols bgp neighbor ttl-security hops @@ -608,6 +419,7 @@ Peer Parameters become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`. + Peer Groups ^^^^^^^^^^^ @@ -632,9 +444,100 @@ are treated as belonging to a default peer group, and will share updates. This command bind specific peer to peer group with a given name. -General configuration + +Network Advertisement Configuration +----------------------------------- + +.. cfgcmd:: set protocols bgp address-family + network + + This command is used for advertising IPv4 or IPv6 networks. + + .. note:: By default, the BGP prefix is advertised even if it's not present + in the routing table. This behaviour differs from the implementation of + some vendors. + +.. cfgcmd:: set protocols bgp parameters network-import-check + + This configuration modifies the behavior of the network statement. If you + have this configured the underlying network must exist in the routing table. + +.. cfgcmd:: set protocols bgp neighbor address-family + default-originate [route-map ] + + By default, VyOS does not advertise a default route (0.0.0.0/0) even if it is + in routing table. When you want to announce default routes to the peer, use + this command. Using optional argument :cfgcmd:`route-map` you can inject the + default route to given neighbor only if the conditions in the route map are + met. + + +Route Aggregation Configuration +------------------------------- + +.. cfgcmd:: set protocols bgp address-family + aggregate-address + + This command specifies an aggregate address. The router will also + announce longer-prefixes inside of the aggregate address. + +.. cfgcmd:: set protocols bgp address-family + aggregate-address as-set + + This command specifies an aggregate address with a mathematical set of + autonomous systems. This command summarizes the AS_PATH attributes of + all the individual routes. + +.. cfgcmd:: set protocols bgp address-family + aggregate-address summary-only + + This command specifies an aggregate address and provides that + longer-prefixes inside of the aggregate address are suppressed + before sending BGP updates out to peers. + +.. cfgcmd:: set protocols bgp neighbor address-family + unsuppress-map + + This command applies route-map to selectively unsuppress prefixes + suppressed by summarisation. + + +Redistribution Configuration +---------------------------- + +.. cfgcmd:: set protocols bgp address-family + redistribute + + This command redistributes routing information from the given route source + to the BGP process. There are six modes available for route source: bgp, + connected, kernel, ospf, rip, static. + +.. cfgcmd:: set protocols bgp address-family + redistribute metric + + This command specifies metric (MED) for redistributed routes. The + metric range is 0 to 4294967295. There are six modes available for + route source: bgp, connected, kernel, ospf, rip, static. + +.. cfgcmd:: set protocols bgp address-family + redistribute route-map + + This command allows to use route map to filter redistributed routes. + There are six modes available for route source: bgp, connected, kernel, + ospf, rip, static. + + +General Configuration --------------------- +Common parametrs +^^^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp parameters router-id + + This command specifies the router-ID. If router ID is not specified it will + use the highest interface IP address. + .. cfgcmd:: set protocols bgp maximum-paths This command defines the maximum number of parallel routes that @@ -657,38 +560,278 @@ General configuration Tis command disables route reflection between route reflector clients. By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. - However, if the clients are fully meshed, route reflection is not required. - In this case, use the :cfgcmd:`no-client-to-client-reflection` command + However, if the clients are fully meshed, route reflection is not required. + In this case, use the :cfgcmd:`no-client-to-client-reflection` command to disable client-to-client reflection. .. cfgcmd:: set protocols bgp parameters no-fast-external-failover Disable immediate sesison reset if peer's connected link goes down. + +Administrative Distance +^^^^^^^^^^^^^^^^^^^^^^^ + +.. cfgcmd:: set protocols bgp parameters distance global + + + This command change distance value of BGP. The arguments are the distance + values for external routes, internal routes and local routes respectively. + The distance range is 1 to 255. + +.. cfgcmd:: set protocols bgp parameters distance prefix + distance + + This command sets the administrative distance for a particular route. The + distance range is 1 to 255. + + .. note:: Routes with a distance of 255 are effectively disabled and not + installed into the kernel. + + Timers ^^^^^^ .. cfgcmd:: set protocols bgp timers holdtime - This command specifies hold-time in seconds. The timer can - range from 4 to 65535.The default value is 180 second. If - you set value to 0 VyOS will not hold routes. + This command specifies hold-time in seconds. The timer range is + 4 to 65535. The default value is 180 second. If you set value to 0 + VyOS will not hold routes. .. cfgcmd:: set protocols bgp timers keepalive This command specifies keep-alive time in seconds. The timer - can range from 4 to 65535.The default value is 60 second. + can range from 4 to 65535. The default value is 60 second. -Route Reflector Configuration + +Route Dampening +^^^^^^^^^^^^^^^ + +When a route fails, a routing update is sent to withdraw the route from the +network's routing tables. When the route is re-enabled, the change in +availability is also advertised. A route that continually fails and returns +requires a great deal of network traffic to update the network about the +route's status. + +Route dampening wich described in :rfc:`2439` enables you to identify routes +that repeatedly fail and return. If route dampening is enabled, an unstable +route accumulates penalties each time the route fails and returns. If the +accumulated penalties exceed a threshold, the route is no longer advertised. +This is route suppression. Routes that have been suppressed are re-entered +into the routing table only when the amount of their penalty falls below a +threshold. + +A penalty of 1000 is assessed each time the route fails. When the penalties +reach a predefined threshold (suppress-value), the router stops advertising +the route. + +Once a route is assessed a penalty, the penalty is decreased by half each time +a predefined amount of time elapses (half-life-time). When the accumulated +penalties fall below a predefined threshold (reuse-value), the route is +unsuppressed and added back into the BGP routing table. + +No route is suppressed indefinitely. Maximum-suppress-time defines the maximum +time a route can be suppressed before it is re-advertised. + +.. cfgcmd:: set protocols bgp parameters dampening + half-life + + This command defines the amount of time in minutes after + which a penalty is reduced by half. The timer range is + 10 to 45 minutes. + +.. cfgcmd:: set protocols bgp parameters dampening + re-use + + This command defines the accumulated penalty amount at which the + route is re-advertised. The penalty range is 1 to 20000. + +.. cfgcmd:: set protocols bgp parameters dampening + start-suppress-time + + This command defines the accumulated penalty amount at which the + route is suppressed. The penalty range is 1 to 20000. + +.. cfgcmd:: set protocols bgp parameters dampening + max-suppress-time + + This command defines the maximum time in minutes that a route is + suppressed. The timer range is 1 to 255 minutes. + + +Route Selection Configuration +----------------------------- + +.. cfgcmd:: set protocols bgp parameters always-compare-med + + This command provides to compare the MED on routes, even when they were + received from different neighbouring ASes. Setting this option makes the + order of preference of routes more defined, and should eliminate MED + induced oscillations. + +.. cfgcmd:: set protocols bgp parameters bestpath as-path confed + + This command specifies that the length of confederation path sets and + sequences should be taken into account during the BGP best path + decision process. + +.. cfgcmd:: set protocols bgp parameters bestpath as-path multipath-relax + + This command specifies that BGP decision process should consider paths + of equal AS_PATH length candidates for multipath computation. Without + the knob, the entire AS_PATH must match for multipath computation. + +.. cfgcmd:: set protocols bgp parameters bestpath as-path ignore + + Ignore AS_PATH length when selecting a route + +.. cfgcmd:: set protocols bgp parameters bestpath compare-routerid + + Ensure that when comparing routes where both are equal on most metrics, + including local-pref, AS_PATH length, IGP cost, MED, that the tie is + broken based on router-ID. + + If this option is enabled, then the already-selected check, where + already selected eBGP routes are preferred, is skipped. + + If a route has an ORIGINATOR_ID attribute because it has been reflected, + that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer + the route was received from will be used. + + The advantage of this is that the route-selection (at this point) will + be more deterministic. The disadvantage is that a few or even one lowest-ID + router may attract all traffic to otherwise-equal paths because of this + check. It may increase the possibility of MED or IGP oscillation, unless + other measures were taken to avoid these. The exact behaviour will be + sensitive to the iBGP and reflection topology. + +.. cfgcmd:: set protocols bgp parameters bestpath med confed + + This command specifies that BGP considers the MED when comparing routes + originated from different sub-ASs within the confederation to which this + BGP speaker belongs. The default state, where the MED attribute is not + considered. + +.. cfgcmd:: set protocols bgp parameters bestpath med missing-as-worst + + This command specifies that a route with a MED is always considered to be + better than a route without a MED by causing the missing MED attribute to + have a value of infinity. The default state, where the missing MED + attribute is considered to have a value of zero. + +.. cfgcmd:: set protocols bgp parameters default local-pref + + + This command specifies the default local preference value. The local + preference range is 0 to 4294967295. + +.. cfgcmd:: set protocols bgp parameters deterministic-med + + This command provides to compare different MED values that advertised by + neighbours in the same AS for routes selection. When this command is + enabled, routes from the same autonomous system are grouped together, and + the best entries of each group are compared. + +.. cfgcmd:: set protocols bgp address-family ipv4-unicast network + backdoor + + This command allows the router to prefer route to specified prefix learned + via IGP through backdoor link instead of a route to the same prefix learned + via EBGP. + + +Route Filtering Configuration ----------------------------- +In order to control and modify routing information that is exchanged between +peers you can use route-map, filter-list, prefix-list, distribute-list. + +For inbound updates the order of preference is: + + - route-map + - filter-list + - prefix-list, distribute-list + +For outbound updates the order of preference is: + + - prefix-list, distribute-list + - filter-list + - route-map + + .. note:: The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` + are mutually exclusive, and only one command (distribute-list or + prefix-list) can be applied to each inbound or outbound direction for a + particular neighbor. + +.. cfgcmd:: set protocols bgp neighbor address-family + distribute-list + + This command applys the access list filters named in to the + specified BGP neighbor to restrict the routing information that BGP learns + and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the access list are applied. + +.. cfgcmd:: set protocols bgp neighbor address-family + prefix-list + + This command applys the prfefix list filters named in to the + specified BGP neighbor to restrict the routing information that BGP learns + and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the prefix list are applied. + +.. cfgcmd:: set protocols bgp neighbor address-family + route-map + + This command applys the route map named in to the specified BGP + neighbor to control and modify routing information that is exchanged + between peers. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the route map are applied. + +.. cfgcmd:: set protocols bgp neighbor address-family + filter-list + + This command applys the AS path access list filters named in to the + specified BGP neighbor to restrict the routing information that BGP learns + and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import` + specify the direction in which the AS path access list are applied. + +.. cfgcmd:: set protocols bgp neighbor address-family + capability orf + + This command enables the ORF capability (described in :rfc:`5291`) on the + local router, and enables ORF capability advertisement to the specified BGP + peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF + receive capabilities. The :cfgcmd:`send` keyword configures a router to + advertise ORF send capabilities. To advertise a filter from a sender, you + must create an IP prefix list for the specified BGP peer applied in inbound + derection. + + +BGP Scaling Configuration +------------------------- + BGP routers connected inside the same AS through BGP belong to an internal BGP -session, or IBGP. In order to prevent routing table loops, IBGP speaker does not -advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). -As such, IBGP requires a full mesh of all peers. For large networks, this -quickly becomes unscalable. Introducing route reflectors removes the need for -the full-mesh. Route reflectors mechanism is described in :rfc:`4456` and -updated by :rfc:`7606`. +session, or IBGP. In order to prevent routing table loops, IBGP speaker does +not advertise IBGP-learned routes to other IBGP speaker (Split Horizon +mechanism). As such, IBGP requires a full mesh of all peers. For large +networks, this quickly becomes unscalable. + +There are two ways that help us to mitigate the BGPs full-mesh requirement in +a network: + + - Using BGP route-reflectors + - Using BGP confederation + + +Route Reflector Configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Introducing route reflectors removes the need for the full-mesh. When you +configure a route reflector you have to tell the router whether the other IBGP +router is a client or non-client. A client is an IBGP router that the route +reflector will “reflect” routes to, the non-client is just a regular IBGP +neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated +by :rfc:`7606`. .. cfgcmd:: set protocols bgp neighbor
address-family route-reflector-client @@ -703,6 +846,30 @@ updated by :rfc:`7606`. set to an arbitrary 32-bit value. +Confederation Configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A BGP confederation divides our AS into sub-ASes to reduce the number of +required IBGP peerings. Within a sub-AS we still require full-mesh IBGP but +between these sub-ASes we use something that looks like EBGP but behaves like +IBGP (called confederation BGP). Confederation mechanism is described in +:rfc:`5065` + +.. cfgcmd:: set protocols bgp parameters confederation identifier + + + This command specifies a BGP confederation identifier. is the number + of the autonomous system that internally includes multiple sub-autonomous + systems (a confederation). is the number sub-autonomous system + inside . + +.. cfgcmd:: set protocols bgp parameters confederation confederation + peers + + This command sets other confederations as members of autonomous + system specified by :cfgcmd:`confederation identifier `. + + Operational Mode Commands ========================= @@ -764,6 +931,15 @@ Show This command displays BGP dampened routes. +.. opcmd:: show ip bgp flap-statistics + + This command displays information about flapping BGP routes. + +.. opcmd:: show ip bgp filter-list + + This command displays BGP routes allowed by by the specified AS Path + access list. + .. opcmd:: show bgp neighbors
advertised-routes This command displays BGP routes advertised to a neighbor. @@ -837,6 +1013,7 @@ Reset you do not specify the :cfgcmd:`in` or :cfgcmd:`out` options, both inbound and outbound soft reconfiguration are triggered. + Configuration Examples ---------------------- -- cgit v1.2.3 From 40996bae01a4b2c2070a3f76b2630f8e4dd25528 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Tue, 19 Jan 2021 19:39:13 +0400 Subject: OSPF: added OSPFv3 commands and formated OSPFv2 Added OSPFv3 configuration and operation commands. OSPFv2 formatted according to Style Guide. added summarization commands for OSPFv2. --- docs/configuration/protocols/ospf.rst | 691 +++++++++++++++++++++++----------- 1 file changed, 473 insertions(+), 218 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 7d9950e6..7270febc 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -20,11 +20,8 @@ OSPFv2 (IPv4) General Configuration --------------------- -.. cfgcmd:: set protocols ospf area - - This command is udes to enable the OSPF process. The area number can be - specified in decimal notation in the range from 0 to 4294967295. Or it - can be specified in dotted decimal notation similar to ip address. +VyOS does not have a special command to start the OSPF process. The OSPF process +starts when the first ospf enabled interface is configured. .. cfgcmd:: set protocols ospf area network @@ -32,40 +29,48 @@ General Configuration an address from defined range then the command enables OSPF on this interface so router can provide network information to the other ospf routers via this interface. + + This command is also used to enable the OSPF process. The area number can be + specified in decimal notation in the range from 0 to 4294967295. Or it + can be specified in dotted decimal notation similar to ip address. .. cfgcmd:: set protocols ospf auto-cost reference-bandwidth - This command sets the reference bandwidth for cost calculations, where - bandwidth can be in range from 1 to 4294967, specified in Mbits/s. The - default is 100Mbit/s (i.e. a link of bandwidth 100Mbit/s or higher will - have a cost of 1. Cost of lower bandwidth links will be scaled with + This command sets the reference bandwidth for cost calculations, where + bandwidth can be in range from 1 to 4294967, specified in Mbits/s. The + default is 100Mbit/s (i.e. a link of bandwidth 100Mbit/s or higher will + have a cost of 1. Cost of lower bandwidth links will be scaled with reference to this cost). .. cfgcmd:: set protocols ospf parameters router-id This command sets the router-ID of the OSPF process. The router-ID may be an - IP address of the router, but need not be – it can be any arbitrary 32bit number. - However it MUST be unique within the entire OSPF domain to the OSPF speaker – bad - things will happen if multiple OSPF speakers are configured with the same router-ID! + IP address of the router, but need not be – it can be any arbitrary 32bit + number. However it MUST be unique within the entire OSPF domain to the OSPF + speaker – bad things will happen if multiple OSPF speakers are configured + with the same router-ID! Optional Configuration ---------------------- -.. cfgcmd:: set protocols ospf default-information originate [always] [metric ] [metric-type <1|2>] [route-map ] +.. cfgcmd:: set protocols ospf default-information originate [always] + [metric ] [metric-type <1|2>] [route-map ] Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. - If the :cfgcmd:`always` keyword is given then the default is always advertised, - even when there is no default present in the routing table. The argument - :cfgcmd:`route-map` specifies to advertise the default route if the route map - is satisfied. + If the :cfgcmd:`always` keyword is given then the default is always + advertised, even when there is no default present in the routing table. + The argument :cfgcmd:`route-map` specifies to advertise the default route + if the route map is satisfied. .. cfgcmd:: set protocols ospf distance global - This command change distance value of OSPF. The distance range is 1 to 255. + This command change distance value of OSPF globally. + The distance range is 1 to 255. -.. cfgcmd:: set protocols ospf distance ospf +.. cfgcmd:: set protocols ospf distance ospf + This command change distance value of OSPF. The arguments are the distance values for external routes, inter-area routes and intra-area routes @@ -80,7 +85,8 @@ Optional Configuration :cfgcmd:`detail` argument, all changes in adjacency status are shown. Without :cfgcmd:`detail`, only changes to full or regressions are shown. -.. cfgcmd:: set protocols ospf max-metric router-lsa |on-startup > +.. cfgcmd:: set protocols ospf max-metric router-lsa + |on-startup > This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other @@ -94,65 +100,76 @@ Optional Configuration and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown ` command. The time range is 5 to 86400. -.. cfgcmd:: set protocols ospf parameters abr-type +.. cfgcmd:: set protocols ospf parameters abr-type + This command selects ABR model. OSPF router supports four ABR models: - **cisco** – a router will be considered as ABR if it has several configured links to - the networks in different areas one of which is a backbone area. Moreover, the link - to the backbone area should be active (working). - **ibm** – identical to "cisco" model but in this case a backbone area link may not be active. + **cisco** – a router will be considered as ABR if it has several configured + links to the networks in different areas one of which is a backbone area. + Moreover, the link to the backbone area should be active (working). + **ibm** – identical to "cisco" model but in this case a backbone area link + may not be active. **standard** – router has several active links to different areas. - **shortcut** – identical to "standard" but in this model a router is allowed to use a - connected areas topology without involving a backbone area for inter-area connections. + **shortcut** – identical to "standard" but in this model a router is + allowed to use a connected areas topology without involving a backbone + area for inter-area connections. - Detailed information about "cisco" and "ibm" models differences can be found in :rfc:`3509`. - A "shortcut" model allows ABR to create routes between areas based on the topology of the - areas connected to this router but not using a backbone area in case if non-backbone route - will be cheaper. For more information about "shortcut" model, see :t:`ospf-shortcut-abr-02.txt` + Detailed information about "cisco" and "ibm" models differences can be + found in :rfc:`3509`. A "shortcut" model allows ABR to create routes + between areas based on the topology of the areas connected to this router + but not using a backbone area in case if non-backbone route will be + cheaper. For more information about "shortcut" model, + see :t:`ospf-shortcut-abr-02.txt` .. cfgcmd:: set protocols ospf parameters rfc1583-compatibility - :rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) - in section 16.4.1 a change to the path preference algorithm that prevents possible - routing loops that were possible in the old version of OSPFv2. More specifically it - demands that inter-area paths and intra-area backbone path are now of equal preference - but still both preferred to external paths. + :rfc:`2328`, the successor to :rfc:`1583`, suggests according to section + G.2 (changes) in section 16.4.1 a change to the path preference algorithm + that prevents possible routing loops that were possible in the old version + of OSPFv2. More specifically it demands that inter-area paths and + intra-area backbone path are now of equal preference but still both + preferred to external paths. This command should NOT be set normally. .. cfgcmd:: set protocols ospf passive-interface - This command specifies interface as passive. Passive interface advertises its address, - but does not run the OSPF protocol (adjacencies are not formed and hello packets are - not generated). + This command specifies interface as passive. Passive interface advertises + its address, but does not run the OSPF protocol (adjacencies are not formed + and hello packets are not generated). .. cfgcmd:: set protocols ospf passive-interface default - This command specifies all interfaces as passive by default. Because this command changes - the configuration logic to a default passive; therefore, interfaces where router adjacencies - are expected need to be configured with the :cfgcmd:`passive-interface-exclude` command. + This command specifies all interfaces as passive by default. Because this + command changes the configuration logic to a default passive; therefore, + interfaces where router adjacencies are expected need to be configured + with the :cfgcmd:`passive-interface-exclude` command. .. cfgcmd:: set protocols ospf passive-interface-exclude - This command allows exclude interface from passive state. This command is used if the - command :cfgcmd:`passive-interface default` was configured. + This command allows exclude interface from passive state. This command is + used if the command :cfgcmd:`passive-interface default` was configured. .. cfgcmd:: set protocols ospf refresh timers - The router automatically updates link-state information with its neighbors. Only an obsolete - information is updated which age has exceeded a specific threshold. This parameter changes - a threshold value, which by default is 1800 seconds (half an hour). The value is applied - to the whole OSPF router. The timer range is 10 to 1800. - -.. cfgcmd:: set protocols ospf timers throttle spf - - This command sets the initial delay, the initial-holdtime and the maximum-holdtime between - when SPF is calculated and the event which triggered the calculation. The times are specified - in milliseconds and must be in the range of 0 to 600000 milliseconds. :cfgcmd:`delay` sets - the initial SPF schedule delay in milliseconds. The default value is 200 ms. - :cfgcmd:`initial-holdtime` sets the minimum hold time between two consecutive SPF calculations. - The default value is 1000 ms. :cfgcmd:`max-holdtime` sets the maximum wait time between two + The router automatically updates link-state information with its neighbors. + Only an obsolete information is updated which age has exceeded a specific + threshold. This parameter changes a threshold value, which by default is + 1800 seconds (half an hour). The value is applied to the whole OSPF router. + The timer range is 10 to 1800. + +.. cfgcmd:: set protocols ospf timers throttle spf + + + This command sets the initial delay, the initial-holdtime and the + maximum-holdtime between when SPF is calculated and the event which + triggered the calculation. The times are specified in milliseconds and must + be in the range of 0 to 600000 milliseconds. :cfgcmd:`delay` sets the + initial SPF schedule delay in milliseconds. The default value is 200 ms. + :cfgcmd:`initial-holdtime` sets the minimum hold time between two + consecutive SPF calculations. The default value is 1000 ms. + :cfgcmd:`max-holdtime` sets the maximum wait time between two consecutive SPF calculations. The default value is 10000 ms. @@ -161,108 +178,147 @@ Areas Configuration .. cfgcmd:: set protocols ospf area area-type stub - This command specifies the area to be a Stub Area. That is, an area where no router - originates routes external to OSPF and hence an area where all external routes are - via the ABR(s). Hence, ABRs for such an area do not need to pass AS-External LSAs - (type-5) or ASBR-Summary LSAs (type-4) into the area. They need only pass - Network-Summary (type-3) LSAs into such an area, along with a default-route summary. + This command specifies the area to be a Stub Area. That is, an area where + no router originates routes external to OSPF and hence an area where all + external routes are via the ABR(s). Hence, ABRs for such an area do not + need to pass AS-External LSAs (type-5) or ASBR-Summary LSAs (type-4) into + the area. They need only pass Network-Summary (type-3) LSAs into such an + area, along with a default-route summary. .. cfgcmd:: set protocols ospf area area-type stub no-summary - This command specifies the area to be a Totally Stub Area. In addition to stub area - limitations this area type prevents an ABR from injecting Network-Summary (type-3) - LSAs into the specified stub area. Only default summary route is allowed. + This command specifies the area to be a Totally Stub Area. In addition to + stub area limitations this area type prevents an ABR from injecting + Network-Summary (type-3) LSAs into the specified stub area. Only default + summary route is allowed. -.. cfgcmd:: set protocols ospf area area-type stub default-cost +.. cfgcmd:: set protocols ospf area area-type stub default-cost + - This command sets the cost of default-summary LSAs announced to stubby areas. - The cost range is 0 to 16777215. + This command sets the cost of default-summary LSAs announced to stubby + areas. The cost range is 0 to 16777215. .. cfgcmd:: set protocols ospf area area-type nssa - This command specifies the area to be a Not So Stubby Area. External routing information - is imported into an NSSA in Type-7 LSAs. Type-7 LSAs are similar to Type-5 AS-external - LSAs, except that they can only be flooded into the NSSA. In order to further propagate - the NSSA external information, the Type-7 LSA must be translated to a Type-5 - AS-external-LSA by the NSSA ABR. + This command specifies the area to be a Not So Stubby Area. External + routing information is imported into an NSSA in Type-7 LSAs. Type-7 LSAs + are similar to Type-5 AS-external LSAs, except that they can only be + flooded into the NSSA. In order to further propagate the NSSA external + information, the Type-7 LSA must be translated to a Type-5 AS-external-LSA + by the NSSA ABR. .. cfgcmd:: set protocols ospf area area-type nssa no-summary - This command specifies the area to be a NSSA Totally Stub Area. ABRs for such an area do - not need to pass Network-Summary (type-3) LSAs (except the default summary route), - ASBR-Summary LSAs (type-4) and AS-External LSAs (type-5) into the area. But Type-7 LSAs - that convert to Type-5 at the NSSA ABR are allowed. + This command specifies the area to be a NSSA Totally Stub Area. ABRs for + such an area do not need to pass Network-Summary (type-3) LSAs (except the + default summary route), ASBR-Summary LSAs (type-4) and AS-External LSAs + (type-5) into the area. But Type-7 LSAs that convert to Type-5 at the NSSA + ABR are allowed. -.. cfgcmd:: set protocols ospf area area-type nssa default-cost +.. cfgcmd:: set protocols ospf area area-type nssa default-cost + This command sets the default cost of LSAs announced to NSSA areas. The cost range is 0 to 16777215. -.. cfgcmd:: set protocols ospf area area-type nssa translate +.. cfgcmd:: set protocols ospf area area-type nssa translate + - Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into - Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless - of the translator state of other NSSA border routers. When role is Candidate, this router - participates in the translator election to determine if it will perform the translations - duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs. + Specifies whether this NSSA border router will unconditionally translate + Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are + translated into Type-5 LSAs regardless of the translator state of other + NSSA border routers. When role is Candidate, this router participates in + the translator election to determine if it will perform the translations + duties. When role is Never, this router will never translate Type-7 LSAs + into Type-5 LSAs. .. cfgcmd:: set protocols ospf area authentication plaintext-password - This command specifies that simple password authentication should be used for the given - area. The password must also be configured on a per-interface basis. + This command specifies that simple password authentication should be used + for the given area. The password must also be configured on a per-interface + basis. .. cfgcmd:: set protocols ospf area authentication md5 - This command specify that OSPF packets must be authenticated with MD5 HMACs within the - given area. Keying material must also be configured on a per-interface basis. + This command specify that OSPF packets must be authenticated with MD5 HMACs + within the given area. Keying material must also be configured on a + per-interface basis. + +.. cfgcmd:: set protocols ospf area range [cost ] + + This command summarizes intra area paths from specified area into one + summary-LSA (Type-3) announced to other areas. This command can be used + only in ABR and ONLY router-LSAs (Type-1) and network-LSAs (Type-2) + (i.e. LSAs with scope area) can be summarized. AS-external-LSAs (Type-5) + can’t be summarized - their scope is AS. The optional argument + :cfgcmd:`cost` specifies the aggregated link metric. The metric range is 0 + to 16777215. + +.. cfgcmd:: set protocols ospf area range not-advertise + + This command instead of summarizing intra area paths filter them - i.e. + intra area paths from this range are not advertised into other areas. + This command makes sense in ABR only. + +.. cfgcmd:: set protocols ospf area range substitute + + + One Type-3 summary-LSA with routing info is announced into + backbone area if defined area contains at least one intra-area network + (i.e. described with router-LSA or network-LSA) from range . + This command makes sense in ABR only. .. cfgcmd:: set protocols ospf area shortcut - This parameter allows to "shortcut" routes (non-backbone) for inter-area routes. There - are three modes available for routes shortcutting: + This parameter allows to "shortcut" routes (non-backbone) for inter-area + routes. There are three modes available for routes shortcutting: - **default** – this area will be used for shortcutting only if ABR does not have a link - to the backbone area or this link was lost. - **enable** – the area will be used for shortcutting every time the route that goes through - it is cheaper. + **default** – this area will be used for shortcutting only if ABR does not + have a link to the backbone area or this link was lost. + **enable** – the area will be used for shortcutting every time the route + that goes through it is cheaper. **disable** – this area is never used by ABR for routes shortcutting. .. cfgcmd:: set protocols ospf area virtual-link Provides a backbone area coherence by virtual link establishment. - In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully - connected. I.e. any backbone area router must have a route to any other backbone area - router. Moreover, every ABR must have a link to backbone area. However, it is not always - possible to have a physical link to a backbone area. In this case between two ABR (one - of them has a link to the backbone area) in the area (not stub area) a virtual link is organized. + In general, OSPF protocol requires a backbone area (area 0) to be coherent + and fully connected. I.e. any backbone area router must have a route to any + other backbone area router. Moreover, every ABR must have a link to + backbone area. However, it is not always possible to have a physical link + to a backbone area. In this case between two ABR (one of them has a link to + the backbone area) in the area (not stub area) a virtual link is organized. – area identifier through which a virtual link goes. - – ABR router-id with which a virtual link is established. Virtual link must be - configured on both routers. + – ABR router-id with which a virtual link is established. Virtual + link must be configured on both routers. - Formally, a virtual link looks like a point-to-point network connecting two ABR from one - area one of which physically connected to a backbone area. This pseudo-network is considered - to belong to a backbone area. + Formally, a virtual link looks like a point-to-point network connecting two + ABR from one area one of which physically connected to a backbone area. + This pseudo-network is considered to belong to a backbone area. Interfaces Configuration ------------------------ -.. cfgcmd:: set interfaces ip ospf authentication plaintext-password +.. cfgcmd:: set interfaces ip ospf authentication + plaintext-password - This command sets OSPF authentication key to a simple password. After setting, all OSPF - packets are authenticated. Key has length up to 8 chars. + This command sets OSPF authentication key to a simple password. After + setting, all OSPF packets are authenticated. Key has length up to 8 chars. - Simple text password authentication is insecure and deprecated in favour of MD5 HMAC - authentication. + Simple text password authentication is insecure and deprecated in favour of + MD5 HMAC authentication. -.. cfgcmd:: set interfaces ip ospf authentication md5 key-id md5-key +.. cfgcmd:: set interfaces ip ospf authentication md5 + key-id md5-key - This command specifys that MD5 HMAC authentication must be used on this interface. It sets - OSPF authentication key to a cryptographic password. Key-id identifies secret key used to - create the message digest. This ID is part of the protocol and must be consistent across - routers on a link. The key can be long up to 16 chars (larger strings will be truncated), + This command specifys that MD5 HMAC authentication must be used on this + interface. It sets OSPF authentication key to a cryptographic password. + Key-id identifies secret key used to create the message digest. This ID + is part of the protocol and must be consistent across routers on a link. + The key can be long up to 16 chars (larger strings will be truncated), and is associated with the given key-id. .. cfgcmd:: set interfaces ip ospf bandwidth @@ -272,66 +328,73 @@ Interfaces Configuration .. cfgcmd:: set interfaces ip ospf cost - This command sets link cost for the specified interface. The cost value is set to - router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535. + This command sets link cost for the specified interface. The cost value is + set to router-LSA’s metric field and used for SPF calculation. The cost + range is 1 to 65535. .. cfgcmd:: set interfaces ip ospf dead-interval - Set number of seconds for router Dead Interval timer value used for Wait Timer and - Inactivity Timer. This value must be the same for all routers attached to a common - network. The default value is 40 seconds. The interval range is 1 to 65535. + Set number of seconds for router Dead Interval timer value used for Wait + Timer and Inactivity Timer. This value must be the same for all routers + attached to a common network. The default value is 40 seconds. The + interval range is 1 to 65535. .. cfgcmd:: set interfaces ip ospf hello-interval - Set number of seconds for Hello Interval timer value. Setting this value, Hello - packet will be sent every timer value seconds on the specified interface. This - value must be the same for all routers attached to a common network. The default - value is 10 seconds. The interval range is 1 to 65535. + Set number of seconds for Hello Interval timer value. Setting this value, + Hello packet will be sent every timer value seconds on the specified + interface. This value must be the same for all routers attached to a + common network. The default value is 10 seconds. The interval range is 1 + to 65535. .. cfgcmd:: set interfaces ip ospf mtu-ignore - This command disables check of the MTU value in the OSPF DBD packets. Thus, use - of this command allows the OSPF adjacency to reach the FULL state even though - there is an interface MTU mismatch between two OSPF routers. + This command disables check of the MTU value in the OSPF DBD packets. Thus, + use of this command allows the OSPF adjacency to reach the FULL state even + though there is an interface MTU mismatch between two OSPF routers. .. cfgcmd:: set interfaces ip ospf network - This command allows to specify the distribution type for the network connected - to this interface: + This command allows to specify the distribution type for the network + connected to this interface: **broadcast** – broadcast IP addresses distribution. **non-broadcast** – address distribution in NBMA networks topology. - **point-to-multipoint** – address distribution in point-to-multipoint networks. + **point-to-multipoint** – address distribution in point-to-multipoint + networks. **point-to-point** – address distribution in point-to-point networks. .. cfgcmd:: set interfaces ip ospf priority - This command sets Router Priority integer value. The router with the highest - priority will be more eligible to become Designated Router. Setting the value - to 0, makes the router ineligible to become Designated Router. The default value - is 1. The interval range is 0 to 255. + This command sets Router Priority integer value. The router with the + highest priority will be more eligible to become Designated Router. + Setting the value to 0, makes the router ineligible to become + Designated Router. The default value is 1. The interval range is 0 to 255. -.. cfgcmd:: set interfaces ip ospf retransmit-interval +.. cfgcmd:: set interfaces ip ospf retransmit-interval + - This command sets number of seconds for RxmtInterval timer value. This value is used - when retransmitting Database Description and Link State Request packets if acknowledge - was not received. The default value is 5 seconds. The interval range is 3 to 65535. + This command sets number of seconds for RxmtInterval timer value. This + value is used when retransmitting Database Description and Link State + Request packets if acknowledge was not received. The default value is 5 + seconds. The interval range is 3 to 65535. .. cfgcmd:: set interfaces ip ospf transmit-delay - This command sets number of seconds for InfTransDelay value. It allows to set and adjust - for each interface the delay interval before starting the synchronizing process of the - router's database with all neighbors. The default value is 1 seconds. The interval range - is 3 to 65535. + This command sets number of seconds for InfTransDelay value. It allows to + set and adjust for each interface the delay interval before starting the + synchronizing process of the router's database with all neighbors. The + default value is 1 seconds. The interval range is 3 to 65535. Manual Neighbor Configuration ----------------------------- -OSPF routing devices normally discover their neighbors dynamically by listening to the broadcast -or multicast hello packets on the network. Because an NBMA network does not support broadcast (or -multicast), the device cannot discover its neighbors dynamically, so you must configure all the -neighbors statically. +OSPF routing devices normally discover their neighbors dynamically by +listening to the broadcast or multicast hello packets on the network. +Because an NBMA network does not support broadcast (or multicast), the +device cannot discover its neighbors dynamically, so you must configure all +the neighbors statically. .. cfgcmd:: set protocols ospf neighbor @@ -339,39 +402,26 @@ neighbors statically. .. cfgcmd:: set protocols ospf neighbor poll-interval - This command specifies the length of time, in seconds, before the routing device sends hello - packets out of the interface before it establishes adjacency with a neighbor. The range is 1 - to 65535 seconds. The default value is 60 seconds. + This command specifies the length of time, in seconds, before the routing + device sends hello packets out of the interface before it establishes + adjacency with a neighbor. The range is 1 to 65535 seconds. The default + value is 60 seconds. .. cfgcmd:: set protocols ospf neighbor priority - This command specifies the router priority value of the nonbroadcast neighbor associated with - the IP address specified. The default is 0. This keyword does not apply to point-to-multipoint - interfaces. + This command specifies the router priority value of the nonbroadcast + neighbor associated with the IP address specified. The default is 0. + This keyword does not apply to point-to-multipoint interfaces. Redistribution Configuration ---------------------------- -.. cfgcmd:: set protocols ospf redistribute bgp +.. cfgcmd:: set protocols ospf redistribute - Redistribute BGP routes to OSPF process. - -.. cfgcmd:: set protocols ospf redistribute connected - - Redistribute connected routes to OSPF process. - -.. cfgcmd:: set protocols ospf redistribute kernel - - Redistribute kernel routes to OSPF process. - -.. cfgcmd:: set protocols ospf redistribute rip - - Redistribute RIP routes to OSPF process. - -.. cfgcmd:: set protocols ospf redistribute static - - Redistribute static routes to OSPF process. + This command redistributes routing information from the given route source + to the OSPF process. There are five modes available for route source: bgp, + connected, kernel, rip, static. .. cfgcmd:: set protocols ospf default-metric @@ -380,29 +430,33 @@ Redistribution Configuration .. cfgcmd:: set protocols ospf redistribute metric - This command specifies metric for redistributed routes from given route source. There - are five modes available for route source: bgp, connected, kernel, rip, static. The - metric range is 1 to 16. + This command specifies metric for redistributed routes from given route + source. There are five modes available for route source: bgp, connected, + kernel, rip, static. The metric range is 1 to 16. .. cfgcmd:: set protocols ospf redistribute metric-type <1|2> - This command specifies metric type for redistributed routes. Difference between two metric - types that metric type 1 is a metric which is "commensurable" with inner OSPF links. When - calculating a metric to the external destination, the full path metric is calculated as a - metric sum path of a router which had advertised this link plus the link metric. Thus, a - route with the least summary metric will be selected. If external link is advertised with - metric type 2 the path is selected which lies through the router which advertised this link - with the least metric despite of the fact that internal path to this router is longer (with - more cost). However, if two routers advertised an external link and with metric type 2 the - preference is given to the path which lies through the router with a shorter internal path. - If two different routers advertised two links to the same external destimation but with - different metric type, metric type 1 is preferred. If type of a metric left undefined the - router will consider these external links to have a default metric type 2. + This command specifies metric type for redistributed routes. Difference + between two metric types that metric type 1 is a metric which is + "commensurable" with inner OSPF links. When calculating a metric to the + external destination, the full path metric is calculated as a metric sum + path of a router which had advertised this link plus the link metric. + Thus, a route with the least summary metric will be selected. If external + link is advertised with metric type 2 the path is selected which lies + through the router which advertised this link with the least metric + despite of the fact that internal path to this router is longer (with more + cost). However, if two routers advertised an external link and with metric + type 2 the preference is given to the path which lies through the router + with a shorter internal path. If two different routers advertised two + links to the same external destimation but with different metric type, + metric type 1 is preferred. If type of a metric left undefined the router + will consider these external links to have a default metric type 2. .. cfgcmd:: set protocols ospf redistribute route-map - This command allows to use route map to filter redistributed routes from given route source. - There are five modes available for route source: bgp, connected, kernel, rip, static. + This command allows to use route map to filter redistributed routes from + given route source. There are five modes available for route source: bgp, + connected, kernel, rip, static. Operational Mode Commands @@ -420,8 +474,8 @@ Operational Mode Commands .. opcmd:: show ip ospf neighbor detail - This command displays the neighbors information in a detailed form, not just - a summary table. + This command displays the neighbors information in a detailed form, not + just a summary table. .. code-block:: none @@ -459,18 +513,18 @@ Operational Mode Commands .. opcmd:: show ip ospf neighbor - This command displays the neighbors information in a detailed form for a neighbor - whose IP address is specified. + This command displays the neighbors information in a detailed form for a + neighbor whose IP address is specified. .. opcmd:: show ip ospf neighbor This command displays the neighbors status for a neighbor on the specified interface. -.. opcmd:: show ip ospf interface [intname] +.. opcmd:: show ip ospf interface [] - This command displays state and configuration of OSPF the specified interface, - or all interfaces if no interface is given. + This command displays state and configuration of OSPF the specified + interface, or all interfaces if no interface is given. .. code-block:: none @@ -500,8 +554,8 @@ Operational Mode Commands .. opcmd:: show ip ospf route - This command displays the OSPF routing table, as determined by the most recent - SPF calculation. + This command displays the OSPF routing table, as determined by the most + recent SPF calculation. .. code-block:: none @@ -527,23 +581,24 @@ Operational Mode Commands The table consists of following data: -**OSPF network routing table** – includes a list of acquired routes for all -accessible networks (or aggregated area ranges) of OSPF system. "IA" flag means -that route destination is in the area to which the router is not connected, i.e. -it’s an inter-area path. In square brackets a summary metric for all links through -which a path lies to this network is specified. "via" prefix defines a -router-gateway, i.e. the first router on the way to the destination (next hop). +**OSPF network routing table** – includes a list of acquired routes for all +accessible networks (or aggregated area ranges) of OSPF system. "IA" flag +means that route destination is in the area to which the router is not +connected, i.e. it’s an inter-area path. In square brackets a summary metric +for all links through which a path lies to this network is specified. "via" +prefix defines a router-gateway, i.e. the first router on the way to the +destination (next hop). **OSPF router routing table** – includes a list of acquired routes to all accessible ABRs and ASBRs. **OSPF external routing table** – includes a list of acquired routes that are external to the OSPF process. "E" flag points to the external link metric type -(E1 – metric type 1, E2 – metric type 2). External link metric is printed in the -"/" format. +(E1 – metric type 1, E2 – metric type 2). External link metric is printed in +the "/" format. .. opcmd:: show ip ospf border-routers - This command displays a table of paths to area boundary and autonomous system - boundary routers. + This command displays a table of paths to area boundary and autonomous + system boundary routers. .. opcmd:: show ip ospf database @@ -577,23 +632,26 @@ external to the OSPF process. "E" flag points to the external link metric type Link ID ADV Router Age Seq# CkSum Route 172.16.0.0 10.0.34.4 1063 0x80000001 0xc40d E2 172.16.0.0/24 [0x0] -.. opcmd:: show ip ospf database [A.B.C.D] [adv-router |self-originate] +.. opcmd:: show ip ospf database [A.B.C.D] + [adv-router |self-originate] - This command displays a database contents for a specific link advertisement type. + This command displays a database contents for a specific link advertisement + type. The type can be the following: asbr-summary, external, network, nssa-external, opaque-area, opaque-as, opaque-link, router, summary. - [A.B.C.D] – link-state-id. With this specified the command displays portion of - the network environment that is being described by the advertisement. The value - entered depends on the advertisement’s LS type. It must be entered in the form - of an IP address. + [A.B.C.D] – link-state-id. With this specified the command displays portion + of the network environment that is being described by the advertisement. + The value entered depends on the advertisement’s LS type. It must be + entered in the form of an IP address. - :cfgcmd:`adv-router ` – router id, which link advertisements need to be - reviewed. + :cfgcmd:`adv-router ` – router id, which link advertisements need + to be reviewed. - :cfgcmd:`self-originate` displays only self-originated LSAs from the local router. + :cfgcmd:`self-originate` displays only self-originated LSAs from the local + router. .. code-block:: none @@ -666,6 +724,203 @@ address and the node 1 sending the default route: OSPFv3 (IPv6) ############# +General Configuration +--------------------- + +VyOS does not have a special command to start the OSPFv3 process. The OSPFv3 +process starts when the first ospf enabled interface is configured. + +.. cfgcmd:: set protocols ospfv3 area interface + + This command specifies the OSPFv3 enabled interface. This command is also + used to enable the OSPF process. The area number can be specified in + decimal notation in the range from 0 to 4294967295. Or it can be specified + in dotted decimal notation similar to ip address. + +.. cfgcmd:: set protocols ospfv3 parameters router-id + + This command sets the router-ID of the OSPFv3 process. The router-ID may be + an IP address of the router, but need not be – it can be any arbitrary + 32bit number. However it MUST be unique within the entire OSPFv3 domain to + the OSPFv3 speaker – bad things will happen if multiple OSPFv3 speakers are + configured with the same router-ID! + + +Optional Configuration +---------------------- + +.. cfgcmd:: set protocols ospfv3 distance global + + This command change distance value of OSPFv3 globally. + The distance range is 1 to 255. + +.. cfgcmd:: set protocols ospfv3 distance ospfv3 + + + This command change distance value of OSPFv3. The arguments are the + distance values for external routes, inter-area routes and intra-area + routes respectively. The distance range is 1 to 255. + + +Areas Configuration +------------------- + +.. cfgcmd:: set protocols ospfv3 area range + + This command summarizes intra area paths from specified area into one + Type-3 Inter-Area Prefix LSA announced to other areas. This command can be + used only in ABR. + +.. cfgcmd:: set protocols ospfv3 area range not-advertise + + This command instead of summarizing intra area paths filter them - i.e. + intra area paths from this range are not advertised into other areas. This + command makes sense in ABR only. + + +Interfaces Configuration +------------------------ + +.. cfgcmd:: set interfaces ipv6 ospfv3 cost + + This command sets link cost for the specified interface. The cost value is + set to router-LSA’s metric field and used for SPF calculation. The cost + range is 1 to 65535. + +.. cfgcmd:: set interfaces ipv6 ospfv3 dead-interval + + + Set number of seconds for router Dead Interval timer value used for Wait + Timer and Inactivity Timer. This value must be the same for all routers + attached to a common network. The default value is 40 seconds. The + interval range is 1 to 65535. + +.. cfgcmd:: set interfaces ipv6 ospfv3 hello-interval + + + Set number of seconds for Hello Interval timer value. Setting this value, + Hello packet will be sent every timer value seconds on the specified + interface. This value must be the same for all routers attached to a + common network. The default value is 10 seconds. The interval range is 1 + to 65535. + +.. cfgcmd:: set interfaces ipv6 ospfv3 mtu-ignore + + This command disables check of the MTU value in the OSPF DBD packets. + Thus, use of this command allows the OSPF adjacency to reach the FULL + state even though there is an interface MTU mismatch between two OSPF + routers. + +.. cfgcmd:: set interfaces ipv6 ospfv3 network + + This command allows to specify the distribution type for the network + connected to this interface: + + **broadcast** – broadcast IP addresses distribution. + **point-to-point** – address distribution in point-to-point networks. + +.. cfgcmd:: set interfaces ipv6 ospfv3 priority + + This command sets Router Priority integer value. The router with the + highest priority will be more eligible to become Designated Router. + Setting the value to 0, makes the router ineligible to become Designated + Router. The default value is 1. The interval range is 0 to 255. + +.. cfgcmd:: set interfaces ipv6 ospfv3 passive + + This command specifies interface as passive. Passive interface advertises + its address, but does not run the OSPF protocol (adjacencies are not formed + and hello packets are not generated). + +.. cfgcmd:: set interfaces ipv6 ospfv3 retransmit-interval + + + This command sets number of seconds for RxmtInterval timer value. This + value is used when retransmitting Database Description and Link State + Request packets if acknowledge was not received. The default value is 5 + seconds. The interval range is 3 to 65535. + +.. cfgcmd:: set interfaces ipv6 ospfv3 transmit-delay + + + This command sets number of seconds for InfTransDelay value. It allows to + set and adjust for each interface the delay interval before starting the + synchronizing process of the router's database with all neighbors. The + default value is 1 seconds. The interval range is 3 to 65535. + + +Redistribution Configuration +---------------------------- + +.. cfgcmd:: set protocols ospfv3 redistribute + + This command redistributes routing information from the given route source + to the OSPFv3 process. There are five modes available for route source: + bgp, connected, kernel, ripng, static. + +.. cfgcmd:: set protocols ospf redistribute route-map + + This command allows to use route map to filter redistributed routes from + given route source. There are five modes available for route source: bgp, + connected, kernel, ripng, static. + + +Operational Mode Commands +------------------------- + +.. opcmd:: show ipv6 ospfv3 neighbor + + This command displays the neighbors status. + +.. opcmd:: show ipv6 ospfv3 neighbor detail + + This command displays the neighbors information in a detailed form, not + just a summary table. + +.. opcmd:: show ipv6 ospfv3 neighbor + + This command displays the neighbors information in a detailed form for + a neighbor whose IP address is specified. + +.. opcmd:: show ipv6 ospfv3 neighbor + + This command displays the neighbors status for a neighbor on the specified + interface. + +.. opcmd:: show ipv6 ospfv3 interface [prefix]|[ [prefix]] + + This command displays state and configuration of OSPF the specified + interface, or all interfaces if no interface is given. Whith the argument + :cfgcmd:`prefix` this command shows connected prefixes to advertise. + +.. opcmd:: show ipv6 ospfv3 route + + This command displays the OSPF routing table, as determined by the most + recent SPF calculation. + +.. opcmd:: show ipv6 ospfv3 border-routers + + This command displays a table of paths to area boundary and autonomous + system boundary routers. + +.. opcmd:: show ipv6 ospfv3 database + + This command displays a summary table with a database contents (LSA). + +.. opcmd:: show ipv6 ospfv3 database [A.B.C.D] + [adv-router |self-originate] + + This command displays a database contents for a specific link + advertisement type. + +.. opcmd:: show ipv6 ospfv3 redistribute + + This command displays external information redistributed into OSPFv3 + + +Configuration Example +--------------------- + A typical configuration using 2 nodes. **Node 1:** @@ -692,9 +947,9 @@ A typical configuration using 2 nodes. show ipv6 ospfv3 redistribute -.. note:: You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard - interface link. This requires you to configure link-local addresses manually - on the WireGuard interfaces, see :vytask:`T1483`. +.. note:: You cannot easily redistribute IPv6 routes via OSPFv3 on a + WireGuard interface link. This requires you to configure link-local + addresses manually on the WireGuard interfaces, see :vytask:`T1483`. Example configuration for WireGuard interfaces: @@ -739,4 +994,4 @@ Example configuration for WireGuard interfaces: vyos@ospf02# run sh ipv6 ospfv3 neighbor Neighbor ID Pri DeadTime State/IfState Duration I/F[State] 192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint] - + -- cgit v1.2.3 From 37729f367a020f17d67f25f121693283585dc20a Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 26 Jan 2021 20:49:02 +0100 Subject: bgp: fix build indentation warning --- docs/configuration/protocols/bgp.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 27858224..2d9c9af5 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -30,7 +30,7 @@ Each AS has an identifying number associated with it called an :abbr:`ASN to 65535. The AS numbers 64512 through 65535 are defined as private AS numbers. Private AS numbers must not be advertised on the global Internet. The 2-byte AS number range has been exhausted. 4-byte AS numbers are specified in - :rfc:`6793`, and provide a pool of 4294967296 AS numbers. +:rfc:`6793`, and provide a pool of 4294967296 AS numbers. The :abbr:`ASN (Autonomous System Number)` is one of the essential elements of BGP. BGP is a distance vector routing protocol, and the AS-Path framework -- cgit v1.2.3 From 6dbe2feb4f580bd7d2f449817484bbe2fd3c3119 Mon Sep 17 00:00:00 2001 From: rebortg Date: Tue, 26 Jan 2021 20:50:50 +0100 Subject: rip: close cfgcmd string --- docs/configuration/protocols/rip.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/rip.rst b/docs/configuration/protocols/rip.rst index 7e7f0afc..4d46e2f0 100644 --- a/docs/configuration/protocols/rip.rst +++ b/docs/configuration/protocols/rip.rst @@ -105,7 +105,7 @@ Optional Configuration route only inside RIP. This command should be used only by advanced users who are particularly knowledgeable about the RIP protocol. In most cases, we recommend creating a static route in VyOS and redistributing it in RIP - using :cfgcmd:`redistribute static. + using :cfgcmd:`redistribute static`. .. cfgcmd:: set protocols rip timers update -- cgit v1.2.3 From 44647b95cb474a0fe19314540f04858c92a80074 Mon Sep 17 00:00:00 2001 From: Leonid Voronkin Date: Wed, 27 Jan 2021 11:50:52 +0400 Subject: ospf: change redistribution metric value due to T3194 --- docs/configuration/protocols/ospf.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 7270febc..585454da 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -430,9 +430,9 @@ Redistribution Configuration .. cfgcmd:: set protocols ospf redistribute metric - This command specifies metric for redistributed routes from given route - source. There are five modes available for route source: bgp, connected, - kernel, rip, static. The metric range is 1 to 16. + This command specifies metric for redistributed routes from the given + route source. There are five modes available for route source: bgp, + connected, kernel, rip, static. The metric range is 1 to 16777214. .. cfgcmd:: set protocols ospf redistribute metric-type <1|2> @@ -455,8 +455,8 @@ Redistribution Configuration .. cfgcmd:: set protocols ospf redistribute route-map This command allows to use route map to filter redistributed routes from - given route source. There are five modes available for route source: bgp, - connected, kernel, rip, static. + the given route source. There are five modes available for route source: + bgp, connected, kernel, rip, static. Operational Mode Commands -- cgit v1.2.3 From 83c82dee8b5b156a99236ce0eb10f8403784c13a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 29 Jan 2021 11:18:40 +0100 Subject: rpki: update to reflect changes in the current branch --- docs/configuration/protocols/rpki.rst | 89 ++++++++++++++++++++++++++++++++++- 1 file changed, 87 insertions(+), 2 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/rpki.rst b/docs/configuration/protocols/rpki.rst index c3ff442b..d9884296 100644 --- a/docs/configuration/protocols/rpki.rst +++ b/docs/configuration/protocols/rpki.rst @@ -34,6 +34,10 @@ in :rfc:`8210`. tools). It also has some `help and operational guidance`_ including "What can I do about my route having an Invalid state?" +*************** +Getting started +*************** + First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start @@ -71,14 +75,95 @@ Imported prefixes during the validation may have values: reading about Krill_ if this is a rabbit hole you need or especially want to dive down. +Features of the Current Implementation +====================================== + +In a nutshell, the current implementation provides the following features: + +* The BGP router can connect to one or more RPKI cache servers to receive + validated prefix to origin AS mappings. Advanced failover can be implemented + by server sockets with different preference values. + +* If no connection to an RPKI cache server can be established after a + pre-defined timeout, the router will process routes without prefix origin + validation. It still will try to establish a connection to an RPKI cache + server in the background. + +* By default, enabling RPKI does not change best path selection. In particular, + invalid prefixes will still be considered during best path selection. However, + the router can be configured to ignore all invalid prefixes. + +* Route maps can be configured to match a specific RPKI validation state. This + allows the creation of local policies, which handle BGP routes based on the + outcome of the Prefix Origin Validation. + +* Updates from the RPKI cache servers are directly applied and path selection is + updated accordingly. (Soft reconfiguration must be enabled for this to work). + +************* +Configuration +************* + +.. cfgcmd:: protocols rpki polling-period <1-86400> + + Define the time interval to update the local cache + + The default value is 300 seconds. + +.. cfgcmd:: protocols rpki cache
port + + Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching + instance which is used. + + This is a mandatory setting. + +.. cfgcmd:: protocols rpki cache
preference + + Multiple RPKI caching instances can be supplied and they need a preference in + which their result sets are used. + + This is a mandatory setting. + +SSH +=== + +Connections to the RPKI caching server can not only be established by HTTP/TLS +but you can also rely on a secure SSH session to the server. To enable SSH you +first need to create yoursels an SSH client keypair using ``generate ssh +client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup +the connection. + +.. cfgcmd:: protocols rpki cache
ssh username + + SSH username to establish an SSH connection to the cache server. + +.. cfgcmd:: protocols rpki cache
ssh known-hosts-file + + Local path that includes the known hosts file. + +.. cfgcmd:: protocols rpki cache
ssh private-key-file + + Local path that includes the private key file of the router. + +.. cfgcmd:: protocols rpki cache
ssh public-key-file Date: Sat, 30 Jan 2021 13:30:21 +0100 Subject: ospf: adjust sections to section guidelines --- docs/configuration/protocols/ospf.rst | 156 ++++++++++++++++++---------------- 1 file changed, 82 insertions(+), 74 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 585454da..2c098714 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -14,23 +14,27 @@ addressing model. OSPF is a widely used IGP in large enterprise networks. +************* OSPFv2 (IPv4) -############# +************* -General Configuration ---------------------- +Configuration +============= + +General +------- VyOS does not have a special command to start the OSPF process. The OSPF process starts when the first ospf enabled interface is configured. .. cfgcmd:: set protocols ospf area network - This command specifies the OSPF enabled interface(s). If the interface has - an address from defined range then the command enables OSPF on this - interface so router can provide network information to the other ospf + This command specifies the OSPF enabled interface(s). If the interface has + an address from defined range then the command enables OSPF on this + interface so router can provide network information to the other ospf routers via this interface. - - This command is also used to enable the OSPF process. The area number can be + + This command is also used to enable the OSPF process. The area number can be specified in decimal notation in the range from 0 to 4294967295. Or it can be specified in dotted decimal notation similar to ip address. @@ -51,14 +55,14 @@ starts when the first ospf enabled interface is configured. with the same router-ID! -Optional Configuration ----------------------- +Optional +-------- .. cfgcmd:: set protocols ospf default-information originate [always] [metric ] [metric-type <1|2>] [route-map ] - Originate an AS-External (type-5) LSA describing a default route into all - external-routing capable areas, of the specified metric and metric type. + Originate an AS-External (type-5) LSA describing a default route into all + external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route @@ -72,10 +76,10 @@ Optional Configuration .. cfgcmd:: set protocols ospf distance ospf - This command change distance value of OSPF. The arguments are the distance - values for external routes, inter-area routes and intra-area routes + This command change distance value of OSPF. The arguments are the distance + values for external routes, inter-area routes and intra-area routes respectively. The distance range is 1 to 255. - + .. note:: Routes with a distance of 255 are effectively disabled and not installed into the kernel. @@ -92,14 +96,14 @@ Optional Configuration transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router. - + This support may be enabled administratively (and indefinitely) with the :cfgcmd:`administrative` command. It may also be enabled conditionally. Conditional enabling of max-metric router-lsas can be for a period of seconds after startup with the :cfgcmd:`on-startup ` command and/or for a period of seconds prior to shutdown with the :cfgcmd:`on-shutdown ` command. The time range is 5 to 86400. - + .. cfgcmd:: set protocols ospf parameters abr-type @@ -173,8 +177,8 @@ Optional Configuration consecutive SPF calculations. The default value is 10000 ms. -Areas Configuration -------------------- +Area Configuration +------------------ .. cfgcmd:: set protocols ospf area area-type stub @@ -220,7 +224,7 @@ Areas Configuration This command sets the default cost of LSAs announced to NSSA areas. The cost range is 0 to 16777215. - + .. cfgcmd:: set protocols ospf area area-type nssa translate @@ -241,7 +245,7 @@ Areas Configuration .. cfgcmd:: set protocols ospf area authentication md5 This command specify that OSPF packets must be authenticated with MD5 HMACs - within the given area. Keying material must also be configured on a + within the given area. Keying material must also be configured on a per-interface basis. .. cfgcmd:: set protocols ospf area range [cost ] @@ -278,7 +282,7 @@ Areas Configuration **enable** – the area will be used for shortcutting every time the route that goes through it is cheaper. **disable** – this area is never used by ABR for routes shortcutting. - + .. cfgcmd:: set protocols ospf area virtual-link Provides a backbone area coherence by virtual link establishment. @@ -299,10 +303,10 @@ Areas Configuration This pseudo-network is considered to belong to a backbone area. -Interfaces Configuration ------------------------- +Interface Configuration +----------------------- -.. cfgcmd:: set interfaces ip ospf authentication +.. cfgcmd:: set interfaces ip ospf authentication plaintext-password This command sets OSPF authentication key to a simple password. After @@ -318,14 +322,14 @@ Interfaces Configuration interface. It sets OSPF authentication key to a cryptographic password. Key-id identifies secret key used to create the message digest. This ID is part of the protocol and must be consistent across routers on a link. - The key can be long up to 16 chars (larger strings will be truncated), + The key can be long up to 16 chars (larger strings will be truncated), and is associated with the given key-id. .. cfgcmd:: set interfaces ip ospf bandwidth - This command sets the interface bandwidth for cost calculations, where + This command sets the interface bandwidth for cost calculations, where bandwidth can be in range from 1 to 100000, specified in Mbits/s. - + .. cfgcmd:: set interfaces ip ospf cost This command sets link cost for the specified interface. The cost value is @@ -352,10 +356,10 @@ Interfaces Configuration This command disables check of the MTU value in the OSPF DBD packets. Thus, use of this command allows the OSPF adjacency to reach the FULL state even though there is an interface MTU mismatch between two OSPF routers. - + .. cfgcmd:: set interfaces ip ospf network - This command allows to specify the distribution type for the network + This command allows to specify the distribution type for the network connected to this interface: **broadcast** – broadcast IP addresses distribution. @@ -370,7 +374,7 @@ Interfaces Configuration highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255. - + .. cfgcmd:: set interfaces ip ospf retransmit-interval @@ -378,7 +382,7 @@ Interfaces Configuration value is used when retransmitting Database Description and Link State Request packets if acknowledge was not received. The default value is 5 seconds. The interval range is 3 to 65535. - + .. cfgcmd:: set interfaces ip ospf transmit-delay This command sets number of seconds for InfTransDelay value. It allows to @@ -406,7 +410,7 @@ the neighbors statically. device sends hello packets out of the interface before it establishes adjacency with a neighbor. The range is 1 to 65535 seconds. The default value is 60 seconds. - + .. cfgcmd:: set protocols ospf neighbor priority This command specifies the router priority value of the nonbroadcast @@ -422,16 +426,16 @@ Redistribution Configuration This command redistributes routing information from the given route source to the OSPF process. There are five modes available for route source: bgp, connected, kernel, rip, static. - + .. cfgcmd:: set protocols ospf default-metric - + This command specifies the default metric value of redistributed routes. The metric range is 0 to 16777214. .. cfgcmd:: set protocols ospf redistribute metric - This command specifies metric for redistributed routes from the given - route source. There are five modes available for route source: bgp, + This command specifies metric for redistributed routes from the given + route source. There are five modes available for route source: bgp, connected, kernel, rip, static. The metric range is 1 to 16777214. .. cfgcmd:: set protocols ospf redistribute metric-type <1|2> @@ -465,7 +469,7 @@ Operational Mode Commands .. opcmd:: show ip ospf neighbor This command displays the neighbors status. - + .. code-block:: none Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL @@ -568,13 +572,13 @@ Operational Mode Commands via 10.0.13.3, eth0 N 10.0.34.0/24 [2] area: 0.0.0.0 via 10.0.13.3, eth0 - + ============ OSPF router routing table ============= R 10.0.23.3 [1] area: 0.0.0.0, ABR via 10.0.13.3, eth0 R 10.0.34.4 [2] area: 0.0.0.0, ASBR via 10.0.13.3, eth0 - + ============ OSPF external routing table =========== N E2 172.16.0.0/24 [2/20] tag: 0 via 10.0.13.3, eth0 @@ -588,7 +592,7 @@ connected, i.e. it’s an inter-area path. In square brackets a summary metric for all links through which a path lies to this network is specified. "via" prefix defines a router-gateway, i.e. the first router on the way to the destination (next hop). -**OSPF router routing table** – includes a list of acquired routes to all +**OSPF router routing table** – includes a list of acquired routes to all accessible ABRs and ASBRs. **OSPF external routing table** – includes a list of acquired routes that are external to the OSPF process. "E" flag points to the external link metric type @@ -599,7 +603,7 @@ the "/" format. This command displays a table of paths to area boundary and autonomous system boundary routers. - + .. opcmd:: show ip ospf database This command displays a summary table with a database contents (LSA). @@ -607,51 +611,51 @@ the "/" format. .. code-block:: none OSPF Router with ID (10.0.13.1) - + Router Link States (Area 0.0.0.0) - + Link ID ADV Router Age Seq# CkSum Link count 10.0.13.1 10.0.13.1 984 0x80000005 0xd915 1 10.0.23.3 10.0.23.3 1186 0x80000008 0xfe62 2 10.0.34.4 10.0.34.4 1063 0x80000004 0x4e3f 1 - + Net Link States (Area 0.0.0.0) - + Link ID ADV Router Age Seq# CkSum 10.0.13.1 10.0.13.1 994 0x80000003 0x30bb 10.0.34.4 10.0.34.4 1188 0x80000001 0x9411 - + Summary Link States (Area 0.0.0.0) - + Link ID ADV Router Age Seq# CkSum Route 10.0.12.0 10.0.23.3 1608 0x80000001 0x6ab6 10.0.12.0/24 10.0.23.0 10.0.23.3 981 0x80000003 0xe232 10.0.23.0/24 - + AS External Link States - + Link ID ADV Router Age Seq# CkSum Route 172.16.0.0 10.0.34.4 1063 0x80000001 0xc40d E2 172.16.0.0/24 [0x0] - + .. opcmd:: show ip ospf database [A.B.C.D] [adv-router |self-originate] This command displays a database contents for a specific link advertisement type. - + The type can be the following: asbr-summary, external, network, nssa-external, opaque-area, opaque-as, opaque-link, router, summary. - + [A.B.C.D] – link-state-id. With this specified the command displays portion of the network environment that is being described by the advertisement. The value entered depends on the advertisement’s LS type. It must be entered in the form of an IP address. - + :cfgcmd:`adv-router ` – router id, which link advertisements need to be reviewed. - + :cfgcmd:`self-originate` displays only self-originated LSAs from the local - router. + router. .. code-block:: none @@ -669,7 +673,7 @@ the "/" format. LS Seq Number: 80000009 Checksum: 0xd119 Length: 36 - + Number of Links: 1 Link connected to: a Transit Network @@ -721,11 +725,15 @@ address and the node 1 sending the default route: set policy route-map CONNECT rule 10 match interface lo +************* OSPFv3 (IPv6) -############# +************* -General Configuration ---------------------- +Configuration +============= + +General +------- VyOS does not have a special command to start the OSPFv3 process. The OSPFv3 process starts when the first ospf enabled interface is configured. @@ -746,15 +754,15 @@ process starts when the first ospf enabled interface is configured. configured with the same router-ID! -Optional Configuration ----------------------- +Optional +-------- .. cfgcmd:: set protocols ospfv3 distance global This command change distance value of OSPFv3 globally. The distance range is 1 to 255. -.. cfgcmd:: set protocols ospfv3 distance ospfv3 +.. cfgcmd:: set protocols ospfv3 distance ospfv3 This command change distance value of OSPFv3. The arguments are the @@ -762,8 +770,8 @@ Optional Configuration routes respectively. The distance range is 1 to 255. -Areas Configuration -------------------- +Area Configuration +------------------ .. cfgcmd:: set protocols ospfv3 area range @@ -778,8 +786,8 @@ Areas Configuration command makes sense in ABR only. -Interfaces Configuration ------------------------- +Interface Configuration +----------------------- .. cfgcmd:: set interfaces ipv6 ospfv3 cost @@ -810,7 +818,7 @@ Interfaces Configuration Thus, use of this command allows the OSPF adjacency to reach the FULL state even though there is an interface MTU mismatch between two OSPF routers. - + .. cfgcmd:: set interfaces ipv6 ospfv3 network This command allows to specify the distribution type for the network @@ -825,7 +833,7 @@ Interfaces Configuration highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255. - + .. cfgcmd:: set interfaces ipv6 ospfv3 passive This command specifies interface as passive. Passive interface advertises @@ -839,7 +847,7 @@ Interfaces Configuration value is used when retransmitting Database Description and Link State Request packets if acknowledge was not received. The default value is 5 seconds. The interval range is 3 to 65535. - + .. cfgcmd:: set interfaces ipv6 ospfv3 transmit-delay @@ -892,7 +900,7 @@ Operational Mode Commands This command displays state and configuration of OSPF the specified interface, or all interfaces if no interface is given. Whith the argument :cfgcmd:`prefix` this command shows connected prefixes to advertise. - + .. opcmd:: show ipv6 ospfv3 route This command displays the OSPF routing table, as determined by the most @@ -902,7 +910,7 @@ Operational Mode Commands This command displays a table of paths to area boundary and autonomous system boundary routers. - + .. opcmd:: show ipv6 ospfv3 database This command displays a summary table with a database contents (LSA). @@ -947,7 +955,7 @@ A typical configuration using 2 nodes. show ipv6 ospfv3 redistribute -.. note:: You cannot easily redistribute IPv6 routes via OSPFv3 on a +.. note:: You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`. @@ -994,4 +1002,4 @@ Example configuration for WireGuard interfaces: vyos@ospf02# run sh ipv6 ospfv3 neighbor Neighbor ID Pri DeadTime State/IfState Duration I/F[State] 192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint] - + -- cgit v1.2.3 From f870e6ae93420a6f7eac202646ddc1050bcb382a Mon Sep 17 00:00:00 2001 From: sever-sever Date: Fri, 5 Feb 2021 18:01:22 +0000 Subject: bgp: Fix redistribute parameters --- docs/configuration/protocols/bgp.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 2d9c9af5..ddc7808d 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -509,22 +509,22 @@ Redistribution Configuration redistribute This command redistributes routing information from the given route source - to the BGP process. There are six modes available for route source: bgp, - connected, kernel, ospf, rip, static. + to the BGP process. There are six modes available for route source: + connected, kernel, ospf, rip, static, table. .. cfgcmd:: set protocols bgp address-family redistribute metric This command specifies metric (MED) for redistributed routes. The - metric range is 0 to 4294967295. There are six modes available for - route source: bgp, connected, kernel, ospf, rip, static. + metric range is 0 to 4294967295. There are six modes available for + route source: connected, kernel, ospf, rip, static, table. .. cfgcmd:: set protocols bgp address-family redistribute route-map This command allows to use route map to filter redistributed routes. - There are six modes available for route source: bgp, connected, kernel, - ospf, rip, static. + There are six modes available for route source: connected, kernel, + ospf, rip, static, table. General Configuration -- cgit v1.2.3 From b5ca65f38f01c8ffd1575c0bb171bca45571d5e4 Mon Sep 17 00:00:00 2001 From: Cheeze-It <16260577+Cheeze-It@users.noreply.github.com> Date: Sun, 24 Jan 2021 11:40:08 -0700 Subject: bgp: T1875: Add BGP allow range command documentation (#431) This is a documentation addition for the allow range command within BGP, as well as the associated limit command as well. There was a few spelling mistakes that were fixed too, but not anything big. Co-authored-by: Cheeze_It --- docs/configuration/protocols/bgp.rst | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst index 2d9c9af5..caac6714 100644 --- a/docs/configuration/protocols/bgp.rst +++ b/docs/configuration/protocols/bgp.rst @@ -553,11 +553,11 @@ Common parametrs .. cfgcmd:: set protocols bgp parameters log-neighbor-changes - Tis command enable logging neighbor up/down changes and reset reason. + This command enable logging neighbor up/down changes and reset reason. .. cfgcmd:: set protocols bgp parameters no-client-to-client-reflection - Tis command disables route reflection between route reflector clients. + This command disables route reflection between route reflector clients. By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, route reflection is not required. @@ -566,8 +566,25 @@ Common parametrs .. cfgcmd:: set protocols bgp parameters no-fast-external-failover - Disable immediate sesison reset if peer's connected link goes down. + Disable immediate session reset if peer's connected link goes down. +.. cfgcmd:: set protocols bgp listen range peer-group + + This command is useful if one desires to loosen the requirement for BGP + to have strictly defined neighbors. Specifically what is allowed is for + the local router to listen to a range of IPv4 or IPv6 addresses defined + by a prefix and to accept BGP open messages. When a TCP connection + (and subsequently a BGP open message) from within this range tries to + connect the local router then the local router will respond and connect + with the parameters that are defined within the peer group. One must define + a peer-group for each range that is listed. If no peer-group is defined + then an error will keep you from committing the configuration. + +.. cfgcmd:: set protocols bgp listen limit + + This command goes hand in hand with the listen range command to limit the + amount of BGP neighbors that are allowed to connect to the local router. + The limit range is 1 to 5000. Administrative Distance ^^^^^^^^^^^^^^^^^^^^^^^ -- cgit v1.2.3 From c2ebc4a3c9cf5fd240357054288a1da7b827dc5a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 30 Jan 2021 13:35:32 +0100 Subject: ospf: T3267: move "interface ip ospf" CLI nodes to "protocols ospf" tree --- docs/configuration/protocols/ospf.rst | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 2c098714..41ab7cac 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -306,7 +306,7 @@ Area Configuration Interface Configuration ----------------------- -.. cfgcmd:: set interfaces ip ospf authentication +.. cfgcmd:: set protocols ospf interface authentication plaintext-password This command sets OSPF authentication key to a simple password. After @@ -315,7 +315,7 @@ Interface Configuration Simple text password authentication is insecure and deprecated in favour of MD5 HMAC authentication. -.. cfgcmd:: set interfaces ip ospf authentication md5 +.. cfgcmd:: set protocols ospf interface authentication md5 key-id md5-key This command specifys that MD5 HMAC authentication must be used on this @@ -325,25 +325,25 @@ Interface Configuration The key can be long up to 16 chars (larger strings will be truncated), and is associated with the given key-id. -.. cfgcmd:: set interfaces ip ospf bandwidth +.. cfgcmd:: set protocols ospf interface bandwidth This command sets the interface bandwidth for cost calculations, where bandwidth can be in range from 1 to 100000, specified in Mbits/s. -.. cfgcmd:: set interfaces ip ospf cost +.. cfgcmd:: set protocols ospf interface cost This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535. -.. cfgcmd:: set interfaces ip ospf dead-interval +.. cfgcmd:: set protocols ospf interface dead-interval Set number of seconds for router Dead Interval timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network. The default value is 40 seconds. The interval range is 1 to 65535. -.. cfgcmd:: set interfaces ip ospf hello-interval +.. cfgcmd:: set protocols ospf interface hello-interval Set number of seconds for Hello Interval timer value. Setting this value, Hello packet will be sent every timer value seconds on the specified @@ -351,13 +351,18 @@ Interface Configuration common network. The default value is 10 seconds. The interval range is 1 to 65535. -.. cfgcmd:: set interfaces ip ospf mtu-ignore +.. cfgcmd:: set protocols ospf interface bfd + + This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on + this OSPF link interface. + +.. cfgcmd:: set protocols ospf interface mtu-ignore This command disables check of the MTU value in the OSPF DBD packets. Thus, use of this command allows the OSPF adjacency to reach the FULL state even though there is an interface MTU mismatch between two OSPF routers. -.. cfgcmd:: set interfaces ip ospf network +.. cfgcmd:: set protocols ospf interface network This command allows to specify the distribution type for the network connected to this interface: @@ -368,14 +373,14 @@ Interface Configuration networks. **point-to-point** – address distribution in point-to-point networks. -.. cfgcmd:: set interfaces ip ospf priority +.. cfgcmd:: set protocols ospf interface priority This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255. -.. cfgcmd:: set interfaces ip ospf retransmit-interval +.. cfgcmd:: set protocols ospf interface retransmit-interval This command sets number of seconds for RxmtInterval timer value. This @@ -383,7 +388,7 @@ Interface Configuration Request packets if acknowledge was not received. The default value is 5 seconds. The interval range is 3 to 65535. -.. cfgcmd:: set interfaces ip ospf transmit-delay +.. cfgcmd:: set protocols ospf interface transmit-delay This command sets number of seconds for InfTransDelay value. It allows to set and adjust for each interface the delay interval before starting the -- cgit v1.2.3 From 7fb7ae40f4b8546e34e43269e93d51edd3b25cd4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 2 Feb 2021 23:08:33 +0100 Subject: ospf: add hello-multiplier --- docs/configuration/protocols/ospf.rst | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'docs/configuration/protocols') diff --git a/docs/configuration/protocols/ospf.rst b/docs/configuration/protocols/ospf.rst index 41ab7cac..e1957cec 100644 --- a/docs/configuration/protocols/ospf.rst +++ b/docs/configuration/protocols/ospf.rst @@ -343,6 +343,15 @@ Interface Configuration attached to a common network. The default value is 40 seconds. The interval range is 1 to 65535. +.. cfgcmd:: set protocols ospf interface hello-multiplier + + The hello-multiplier specifies how many Hellos to send per second, from 1 + (every second) to 10 (every 100ms). Thus one can have 1s convergence time + for OSPF. If this form is specified, then the hello-interval advertised in + Hello packets is set to 0 and the hello-interval on received Hello packets + is not checked, thus the hello-multiplier need NOT be the same across + multiple routers on a common link. + .. cfgcmd:: set protocols ospf interface hello-interval Set number of seconds for Hello Interval timer value. Setting this value, -- cgit v1.2.3 From 0ae01b4a1c6e6376b2db498618c65801a809e826 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 5 Feb 2021 22:53:53 +0100 Subject: vrf: static: T2450: adjust to new CLI syntax --- docs/configexamples/azure-vpn-bgp.rst | 2 +- docs/configexamples/azure-vpn-dual-bgp.rst | 4 ++-- .../dhcp-relay-through-gre-bridge.rst | 4 ++-- docs/configexamples/tunnelbroker-ipv6.rst | 2 +- docs/configuration/interfaces/openvpn.rst | 6 ++--- docs/configuration/interfaces/pppoe.rst | 4 ++-- docs/configuration/interfaces/wireguard.rst | 4 ++-- docs/configuration/protocols/static.rst | 12 +++++----- docs/configuration/vrf/index.rst | 28 +++++++++++----------- 9 files changed, 33 insertions(+), 33 deletions(-) (limited to 'docs/configuration/protocols') diff --git a/docs/configexamples/azure-vpn-bgp.rst b/docs/configexamples/azure-vpn-bgp.rst index 265e28c7..1d61b3b8 100644 --- a/docs/configexamples/azure-vpn-bgp.rst +++ b/docs/configexamples/azure-vpn-bgp.rst @@ -114,7 +114,7 @@ Vyos configuration .. code-block:: none - set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1 + set protocols static route 10.0.0.4/32 interface vti1 - Configure your BGP settings diff --git a/docs/configexamples/azure-vpn-dual-bgp.rst b/docs/configexamples/azure-vpn-dual-bgp.rst index 13d4b5a2..0a48156c 100644 --- a/docs/configexamples/azure-vpn-dual-bgp.rst +++ b/docs/configexamples/azure-vpn-dual-bgp.rst @@ -129,8 +129,8 @@ Vyos configuration .. code-block:: none - set protocols static interface-route 10.0.0.4/32 next-hop-interface vti1 - set protocols static interface-route 10.0.0.5/32 next-hop-interface vti2 + set protocols static route 10.0.0.4/32 interface vti1 + set protocols static route 10.0.0.5/32 interface vti2 - Configure your BGP settings diff --git a/docs/configexamples/dhcp-relay-through-gre-bridge.rst b/docs/configexamples/dhcp-relay-through-gre-bridge.rst index 0db5fa0a..afa4d854 100644 --- a/docs/configexamples/dhcp-relay-through-gre-bridge.rst +++ b/docs/configexamples/dhcp-relay-through-gre-bridge.rst @@ -29,7 +29,7 @@ DHCP Server set protocols ospf area 0 network '192.168.3.0/24' set protocols ospf area 0 network '10.0.2.0/24' set protocols ospf parameters router-id '192.168.3.3' - set protocols static interface-route 10.0.1.2/32 next-hop-interface tun100 + set protocols static route 10.0.1.2/32 interface tun100 set service dhcp-server shared-network-name asdf authoritative set service dhcp-server shared-network-name asdf subnet 192.168.3.0/24 range 0 start '192.168.3.30' set service dhcp-server shared-network-name asdf subnet 192.168.3.0/24 range 0 stop '192.168.3.40' @@ -70,7 +70,7 @@ DHCP Relay set protocols ospf area 0 network '192.168.0.0/24' set protocols ospf area 0 network '10.100.100.0/24' set protocols ospf parameters router-id '10.100.100.1' - set protocols static interface-route 192.168.3.3/32 next-hop-interface tun100 + set protocols static route 192.168.3.3/32 interface tun100 set service dhcp-relay interface 'eth0' set service dhcp-relay interface 'tun100' set service dhcp-relay server '192.168.3.3' diff --git a/docs/configexamples/tunnelbroker-ipv6.rst b/docs/configexamples/tunnelbroker-ipv6.rst index b6f1cc07..1df814dc 100644 --- a/docs/configexamples/tunnelbroker-ipv6.rst +++ b/docs/configexamples/tunnelbroker-ipv6.rst @@ -35,7 +35,7 @@ tunnel information page. set interfaces tunnel tun0 mtu '1472' set interfaces tunnel tun0 multicast 'disable' set interfaces tunnel tun0 remote-ip Server_IPv4_from_Tunnelbroker # This is the IP of the Tunnelbroker server - set protocols static interface-route6 ::/0 next-hop-interface tun0 # Tell all traffic to go over this tunnel + set protocols static route6 ::/0 interface tun0 # Tell all traffic to go over this tunnel commit If your WAN connection is over PPPoE, you may need to set the MTU on the above diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 2c273b34..8b32743f 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -159,13 +159,13 @@ Local Configuration: .. code-block:: none - set protocols static interface-route 10.1.0.0/16 next-hop-interface vtun1 + set protocols static route 10.1.0.0/16 interface vtun1 Remote Configuration: .. code-block:: none - set protocols static interface-route 10.0.0.0/16 next-hop-interface vtun1 + set protocols static route 10.0.0.0/16 interface vtun1 Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and function identically to ethernet interfaces. @@ -253,7 +253,7 @@ internally, so we need to create a route to the 10.23.0.0/20 network ourselves: .. code-block:: none - set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10 + set protocols static route 10.23.0.0/20 interface vtun10 Generate X.509 Certificate and Keys ----------------------------------- diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index 0fdbba42..1bbccc0c 100644 --- a/docs/configuration/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -130,7 +130,7 @@ PPPoE options .. note:: In all modes except 'none', all default routes using this interface will be removed when the interface is torn down - even manually installed - static interface-routes. + static routes. .. cfgcmd:: set interfaces pppoe idle-timeout